{"report_id":"343e252e-4154-4068-8530-9e13e1a0107e","version":6,"status":"done","tags":[],"date":"2026-04-05T09:40:08Z","url":{"schema":"http","addr":"always.gbhqubok.me/","fqdn":"always.gbhqubok.me","domain":"gbhqubok.me","tld":"me"},"ip":{"addr":"154.207.127.62","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"title":"每日大赛 - 实时吃瓜爆料平台 | 黑料每日更新 | 网红翻车事件最新资讯 | 娱乐八卦","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"always.gbhqubok.me/","fqdn":"always.gbhqubok.me","domain":"gbhqubok.me","tld":"me"},"ip":{"addr":"154.207.127.62","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T09:40:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"always.gbhqubok.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"www.mrds66.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"pic.lfvjpw.cn","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2025-06-18","domain_rank":0,"first_seen":"2026-04-04T13:26:51.706474Z","last_seen":"2026-04-04T13:26:51.706474Z","alert_count":51,"request_count":51,"received_data":14843460,"sent_data":23802,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2026-03-29T22:39:16.612532Z","alert_count":0,"request_count":1,"received_data":830,"sent_data":1156,"comment":"","tags":null,"fingerprints":null},{"fqdn":"always.gbhqubok.me","ip":{"addr":"154.207.77.151","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-07-03","domain_rank":0,"first_seen":"2026-04-05T09:40:16.877465Z","last_seen":"2026-04-05T09:40:16.877465Z","alert_count":1,"request_count":1,"received_data":198689,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.mrds66.com","ip":{"addr":"52.84.50.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2024-01-25","domain_rank":127408,"first_seen":"2024-02-23T17:28:10Z","last_seen":"2026-04-04T22:49:28.976351Z","alert_count":1,"request_count":1,"received_data":4776,"sent_data":400,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-29T22:23:59.734728Z","alert_count":0,"request_count":1,"received_data":471136,"sent_data":525,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2026-03-29T22:38:33.043374Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":658,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ap.dc-report.cc","ip":{"addr":"13.251.76.74","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"domain_registered":"2025-12-07","domain_rank":0,"first_seen":"2025-12-23T07:41:17.432845Z","last_seen":"2026-04-02T07:32:54.51103Z","alert_count":0,"request_count":1,"received_data":292,"sent_data":453,"comment":"","tags":null,"fingerprints":null},{"fqdn":"always.tctirbur.com","ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2026-04-01","domain_rank":0,"first_seen":"2026-04-05T09:40:16.881583Z","last_seen":"2026-04-05T09:40:16.881583Z","alert_count":0,"request_count":45,"received_data":4352745,"sent_data":21436,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Parsley.js","description":"Javascript forms validation script.","website":"https://parsleyjs.org","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Clipboard.js:2.0","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"75cabaa694772e45b2ee3d32608818ba","sha1":"5b7147b6b284896fdfd65020075e439ae00c4b02","sha256":"cdf91797af06c3d3ac64af3fbd511a25069729174cb1bf72a7fdc44fae38a20f","sha512":"d155d8e3e8b92461563b52e1031029d977b9047f405e874a0616a317d394bdcaab45303cc98e9e78eafcf7aa8455318edee51115daaea4f213f0e7725e221f24","ssdeep":"","tlshash":"d5c08ca780001213157bc022488631e00eb3199b04900859ca32efc2a0b4c6c090ecac","size":146,"data":"","first_seen":"2023-03-13T16:33:50Z","last_seen":"2026-04-05T17:08:33.680207Z","times_seen":13417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"28f264a467771117bf2935471481fad0","sha1":"17ae6fef7d8f698a51b6fb8145331f7deeb50cd7","sha256":"fc00bc4203d5684e02fcc7e1d145bcdfa318aa408d2ea1dfa05eb88802db2d3f","sha512":"76641e56c905f3a5e2b3e7fd9e8e78afd1db01346ac13735ffb897374a27df5150895445643207bcf65685a535487b8f9888d8d560432c8eea6ae339c440340f","ssdeep":"","tlshash":"9f11203623594cc20ee4b5d37b8b689d6d206100022ab4b8e946cd91ced9ec4012bff5","size":1107,"data":"","first_seen":"2023-03-13T16:33:50Z","last_seen":"2026-04-05T17:05:45.008576Z","times_seen":18483,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1a7f8805bfaf711f28437f8ab936ca9","sha1":"6f6d4f865195ee84d2cb4349f785ac3e2529decb","sha256":"1c47e66880af5210a71b11dae6f3b7fd15259b6ca025b933604e17850d06d774","sha512":"20aebba0ad67acc54c70b1f7d703fbf3538dabef5b0de519cb75baaadc117eddd3dbb475a669bf0a2b049ed2d54c55110c79c950e1c5ef934947dabc2da0ae60","ssdeep":"","tlshash":"a201241dbae31458b61337389b3f4389787015032428db88f84ce681af60c2594feaf9","size":683,"data":"","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.703551Z","times_seen":25416,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"209d4f7eca3bfd7087914fd5b978cbe2","sha1":"d9c62907900144a0780887c9f4a33abec46b7086","sha256":"a80086e1812094ae9561b201daf351cc4d86769e5133d23b63d15da23cf5bc96","sha512":"c8287ba5bfc11e98ff2ba49555206dccd7674ce8925e807f7fbbb0767658c1afa5978d44a7aa9f1efc5b2a7a3bed0fb911e619da829d0d12091fd55eb0f1dbea","ssdeep":"","tlshash":"674111694d06d22566451038ad0fe74127ca9367bc4cf701f2ecda486faea2ce4b9ce0","size":2016,"data":"","first_seen":"2026-03-30T17:27:30.677651Z","last_seen":"2026-04-05T17:19:28.199485Z","times_seen":482,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"78e0fb49bb7a7d1f1552389ddeb54876","sha1":"0551042565108a2694a2ac7a04a022f4d077447e","sha256":"079b66b04f8796dfa1ebe0bdeb4275a9decc2cd42b186b1716afc35114d010bd","sha512":"3b611d66729e8286659f9fe3ff911eea2b480d67b12bdabc5d580bc73ada1e2b0785c2881f459bc445a034bed1d8340b5b5e21cf2b8a05c9de6360af6f8174fb","ssdeep":"","tlshash":"5a9004d533d35010475313dc01775ccc503444f114544dd04050f4755c55031d3d5c5c","size":43,"data":"","first_seen":"2025-11-12T04:33:15.855922Z","last_seen":"2026-04-05T17:02:33.332018Z","times_seen":10389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e50ebfcefd6cb362885dc70437b0b101","sha1":"e6e5d4b64aac6e38387e236b4b02315fe29fab79","sha256":"f1f9bf4ad7f37b1525d117e49369dc6d7116efca1c61f2de3c9b2b837bad2d2b","sha512":"0ff4be125d40b9d058327b4a9878a0a340609b5bfddf9134d12f57e8efa05b2ce3625f97ea0c16e574b3fef4602d377552a5bb5c1e2ec49a66a1b96f3b70d7d6","ssdeep":"","tlshash":"cbc0929c80e3e080a55a2229729e838929f2800b2a96e72bbe1c81486f0059e45385b0","size":144,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:00:52.705658Z","times_seen":25390,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ac488c42fb454e318d88e41defc3e169","sha1":"5ab841e575f9aea3c1a19e1b238a79c04fc53d0a","sha256":"34b935c0b21d1913513cd4cb25beb72fcb1506c4309fb617b67695a58ce977a0","sha512":"094bd67294ac2b944020d27d55ed475528d2f8eb6853e8e3be2af5a2b24050701e42b9c39d06f2c30e259f67922b65572e18e3c8e6228557d2853c6fdaae3623","ssdeep":"192:UDKhafGfAG/QN8QgVa5yvpLkq4mDycdJH06y7zQ/0evRJbVhZ8WRqh9fd5gMlpJm:Uehm1ERBzhSb9p8","tlshash":"20220e0c9ef35079b127303e5b7f524872799113520ccf153e5ce290af60966aababf8","size":10550,"data":"","first_seen":"2025-12-10T12:39:10.992835Z","last_seen":"2026-04-05T15:42:27.974522Z","times_seen":2063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bc102016899b24c77e9c95a22f063c13","sha1":"8c020ef51e507f0af8d6fd4bcad8c9457a4dfc6c","sha256":"3913329daf0872fefe111917f6584d602e95744e75d57208243f4698ec1f93c0","sha512":"226679eb8092047ba6fc32939662ee86baf76f91fed7f3b72407ae24cd1f004106edfddddfade06562cc52abd1133312c074eae7e9cb5063b6345a1c50ed945f","ssdeep":"","tlshash":"dd900202882b1dd82ca00009817d3c88f381299b01f0d4082804f056ce9008e0a081d0","size":55,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:19:28.201623Z","times_seen":11504,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f644ded6bfc5d620f0c03a6978e7921","sha1":"3b83566660b779a041666866b7c81a28959ff40a","sha256":"003ca60c4cf5c0c65a3a2349a9ec7031584bbfb841829c5802b07bce41bcda61","sha512":"bf86cd65413307310fa5915f31d655c5630128345318effaba6d91f1b534fba5dd8b7cdcff7bba38781544fef2b36182ccf52b6dedde1b5713464606b318e023","ssdeep":"","tlshash":"5bf05005d0d386ebd9bb3b1216c74b843ba2698b7ec67f22719cd7499f004ec5478ac0","size":607,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:00:52.707276Z","times_seen":24946,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"36c5b99772d821752789e963ed9a3023","sha1":"602e8f9dca590d4922a2905a000dd0ff649574d8","sha256":"5f4794b8ef7384a1ba2983d8e1765f152d17a43dc479c4369903ce50b7c82e70","sha512":"bc1ddb43c233e304b61677916cffb54fa84b1eb41584f00fc05fc8d200092fdbcbd6b147bbeeaf9bb378bf2def24525fbe150ed36a64d50479e5fd6c08a64e72","ssdeep":"","tlshash":"0f1168cdc853067c166b0acb1ee306c82352a58be446c22732edd74e9fc42d458397c0","size":966,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:00:52.708855Z","times_seen":23121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d829d81d2d148a0a3fe68ad0cd0d9fbf","sha1":"1f646fa03f4a87148d5d39ce98107441c245b6d7","sha256":"f54fb0fd766ead887194b0688d3021d2d0a554144f2336622596b58911b336fa","sha512":"1ba40a145f8ab0499bb38439a21f23b84694d1b5063f12547cd75e139cecba4d6e5b171bda8fc75f774db622b778ef3bc95c1a931340183484402705a6fdfcee","ssdeep":"","tlshash":"42d08c308771f420c42b0947e733138a30c2420b5644c00bf36ce48c2f18e823aa84f2","size":222,"data":"","first_seen":"2025-07-03T15:28:00.068764Z","last_seen":"2026-04-05T15:42:27.98375Z","times_seen":2638,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e28d6f9be307267e62e17d5a0c56aa80","sha1":"85f2591d2f92929941c7d45c9f493f1a5e428890","sha256":"d7ef8b69ba83779c2a0a1e09a7c253a134f054c6eeed5c5d3ddcdb549d4cddf6","sha512":"2518c6d112cb52e984d3e20a1bf56f59019a29707835620cfd01637a36889a08bec6fb228cadd82440747d2b0fc2d575bd28e7068934b3fad3e29b3197006718","ssdeep":"","tlshash":"12f0c2310a26a439416a938b42b58bc98c52140f6c07740a322c07d89f4cd7e9162c76","size":559,"data":"","first_seen":"2026-04-04T22:24:48.669419Z","last_seen":"2026-04-05T15:42:27.988519Z","times_seen":173,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/7.10.0/tjtag.1.0.0.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f201cf0a95ccf9a7f24e5060d5586dc","sha1":"4c658c6517399855f5aa34d3bf8abacd04f26a9b","sha256":"fca8e92f6c10174eb14ac3df1723dc2b543d812e345f48b8c8617b45a7ece81f","sha512":"767dfb492cb39d6820ebe80154d22992f6f13fac2aa879510d4b3cc8ad320d0377122e8bacc899dc6d0ac421be619ae0b55cdd5765f322038b3a247b7862cc8c","ssdeep":"768:YN2i27QPT3K48N415SVHjv1ziclmTvActHDIJDDFzDBBq8aWI/0qX0qIS+zQDFoa:Y8d4k4HWbUxntjgHLy0ERRm/pB2jJ","tlshash":"3543e7cf23d6b0aa49ab23b3761b31f5c6346c8c704c8658f108fd6af9e869ce155764","size":60093,"data":"","first_seen":"2025-12-11T23:03:23.605496Z","last_seen":"2026-04-05T16:55:57.830595Z","times_seen":19683,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T16:50:32.425922Z","times_seen":264778,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"136705d94855dd63ebea84ca4a0f5d9c","sha1":"97fe6cdb31ccf729f134c86926b81624e613d2a3","sha256":"8e67956591985f7fe154fc7b6a12dd52d3c634b3fdea354b0c0071f2c215ec3c","sha512":"0d2a8d1a490bba1c7ec351891e0e80b4398d2b2bcbea37f49a6df2d283f13aec431682509d2363ccfde4b8e0a7db42d3e7aee27013ccd0aa4f73578e01ebae42","ssdeep":"","tlshash":"7bf0c2350a10e03a62af928741b543d9cc55380b2c05e08a332c47d82f4cdae2272c65","size":560,"data":"","first_seen":"2026-04-04T22:24:48.671282Z","last_seen":"2026-04-05T15:42:27.992553Z","times_seen":172,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c7dceed2d2f7a2fe759eb130558fbabe","sha1":"84c74aad19f8ce45e6d5887de63ee0da4b6f9c90","sha256":"19e410d4d170a88e28fcfe61895966300e06ea7422196184f3afb8a604b74efb","sha512":"c9298ca7f7e69344950180ef58bbc621438293a95e793ce5722f3c559129b6256eeef583457603ba163a07dd7fb9d1f4bab4f23a3eaa6b5bdc5af4e10ca5105a","ssdeep":"","tlshash":"38f086251755807ab55b838b517507c6a869384f2805b04a332c078c5f48dbdb632957","size":583,"data":"","first_seen":"2026-04-04T22:24:48.673112Z","last_seen":"2026-04-05T15:42:27.994586Z","times_seen":172,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ccf97b9b70e7616dfb1866256633141b","sha1":"fa5c44b0a55486a5e1ef7483ab384e4811b07de6","sha256":"e9a4dc0690812309108d82ccdeebfff5a6a3448fe85b6a01cc050d9c40ef8122","sha512":"844fe6db4dffd8960c8621a2987fab51017725f1e2e749cbc91b60461acfc3b8772b49e1dd1aff85ef8119a7f86cbec4dfb150783330bccddff28878f40bba8e","ssdeep":"","tlshash":"9af0c27a0a11a47d876a528741b903ea8c5a248b2c07618e332c07dd1f5cd6e2332c65","size":559,"data":"","first_seen":"2026-04-04T22:24:48.674927Z","last_seen":"2026-04-05T15:42:27.996251Z","times_seen":171,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a728771c7a10985ff97dd680e955131d","sha1":"c25de5c46f3115625401a54c242f710c872da962","sha256":"27b2b0552ce25dccca5095006ea607289e7ded7ef1faaa143e6ee4f1cd94e11f","sha512":"22e5bef38964293a087d4c853ccfb186d4578edb882326978b60576d0b7367a0591894846bbe0a9103553c8d441bd994000efa7fe5a3a0b2bb9f09dddf073c43","ssdeep":"","tlshash":"dcf07d36069188bd052bc2cb613403c6dca1780f3c41b48a733d078c0f48dbe6131c65","size":586,"data":"","first_seen":"2026-04-04T22:24:48.676613Z","last_seen":"2026-04-05T15:42:27.997665Z","times_seen":170,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"acb39dbedc294d49fcaa5a696e6acd93","sha1":"9b48620a2e1a1dec436ff7ba274aec90d9a50bfc","sha256":"1687ef4a07f14df35d8754b63e32a26c5fb1e80e2e05fdbe16434cafc73e49b3","sha512":"f8cd6933e78de2773257ace950a5d7da4fc13522d81b766a5018f3d37df8f51458520cb08095b7895a2253ca149c6be2bd5635ce8af647fa16e06a02003b9ad3","ssdeep":"","tlshash":"8df0c23a0e65807d424b428b42b607dadc52144b7c4a70ce322c17e85f4cdae1372c66","size":559,"data":"","first_seen":"2026-04-04T22:24:48.678216Z","last_seen":"2026-04-05T15:42:27.999536Z","times_seen":170,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"cb368af8265bb071aaa969fcc2d64312","sha1":"0e79aef223efabfcd29b51f5b1cf605f899205da","sha256":"a969b750bf60f60a597f8575415e565c2d5d23915dc6acc36aaf66292cfb5c1c","sha512":"56c9907496387c3530352bb9d5a316aa3795f1ff8ca7efae7c4afb20f80315d3e99ed2dc437fd51aed4f8f7f53d937f24e0a42fb928192a3e83848a5455f429c","ssdeep":"","tlshash":"38f02675071c903b162b828f023903cabc51280f3c01700e33ac07c82f48dae5120861","size":586,"data":"","first_seen":"2026-04-04T22:24:48.679734Z","last_seen":"2026-04-05T15:42:28.001294Z","times_seen":170,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/tbxw/js/zzz.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"608acb49e5cb07ed143c6df07395a2f7","sha1":"718bc7272c44300a8a42f29974270d830f0846b5","sha256":"7f1e6f8b1022efb99bd53e2a5e7498c282b6192daed72ecb8a40b52fb6c40acf","sha512":"5156687864c232abb69306958fd6b5d5fb68cd0658b622dd36d97be1b36574a981fcddebb065d70fddde7b1f004be05fce5388b039ab9b460477dc17cabf72e8","ssdeep":"","tlshash":"3611af09ad12f04513b250a9933fa50b7026643f535c83707360cdf868f508f4216eba","size":1000,"data":"","first_seen":"2023-05-24T12:18:44Z","last_seen":"2026-04-05T16:55:55.657381Z","times_seen":3364,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8edab525906530079af9a5b017f66402","sha1":"9b344855afa517da68a5a5b6e14ec452b14e28cd","sha256":"4bc02a4f6017dff09c019621ddeb8737b494d6935db136e7d1d5e05c64ba920a","sha512":"65d74129269193f544bd8a79eb3faba9152a6813b87ded1a63dba088dc943c25a355738e09244ca11029cd1898b4eaabb1cdd69e3e2c4d9e8ca8328f635a5076","ssdeep":"","tlshash":"3bf012a60a119479427b438f51f647dadc52148b6d0a748e321c17d81f5cdaf5372ca5","size":560,"data":"","first_seen":"2026-04-04T22:24:48.682086Z","last_seen":"2026-04-05T15:42:28.002763Z","times_seen":168,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/assets/DPlayer.min.js?v=3","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d4c06fcdaf7eff11abe92dfc672cd32","sha1":"9ea7452a7e254d629a5b8228cac7f50963634b6c","sha256":"b56e3355bd9f367512b1b1280f3dad089ba306c0d43eca22793d52f9e9d0e074","sha512":"dbc8ccb227033be3fda38dce4a421198c9461630610f1a4ac31a9ca9868884fe8b4ee7a468d46dd105dbf1f726f90537bb1d95c2f2e0a45363f4d6614dc232e3","ssdeep":"","tlshash":"6c11571208888436024260d0874d9f0f7eb2633684995b53b3aeabec5b9ac5dcc2b462","size":1000,"data":"","first_seen":"2025-04-13T03:23:15.029327Z","last_seen":"2026-04-05T17:17:22.644588Z","times_seen":5766,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/layui/layui.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"70ed0e8151d23de969de514bfd802a56","sha1":"569e6c1b0ac0b8efaa7dc0015b691334947a9665","sha256":"92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95","sha512":"947eeb19fb055b07a191ec89625941abbdc8b2247b447dbec2e3958ebd3aabc34ac07a79c559e4752bd49bc44db77d500913aab4fae300077556e347d084b1a9","ssdeep":"3072:tVo+F//NOM0SF0Mz0pZN6TPKWjZIpYCrYtJ+8CZrcNBf4XcIiOb9:Xo+FdO3SF0Mz0Z6TfIpPS+8grcNBQcIZ","tlshash":"02543a9d758574b3237360a6406f990eb17b093daa0a8060f166d4fa2dbdc885237f7f","size":291286,"data":"","first_seen":"2023-03-07T12:09:26Z","last_seen":"2026-04-05T17:00:52.631562Z","times_seen":26604,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f25eb5502ff6628d6522ff1e74feb3db","sha1":"9004b5db66b0f69355d18ceb776c15c53de769cb","sha256":"ce04b51588f8ef870f6ef149035568f3c27d63fabfa4805220d83970a69ddb4b","sha512":"60c442fb1f36e02178259a5bdccb57896e27c178fd0d2ccae0ab41006a3950ad705f5fa779eabb2cb1f8fc852f1cd97463d5b39eac4fa6e7fab87b06b33b5936","ssdeep":"","tlshash":"8ef026620aa48439611b8387c97403c5cc51280f6802f00b332c078d0fc8e6e2621d15","size":586,"data":"","first_seen":"2026-04-04T22:24:48.683737Z","last_seen":"2026-04-05T15:42:28.004571Z","times_seen":167,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/vant.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"48c71ec4ea36fdd75033bbb278a861f3","sha1":"b47d16bde5c94e468ef249bd2126b846a39afe73","sha256":"0b18e273bc785dd0e5cc43218ee879bce10461fdf3b1274a1f2c8962aaecb49a","sha512":"bd3e587cf0fa0c2d777e1918b2067a2a2cce648996ea7e490098d609b20bacec6c2fb6dbe682ac1e212eafe2c1e33364a8cde40439ab6d24638b9b23b69489a1","ssdeep":"6144:XEB3BhYNbHp+fvbtgMAgMgQ8dOq11tUxLEm+Om0RbU:XEBIHpevogQ8dOw1sEam0R4","tlshash":"d23439a0f685f42547b790e6507a0610e1290b48f009d1e0f57ded8e2aede94b6bef7c","size":242670,"data":"","first_seen":"2024-08-02T14:48:31Z","last_seen":"2026-04-05T16:55:02.569411Z","times_seen":25956,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"74f9ac0628afd7a350de7a0ab074b6dc","sha1":"402b77956aefb82c7d5f3605ab7279669ac722eb","sha256":"354d04af8b37a1e5024226598879027e3d11857fff19fb3ccddfa1538620e84b","sha512":"2b0c3a2d4e5dac52143ae26e5f15eb4ae54f15abe5d10b6ff1c95d57f3c5a8f012e9b40854924b7331940c7babc4ea8a77a33e5b8484ec317ea52beeb7f0cd6a","ssdeep":"","tlshash":"ddf0c2660a10d03d43ab868b52b607ca8d52244b6c06648a731c07d85f4ceaf2372d65","size":560,"data":"","first_seen":"2026-04-04T22:24:48.68554Z","last_seen":"2026-04-05T15:42:28.0061Z","times_seen":166,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8e17f0c95c8fd318a1e8ab1af5ebe7b5","sha1":"2529eaae5ad54c2ba7a8fa935212b9f6688c3e99","sha256":"f09bf39bba82736a09c52ef9744973ae13d59b508cdd648392e1514d834881f6","sha512":"fa1c8917b52de93097462619e5904aa2570387a525db6672686c405b6600b14a988fe9e44698b61b04acb2842c075acd6b900970c58694b71888b2ebe6e48d07","ssdeep":"","tlshash":"ddf026310a219079115b82db916513cbec71380f7805b10b332d0b8c4f88d7e5121929","size":586,"data":"","first_seen":"2026-04-04T22:24:48.689292Z","last_seen":"2026-04-05T15:42:28.009538Z","times_seen":166,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e4bb7b9f77797821fe9a72d3d69dd40e","sha1":"da5f0a2a3e1eac86ee7269f8db9d37f9db71d680","sha256":"b1a7859423f61e0d21a9198d939d48f7e7476c88222656f61b9b47c0ac36a466","sha512":"d5b9abcb4278123792d713c7cdf9fbde3d60566773e3eefe546b1b3cf9620b6933cb2584019621d78bdc6e5e42bbbef342c69741836501d90ff08bc9bc579aca","ssdeep":"","tlshash":"26f0c2230a3194b9455b838741b683dbdd51144b3c0a680e731c07d92f4cdaf9262d65","size":560,"data":"","first_seen":"2026-04-04T22:49:33.882865Z","last_seen":"2026-04-05T15:42:28.01056Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c53366215e1b910a74aa509f8de4fdd","sha1":"2da229e8e8506268805890880d5d5b500e3ce657","sha256":"95d89d152f0566e10a843f4599f55ea83c575457a670dc99f6f2635dbfda0c6f","sha512":"09352fa7d16ec07b2ad839c66e6b0de3fb3159d2b0d952ae963321c82bd48b36e11b89bd587e94ff34483245ede21078fa0715de3d9ba54d09628619695d9da0","ssdeep":"","tlshash":"2df02621066080391017c2cb127663c9bc6128af3c02f50a331c07ac4f88dad21a0c57","size":586,"data":"","first_seen":"2026-04-04T22:49:33.883688Z","last_seen":"2026-04-05T15:42:28.020144Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4f64bc072166f1b3c20f07fe9f71ffb0","sha1":"d1e0a1d7a47d81d0c236f3e111c929f5cf445b63","sha256":"f54ed685203d293575dc5515d8d707d9d0980ed32a528eaa7210f1843fbcc1fc","sha512":"3c935731f7415ae65dccdc994e9e5bd1c79a9cee988b2702eca2e6466a42cf0744faaf9948c79f866d19d221a3831b4f09c1f9137b78d9ce6255152cd1354779","ssdeep":"","tlshash":"16f0c2320b2190b9418f829756b687c99c51144b7c09604b722c07d81f5cd6f6673d66","size":559,"data":"","first_seen":"2026-04-04T22:49:33.885116Z","last_seen":"2026-04-05T15:42:28.022653Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"72892b3df6bebb9721b2b67bbc4d7af9","sha1":"809e033fca3275f2b95c5d8bcd0bb3eb573e5b3a","sha256":"898ad5324a61d27362e248e6750c130885154de6aadb4fec2e046246837e3756","sha512":"ab4e423ab02ae8874283b9c8266e140dd4aa9e2dea9b73101146cd40a0d6587b1bfe52b526bafd7bd786e2f12d2f5fe747090a235dde10bdf5b7d89c5e3e531d","ssdeep":"","tlshash":"92f02c221b25a4ba0017838b262907c6d8623c0fb808b00a33ac0b884f48dbfe261c22","size":586,"data":"","first_seen":"2026-04-04T22:49:33.886445Z","last_seen":"2026-04-05T15:42:28.024757Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7069276c7313d649d54177843d02fe57","sha1":"14819ea861d796c82d731fe1c9d6a6b16bc4dbb9","sha256":"89d6433ff689119671b152a7ce5789ea4cb75d318a93e9368f66494008e2ff75","sha512":"4322b2c7c8fa493547dac4caec7e539fef155db884d293118b0bc91c8cf0a0aff8700bb8d14ff4d6129fedd4bdca06d15d483d0a5d55b7aa7150ca5a54e5b70e","ssdeep":"","tlshash":"e1f0c2730a1290b9519b928742b517cbac61164b3e06708e335d07d85f4cdaf6672ca5","size":560,"data":"","first_seen":"2026-04-04T22:49:33.887921Z","last_seen":"2026-04-05T15:42:28.030091Z","times_seen":159,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dfa67c600250d470f3ccaa35026e19fd","sha1":"329154c14ade352eb5fffcf77cbb5ecfb2c7755b","sha256":"791de86033f45eccc0faf6205941fe4a3f7ace2fd01d73ab5d10661f2221819d","sha512":"7a97207ec2549869fb679c86a9d2a664ff6c6a3741bd9282390c32aa3435d96741abafaa8cb97a5180c01373c3f2204bcf48933da57ea77793d925b1db19c242","ssdeep":"","tlshash":"f3f07d311a31903e426bc38752710bc5dc16391fac03b80a333c078a4f4ddbd1121c19","size":586,"data":"","first_seen":"2026-04-04T22:49:33.889019Z","last_seen":"2026-04-05T15:42:28.03305Z","times_seen":157,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/popup.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"026709ed231cf8d920385fed59c17ca6","sha1":"19696886744402cb73a48a41e625b23f5acbb813","sha256":"3438d0b2d18590fa1f7f0c324a5ba9f42b699de78006ed372ad043bdf46a7e1e","sha512":"aa01a6f89fad627df9437b5bcf8c3feeb7bb9719d12f12ad8e00d031f3092d1de299ffa4cd98229ddbfd3c455a21934e0e391e1c06d979cfe65fbc0f08cf99e4","ssdeep":"96:P1spJ1L0gLrdAZLLCWICzj3nMjnjOSdFsCaxud:QTo3ZLLCvQj3nMjnjOSdFsCaxud","tlshash":"c4d12f9931f3213082abb27e6faba0143230a0477108dd197f4d5f900fc573a66e1bea","size":6669,"data":"","first_seen":"2025-11-08T04:26:01.83069Z","last_seen":"2026-04-05T17:00:52.688851Z","times_seen":17929,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"71c6428c475338abcd55d98169613f73","sha1":"699ac7c26612356fb4754bd8ded12cd2ea855bda","sha256":"a999f83780d630854b20d1e6b4585f2fb976a15534b4c05b15bb081e5c1ebff2","sha512":"415d032b07ac8c55a24654b6727a9f488ee971ab3879db86d1f5105a3684e217cfc2fb785bdf45b6dcb9a0ef852dc5bdadfa6b6ac137412ffdd967ff4d847a26","ssdeep":"","tlshash":"a8f0cd610951947d4187418755fb4bc5dc92154f2c096049335c0bd41f4cd6f1261c65","size":560,"data":"","first_seen":"2026-04-04T22:49:33.889977Z","last_seen":"2026-04-05T15:42:28.039634Z","times_seen":155,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c6b4b0566933bbace745d354bbf66a45","sha1":"37421e0fdc0f834e9b76c83c86b8f8dc5a25f9f5","sha256":"98f063553824f201d7a46e124e1dabdeefbc517e35e800ba0c8cbeedd432ab67","sha512":"b972867cd30918e974a0603937c16d106aca52ae7b52ffecfb1096b093dd21778cc38eac17d777e53a709b9a3c451b5785d9ac2d3ead1b9ad5532dc718389dfc","ssdeep":"6144:tN52SSJ22f+rppL0uMRzXrpbQLTfUUD+6D5U7qKxnU3F4BsibLioRGJ8z0xEnFak:te22eppSRzbpbTiwqKxUHF84xfg","tlshash":"cbb43aed3695a01683c2b169903f5507633a7d0a284cc12cfa2be9db2d7994db13bf74","size":525787,"data":"","first_seen":"2025-07-08T11:22:48.878147Z","last_seen":"2026-04-05T17:00:52.658322Z","times_seen":25294,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"097cc8cc881dd81ea19bb5b657f24ee6","sha1":"f985d7063df9164ef67daea0836291435f6722ff","sha256":"6c8c1cf97dd9a146410277c35be8d35bd13ac198a3ee79985ef07b08e484d9e7","sha512":"5c5c255d30162643758a528f0de9645f70c9c00cd95ac5f25e3e39d3aed2f6767c1227b90762993020625f8d460a4b35daf0aa1f08729d1fcafe080488e8c240","ssdeep":"","tlshash":"a3f026251e29907b421783af527103d68816380fa840b44e336d0b980f588ae5261da5","size":586,"data":"","first_seen":"2026-04-04T22:49:33.891001Z","last_seen":"2026-04-05T15:42:28.041793Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"669e1987c76e87b26309d2002ca24517","sha1":"f8603bedb17d2892ab949e262e43bb5f7c63aa83","sha256":"b5770d63b3ec29e4241bd9a09b879aa1b6d3491b855fd9c8d436f9cdbcfd5b2f","sha512":"b839b58a2d0d5b99bec84894e3c0245f7ef15a497fcda6bca0804f88ab770fc4f18b1494d5e2c6bcd662680a8501b1c3ff8fb32204fcd61b328e55cc6c345ff4","ssdeep":"","tlshash":"caf0c2620a20c479438b428756b58bc99c65154bec0a700a321c07d81f6cd6f6262c65","size":559,"data":"","first_seen":"2026-04-04T22:49:33.891942Z","last_seen":"2026-04-05T15:42:28.044035Z","times_seen":152,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d42f5a88275c3b20b3f4f4e46f867898","sha1":"00bb324612405496f723d7e9eec6d987bcb22561","sha256":"846c6b3a9754b2bb315382299c40d68eeea6253d863f7d0ceef2463163d0d864","sha512":"a0111dda92ad7abe846fbc3366e7e80a9d69a18fd7423320d6b69f9a0c4f323085cfee4a5883ca6812d638d6bd767fba5b6715f3f8ca70141c399e48bbc52b36","ssdeep":"","tlshash":"04f086230e5590394596c28b56a587c69c71398f7c09b14a733c07c84f48d6e7561965","size":586,"data":"","first_seen":"2026-04-04T22:49:33.892969Z","last_seen":"2026-04-05T15:42:28.050128Z","times_seen":148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"613315486eaf3d0f8b1f196107a2a6d6","sha1":"988af177e641f85fab53235932628a48d4411b54","sha256":"3af4480009ef4ae73aee4b3fa2b005e58296776d81ebfe092d8c2dc046dcbe89","sha512":"cf4c0d293ef79dc6caa3be4a4edfadf562a9fb80ab54f9fdc82869468f099b542717ceff0548d9c960bd3b82f3e676614a8c47450b1624bd8fb24aef1d175167","ssdeep":"","tlshash":"a2f0c2720e159079528b428b56f687c9dc52544b2c09b04a32ac17dc1f8cdbf1263c65","size":560,"data":"","first_seen":"2026-04-04T22:49:33.89467Z","last_seen":"2026-04-05T15:42:28.05854Z","times_seen":144,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f445c678375d95ed33e3619bc889b2a","sha1":"18d965ecf549b78c06b569c11384244e9c3dc968","sha256":"f95be805e948ab554c519bed1883a800557290466a95e87807c2973c106914fc","sha512":"63d28d2f11010d067e1ed6311ba66a79c620dc6b7334e895290f867c26c3e25b85e013eb6590d1e573d2a3cc5a512e26eca1811dee19ff70c519d50230900d29","ssdeep":"","tlshash":"e3f086321a72947b715b879f696507c5ac91280f6805b00a332e0b8c9f48dbe5271d66","size":586,"data":"","first_seen":"2026-04-04T22:49:33.895597Z","last_seen":"2026-04-05T15:42:28.067633Z","times_seen":141,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4d1b7317c7d5b6a85818fe63e1fff516","sha1":"3ded6628ce59b8e7b8d6b7278b698ecd80c0248a","sha256":"20a5d862aaa3706d5747d4c4920d06c9fd82f5758f03075560a8443167047bc7","sha512":"f782e721409c77359c26e36679e3f6c66c1e52e2efc581f52cf8a64ad55b14b0a8183139a56b98174705c29b4d4d66fa3043fdfc7038f969cbf13e94a3b5aeca","ssdeep":"","tlshash":"49f0c2760a909439515b46d782f58bc99d52545b6c0aa00a322c07d81f4ce7f1272c75","size":560,"data":"","first_seen":"2026-04-04T22:49:33.896643Z","last_seen":"2026-04-05T15:42:28.071402Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/assets/player.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4fddf8525d2da6fa0e24d94674fb9f3","sha1":"4149060a09da22bbfaa201f413d1f4b446fea1da","sha256":"8c7d71d123ec4f91eec964ba54ad1b8ed87f18d6952bec4b268137197eb42685","sha512":"db14528dfdcffa6605438ddfdf5f5dc40fddbc01e62faf85f41c80b72487ea3958e26ae50aa12ecc59b9379be8fe2a519cb70383f9bf65f2f721aaf163fcfa94","ssdeep":"96:PC2C62HyiZWWlP+oErxSiUtIEu7VfAn1PO8NUWzShC4Wp:qXLHyiZDlPM1SptIEu7Vf+uhCv","tlshash":"b0812e1c68f75021525bb0f68a6fd118b2344a870208de20fe0cab5cdf6953e46f2bed","size":4099,"data":"","first_seen":"2025-04-02T09:15:20.181739Z","last_seen":"2026-04-05T15:42:27.921446Z","times_seen":2394,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4eec83ba15a13546d318bc898150f8ef","sha1":"8fa7984e7fc9d22ae34fbbc876be7d24fd0d978f","sha256":"529e77d08406dc7493f89d8e1368cb71c36c55ea7ee66597ee18b0e5303442bb","sha512":"ff67a1e439432bb668e4a05e3dbddade872a70b242bd5422921939fcfaa489a5682fdefb5f662e669c2d592a8ec52f06a8957b6ae9c199fc97933fd34e356299","ssdeep":"","tlshash":"bef026621b2aa0791a5a8287053843cd9c511c0f6806b40b339c0b8c6f588af1121d6a","size":586,"data":"","first_seen":"2026-04-04T22:49:33.897898Z","last_seen":"2026-04-05T15:42:28.075054Z","times_seen":129,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c45e2c43550bf17f3ec7a70b379d47a8","sha1":"1b32a446a6eea67c4c46defd31868f28a7d78ed0","sha256":"c39f442736530ba5bbaa912bbbea19834b44da3739ebeed448e18bd764e7a6cb","sha512":"c8536725e467cd5ef05f48367b12ceb032c931ffb9283a62d2767ca1eda56d315f47e35a603760ac870dc2e12769d41c583f620d4246ad9b2cf6af95b5422ecf","ssdeep":"","tlshash":"aef0c2320a22e43d894b62c74ab747daec513c1b6c09600e331c0bd91f4ceee2232c66","size":559,"data":"","first_seen":"2026-04-04T22:49:33.898825Z","last_seen":"2026-04-05T15:42:28.076992Z","times_seen":125,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-05T16:47:15.910645Z","times_seen":597236,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/vue.prod.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9b14a30d9be6b89ccb5d9426baa70059","sha1":"e55a9116be9d0907b48698418b9e348d36bd3624","sha256":"97374c2e6815b02920dc02d8cca04507973d9a4d82aa5dafa20d04c2227ac9d2","sha512":"90840f4551f1ceeb2e764fed6a632d0eb39006fcbec40166664f0e7f0241347d8679fddf6e41658f939d0b00e893f1bf4ae97429f320c6dc60af0d87c4ef9dfc","ssdeep":"3072:c0RkBL/7KE2X44lDzvWUgT5Asswj2z+e7/72oIKc01DcUrIH:c0KuE2X44lDjWXT3j7e2KctH","tlshash":"2c1428b93181703217ea14e250bb0016f33a1525780984e8b5bde8df2d7695a61fffbe","size":194853,"data":"","first_seen":"2025-06-27T04:20:30.543622Z","last_seen":"2026-04-05T16:55:02.674497Z","times_seen":25947,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"065ae66668aa8923253d2ac7fd83b940","sha1":"ec66bf0a24fa9ebe9f8e4d48cd5ffded215f86bf","sha256":"e2735fb3c7e690d7814a84d83e611fbc95f54ac9fd87931176940658321041e7","sha512":"87203de894e5594a588a43d4512ddaf7e83cfbf3a6404df70ae4619a70adf592f01bea64c05c0d827bcb79b90fadde7fbec0d411341432be51cb586a263f9663","ssdeep":"","tlshash":"48f02c320a28a83a025b83cb4ab50bca8c12290f3c00b00a732c07c80f48dbe6231da7","size":586,"data":"","first_seen":"2026-04-04T22:49:33.899999Z","last_seen":"2026-04-05T15:42:28.081264Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f537540a9585f94df8fb892904a78272","sha1":"ea6d1e1edea38ef916dad37ba75ccb1d4a8b55a7","sha256":"2ecee5d9c0c8ade80f672e9640e5fcd72359e061d5a20d0addca789ac9cec7c6","sha512":"487363f479a9d6952587de20407840fc0bc22d4e9b5df12b8a9cead41b67f362573ec1a0b2208583f7747d622c7ed22d3f982a497c99d24481c48688f7693043","ssdeep":"","tlshash":"bef0c2320b25d83a420a439f42ba43c9ac91140bac06784a332d07fc1f8cdee1322c65","size":559,"data":"","first_seen":"2026-04-04T22:49:33.900972Z","last_seen":"2026-04-05T14:49:41.042246Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/parsley.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e84bbf7a68d90ae5048b572c49df4a2","sha1":"164dcbde378818a3f947919726099dae440d24f6","sha256":"9f685169ab4ac17e2cf4e5a995213cc0d878e9cafd55793260d1609a4aee105b","sha512":"525864c838082d9e05d4e87229b4e95afe8d40c3f82cb3820f5126ec108998d4e2d2855aac8efcdfc718ca84c89cddff08fa69131734daecd990d95a7aa4948c","ssdeep":"","tlshash":"11110eec69e97021155721aada4fc446ba38c97311cc1c043e0d69b0aff457c17dab4e","size":1000,"data":"","first_seen":"2025-11-12T04:33:15.928399Z","last_seen":"2026-04-05T16:57:56.833606Z","times_seen":3533,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ee52420c7b53e1f790f6c8b43b42005a","sha1":"84cf5520957e9853efe9751af7e9fd047fa7619d","sha256":"131d940f7ef12cb6857d24527feff2de229ec72f169ac326a8ce2be0f3b53781","sha512":"04ae2001809c789c4c9911a6040f062175e57db952bbd062188f53b8bbe8034367088021fcd01ef97976433c68a0343e25b719152f90ffafeecbffe54f91ef0e","ssdeep":"","tlshash":"79f0263106119439221b82cb06a413c5bc661a0f2805f10a375c07cc2f48ebdd132d9a","size":586,"data":"","first_seen":"2026-04-04T22:49:33.902029Z","last_seen":"2026-04-05T14:48:00.100587Z","times_seen":104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c50891e1cb58d53010cf6c482d95d1b","sha1":"543dd835ed3302dc5090106d8cf674d510997eec","sha256":"96cc6d872def8aad668c0b48dac5ff4e37f2f1bc37615c1b6a446a47fe9d2f6d","sha512":"a741ef4c19265d80eb1481d012a5034592c4607b3c519fe78affebeaed1b842b8a5832ae22f66ab4182b359c6cfb8ca1d44604df7a45e3326ccd76ccebe94f73","ssdeep":"","tlshash":"6cf0c2720b219039419b468b41b683cb8d51145b7c09680e322d07d81f4cdaf5263c65","size":560,"data":"","first_seen":"2026-04-05T00:26:00.353412Z","last_seen":"2026-04-05T14:48:00.101161Z","times_seen":96,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2843fc30a70f4acb2aa7aa634c943d3d","sha1":"9037821caa7cc21e66ade9b354302567a554561f","sha256":"4aae215546fedc6782beb439b0fcb73a21ad78b2ea2582f0002eb978f5905e36","sha512":"97a84430ece0bf883b6ae2c5e43b9691e1894bcc00da11eb5673175da0746325a3a0e9773c725205967052cbaa6eaf333864e8d92f2863b3823bb6f38b644772","ssdeep":"","tlshash":"37c02b1223f9d0521aff9046da3509c0f0862c4fcc5da60b32cc40dac74c0fb2412200","size":156,"data":"","first_seen":"2026-04-05T00:26:00.357095Z","last_seen":"2026-04-05T14:48:00.101749Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ed3aa08cf814036e6075a1a24c5aa18a","sha1":"927e1cbc2e9afbd3dc8329e33371227b927c12ac","sha256":"35f1b2b020b64489d998ea6784d209c3494f1532f5d162af2e72eb1dfef25a26","sha512":"321d555630400526fb4036697aaa551dcf8a3ab5500c9652c319c3e7f74a38af1cb5415154c39535f231a23200e53b9c08c1de3fa05b2388777089a549b445c8","ssdeep":"","tlshash":"a4c02b2212abe0219ff6004562282104e44d3c0f4c8cee4673ac80a6cbac1792402309","size":156,"data":"","first_seen":"2026-04-05T00:26:00.359106Z","last_seen":"2026-04-05T14:48:00.102288Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=3","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"467f79f8918ea5236cd42da189a3ddd9","sha1":"9cd460c1e262681514e331bd3cf1d17c9ce9d4d0","sha256":"7406dc82acf484c36bbe06dd2266cc0b2793fb5bc1622d5d0e7ab76e89ba98e1","sha512":"361dd264e39689a61ca1c9baf5bb3d6b42384d59f3619c20bfd43c4b1e7073ed7adfff7440896ddfe82e5145aca58e98e82d6c6560d3653024b2bd8820ec1413","ssdeep":"3072:/SbqwelyE+K3TAO4czuJ19WxZ/Y8f4Sqvw+Uki/uMSB+jonuLzAX:/Sz4TAauJXW3Y8f4Pw+UVuTxnuLsX","tlshash":"ae64a40baaf314725563b0bc4b6fa5043231806b5e59fd643e5c82dc4f1d83d26b6bae","size":314216,"data":"","first_seen":"2025-07-23T00:56:23.107725Z","last_seen":"2026-04-05T17:04:21.635059Z","times_seen":2799,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/gtag.js?id=G-FY0XHF5T9E","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"33a9b69f784501cdb8a0c58f2f68f6a7","sha1":"fb8b0370f498e49e017f289cae6bc20234f2f4b1","sha256":"c94ca6d3c3db11e31bb31538f7e733db40d5b39e0820fcbaae6d847037b4428e","sha512":"853010d8f3d78252f634b29716930399b982ac4b1555eefe60bc1c1a48d157dc573805c685fb7b1de72ce32c7750f690777396a7e941b22c2742e2efb661b1f5","ssdeep":"6144:tkDe7WbEbUAOfns+vZcMDYesTQT8PVMxPMbznmsCt:aDeSbaU1s++yUHn38","tlshash":"4d841ade73c674665396b478803f018ba5bb28a2b44cc895f1c9cce42d74a9a4277f7c","size":381492,"data":"","first_seen":"2025-05-03T07:00:02.073922Z","last_seen":"2026-04-05T15:42:27.956023Z","times_seen":2353,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd05c04e9b9e6bf11c51626de325d56c","sha1":"9345767fd357f31aafe67201948313693fa26e28","sha256":"819a2c5cec428ad27bf22d9f6c135dfbd5f69bf034b97e545936e7fa13fbc922","sha512":"5cbe2f120339cd3355550b5093b47dc975f0514d03ff4ff7d542cc9f249ed52f538a14efb7a864b42329c8d1bf5ea8ce27aa2bd19d4d1a3d591073fb08a51bbd","ssdeep":"","tlshash":"39c02b9361a2d05155f9114997b82841d0417d0f8c68ee88f38f4059eb890ff3c03340","size":156,"data":"","first_seen":"2026-04-05T00:26:00.360917Z","last_seen":"2026-04-05T14:48:00.102875Z","times_seen":70,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/clipboard.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"15f52a1ee547f2bdd46e56747332ca2d","sha1":"9a7cb405f9beed005891587d41f76a0720893ffc","sha256":"e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9","sha512":"ecee695e9734a0246bc64f1151f0d81609f49ced6dfa32ee20e41d38c469e003c1eee678bd28eca73a79cba603b43b385735124db5b304567f2ca2619f214e2b","ssdeep":"192:s6IMH3HEG9JVwkHg4LyAal318/NYusfkApXMdgmkpj:sy0G9J1zG3eFYP/XMmmkpj","tlshash":"77126399b291b0b15ae731a9412f920bf2766969708b90d0d239d4f0acbcdde4463f3d","size":9160,"data":"","first_seen":"2023-03-07T12:23:44Z","last_seen":"2026-04-05T16:59:41.067283Z","times_seen":22994,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/FootMenu/assets/foot_menu.css?t=20231029","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/FootMenu/assets/foot_menu.css?t=20231029 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 08:55:46 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Mon, 16 Jun 2025 12:41:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 08:55:46 GMT\r\netag: W/\"685010e9-898\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: XrpU872OVYEAPcWjN9dKisEdTfxmX4KT-ajG6ErAlUq22RgZSdpUqQ==\r\nage: 2637\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2200,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"64614812ac4674018c2ce1b8b8ccaab7","sha1":"c951c70177dbd690a4d57951cf47165bbf5429dc","sha256":"7bda87c3fb2390f334e74fcaf6d1d4d160916b0b3e73af7bfb0d3d3a9db4b097","sha512":"991ebef21f04d412d5454fdd5c244eceacecc2a5ca993ea13810696a761ebba051b8182513350ba839dc30c6fcf9d0e6e3f1d5ce5df7db0bb7b307f0ca61d88c","ssdeep":"","tlshash":"2b41a43976b2091479a74d64b35a89c4b3bc9603890dfd7efe1e53848f890e1b8d174c","first_seen":"2025-06-18T15:32:14.658498Z","last_seen":"2026-04-05T17:08:33.67237Z","times_seen":5004,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/css/7.10.0/common.css?v=4","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/common.css?v=4 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 09:29:26 GMT\r\nx-hostname: server-3\r\ncontent-encoding: gzip\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 01 Oct 2025 06:46:32 GMT\r\netag: W/\"68dcce48-66a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: b1UXfzCEmBSzdLJaGEkA9aIh-8ysGXo9Ct_jVymMgtAYq4-kRB2wRA==\r\nage: 617\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1642,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ed2347def80edcd757cc41d1d6174df8","sha1":"d4ff471caa972cb4dc2f066ad2794a3a46d83cce","sha256":"e2e9f49e79ee27e0658cef6b3377ff94544a4138a0c17699fba6aeca6fb88272","sha512":"c53d9f63570e1f6a2e30e243d9126040dc75020a1b50e6ba8eecdf5d48870f2067d58efc910c0bd8daef4fb79ae1abd00ac63cf78f815d65034a408071cccfae","ssdeep":"","tlshash":"aa31a05a11031048f52ba7aa4fdb071a1a6c1013f503dc3e37ea275d8f974bca1b3b59","first_seen":"2025-10-01T15:18:30.915271Z","last_seen":"2026-04-05T15:42:27.831221Z","times_seen":2002,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:02:58 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:02:58 GMT\r\netag: W/\"65b36999-14e4a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: v8WBa5l69kMtvP0eVtl22Erp3TlynWpU2QCys4EhKwphbxKrz2LrsQ==\r\nage: 2205\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T16:50:32.425922Z","times_seen":264778,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/popup.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/popup.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:32:02 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:32:02 GMT\r\netag: W/\"692a558e-1a0d\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: HsKy649JNkAzfFJryKyBGbhm6aYOWBcfgFdpXp5J4VB-2A4wRQ03vg==\r\nage: 460\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6669,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"026709ed231cf8d920385fed59c17ca6","sha1":"19696886744402cb73a48a41e625b23f5acbb813","sha256":"3438d0b2d18590fa1f7f0c324a5ba9f42b699de78006ed372ad043bdf46a7e1e","sha512":"aa01a6f89fad627df9437b5bcf8c3feeb7bb9719d12f12ad8e00d031f3092d1de299ffa4cd98229ddbfd3c455a21934e0e391e1c06d979cfe65fbc0f08cf99e4","ssdeep":"96:P1spJ1L0gLrdAZLLCWICzj3nMjnjOSdFsCaxud:QTo3ZLLCvQj3nMjnjOSdFsCaxud","tlshash":"c4d12f9931f3213082abb27e6faba0143230a0477108dd197f4d5f900fc573a66e1bea","first_seen":"2025-11-08T04:26:01.83069Z","last_seen":"2026-04-05T17:00:52.688851Z","times_seen":17929,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/css/7.10.0/webfonts/fa-brands-400.woff2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://always.tctirbur.com/usr/themes/Mirages/css/7.10.0/fontawesome.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 117372\r\ndate: Sun, 05 Apr 2026 09:20:45 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-4\r\netag: \"65b36999-1ca7c\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: cdbsmBQus3x324xrTb-wljqCPyld7hHaYiLdjNc25hm_0cDvIlm5Fw==\r\nage: 1137\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":117372,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 117372, version 773.768","md5":"b6356c957274676e6571c1ff5e11c9a8","sha1":"4022f95e001d734ca8f082b8e7627abd205609ec","sha256":"3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490","sha512":"83de79c74480fafc62cdac4012ff2a129d8701772ee16216c3d9488826ac21a9c2f8a416fe3208a61bfea7e12c24ac1cc2d26f6d22bd2b0ba39a22d630238b59","ssdeep":"3072:U3JKgVzg5ybfXYe5W59JPQaPWKSsx/DBMnVnqedkAFqPQTzIBIOK2vDMF:IVM5A5GJPQaH/NMtBkAvcnYF","tlshash":"c4b312f88b7ac9a5e304e67b55e4613555a0aec8b180f35453be7c2c221e10dc67afe3","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-04-05T16:50:00.174159Z","times_seen":19091,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260401/2026040121474713647.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260401/2026040121474713647.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 13:47:51 GMT\r\nEtag: \"86b262615a98df33788e372ead39bcb1\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 14:51:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 989\r\nContent-Length: 157440\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5645021083237782723\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":157440,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"86b262615a98df33788e372ead39bcb1","sha1":"1685a1686f5fc2124430ed2e44103afff2926637","sha256":"7d334f54ed35f616f55129c7afb43e96e9ec7cf519da8d7fe3a9a2e5c220bc59","sha512":"ef90e1eb97bbbc284b8e50ccc916065f2e8c8ec2970ac884f342a4600c533dd5bb294a70067c94004ee191c4ff6e772a97e38537710bd1f0f0b428ef53d8fb15","ssdeep":"3072:IpGIRZQhKS/B9wzm5B/R43cLaNcXoTBIDIxzw8ad9p6JQXhACDqFTr:D8ZQhKggzO4sOcXOsIxl22JmC/","tlshash":"7df313b0a4d96daf6a5f10b14894ffc3e6e6cef84be9f88304743774e69903218b0645","first_seen":"2026-04-01T16:07:49.583461Z","last_seen":"2026-04-05T15:42:27.93709Z","times_seen":181,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":186,"dns":8,"connect":9,"send":0,"wait":12,"receive":25,"ssl":161},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260311/2026031121263354526.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260311/2026031121263354526.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 11 Mar 2026 13:26:38 GMT\r\nEtag: \"ebbbc9a0079f6bb40e8907e048e6166e\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 11 Mar 2026 13:26:38 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 5077\r\nContent-Length: 115616\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5336716435327152736\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115616,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ebbbc9a0079f6bb40e8907e048e6166e","sha1":"778fce724bc4c8e7d10a97290a89dfb9db0426ac","sha256":"90fd3f24eb3e1d76991c0929b4e6fbf99047cc258097673051a0226c8813e28f","sha512":"5af5a99158d69690f52506e2e2c58265513544359c8c8e484106750b04f3f787fc30606ab58fda1f1374e7b7482e2404d39080238d8472b645c4f172d44b6f6a","ssdeep":"3072:k6O06j81k0htCocMNenb0mUcyT7k+zAWMgcHFW:bO/j81kAtCogdCRURhFW","tlshash":"fdb3125432b4cb2b9511a513d2e5ef29bb45dacda0094e30fdf7db2c2a6ac5413ae40f","first_seen":"2026-03-13T09:00:06.663455Z","last_seen":"2026-04-05T15:42:27.883969Z","times_seen":249,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":147,"dns":0,"connect":0,"send":0,"wait":16,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260321/2026032115022290494.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260321/2026032115022290494.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Mar 2026 07:02:27 GMT\r\nEtag: \"7181d62324b1c0804869f1537a738aca\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Mar 2026 08:14:06 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 392\r\nContent-Length: 124960\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8910212485659903759\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124960,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7181d62324b1c0804869f1537a738aca","sha1":"8b10976e932c75a876fb0b76308354d5f9992b4f","sha256":"9b53b938c123ee06b64694766ae6890b27350973d24c7fae8128c55f25865a02","sha512":"7c65b599329cd82f4cdff5e588c37e7ba8d73c99cf35805dccc00bad220fdc47827b7f6264321143a2bfb337b10348cfe57551c1d050173523e7c1280d4017d9","ssdeep":"3072:QuvlONxJpeMsOjkX8hAaOdCao18Qi+9p+09xqqn:QuvlWpeMLkMAvAZ9i+zDEqn","tlshash":"cdc3120635e36c38c31422c5cea2b5338e8a57cde619e80498d5a4eb289f0d3fdc5c9b","first_seen":"2026-03-21T11:47:54.20071Z","last_seen":"2026-04-05T15:42:27.914164Z","times_seen":220,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":24,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/assets/DPlayer.min.css?v=1","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.css?v=1 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 06:48:51 GMT\r\ndate: Sun, 05 Apr 2026 08:55:46 GMT\r\netag: W/\"65b36999-b096\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: o9fMFl6NLuVuz-Did4YLp7ZuPUG_jKY8tLlPcqkDUFS-AfojwQkblw==\r\nage: 2637\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45206,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (36675)","md5":"561f19b7ef3f68fadc57c33a964fc9da","sha1":"715fdb568449a95aa5675197d28a26972f3230fe","sha256":"2c467a8a8710fd5a7f50d52100e39f0b24cd1c1928ae4f26ee4bbe67f8f56989","sha512":"3e6fdd77a27fc20dc18b9a54a1c66d68c3ead28dde098a7f9c95accde669216a3ba98a87c34c475f001671d7f0c6e73d98f913b693d72aeffe3bf0fb772f18cb","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHvHYr/hizxdUDr5+0ysGif0y9W:9HYr/hizxdUDr5+9soyW","tlshash":"4d13bb1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2023-06-15T01:32:19Z","last_seen":"2026-04-05T17:19:28.192403Z","times_seen":6668,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/clipboard.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/clipboard.min.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:55:57 GMT\r\ndate: Sun, 05 Apr 2026 08:59:18 GMT\r\netag: W/\"692a558e-23c8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: TrNnM22vB6xLvZURJ9mALsaz5DKeO_G2wT0n94LdxDAdTdABM_RmVA==\r\nage: 2425\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9160,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9067)","md5":"15f52a1ee547f2bdd46e56747332ca2d","sha1":"9a7cb405f9beed005891587d41f76a0720893ffc","sha256":"e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9","sha512":"ecee695e9734a0246bc64f1151f0d81609f49ced6dfa32ee20e41d38c469e003c1eee678bd28eca73a79cba603b43b385735124db5b304567f2ca2619f214e2b","ssdeep":"192:s6IMH3HEG9JVwkHg4LyAal318/NYusfkApXMdgmkpj:sy0G9J1zG3eFYP/XMmmkpj","tlshash":"77126399b291b0b15ae731a9412f920bf2766969708b90d0d239d4f0acbcdde4463f3d","first_seen":"2023-03-07T12:23:44Z","last_seen":"2026-04-05T16:59:41.067283Z","times_seen":22994,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/axios.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/axios.min.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:32:53 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:32:53 GMT\r\netag: W/\"692a558e-cc17\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: BPW2dipUfA9p8m3TuUzzjAnmfqXDkOy_4QMr02rqnD2-iGP6_Yx_DQ==\r\nage: 410\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52247,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (52208)","md5":"99714d221df650b50da3b7bf97e2987d","sha1":"493b74178a63429fff2aab081b3a1ca73d362085","sha256":"8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96","sha512":"2520851e12838a54d14577bd6a4fc5276f1d729389c7341a09ddd783c33217a5c58ce0e1cbf60c08cf075b44c50dc90d1d651ec16fa47ef8629f8de12ad27103","ssdeep":"768:Wjp+L+sl7x97+om+oCICTUOD3cQ3F1C+SqImCjL/hQBf/MEVgnyzB/c2OiwBaGcj:Up+b0GUOLMPLJQf/CEB6iwOj","tlshash":"2c33b6cd76d6f06243a77174802f610bf23aad16a44d8460f224ece6bcb854e9337f69","first_seen":"2024-05-21T19:06:10Z","last_seen":"2026-04-05T16:55:02.749837Z","times_seen":26874,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/gtag.js?id=G-FY0XHF5T9E","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /gtag.js?id=G-FY0XHF5T9E HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Tue, 29 Apr 2025 08:16:20 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:52:17 GMT\r\ndate: Sun, 05 Apr 2026 08:55:37 GMT\r\netag: W/\"68108ad4-5d234\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: PIkzQHSlhl11ac4rIwfmF3s2-NYGcU5L-ybHFcUwpVESOFgiWvQrog==\r\nage: 2646\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":381492,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6129)","md5":"33a9b69f784501cdb8a0c58f2f68f6a7","sha1":"fb8b0370f498e49e017f289cae6bc20234f2f4b1","sha256":"c94ca6d3c3db11e31bb31538f7e733db40d5b39e0820fcbaae6d847037b4428e","sha512":"853010d8f3d78252f634b29716930399b982ac4b1555eefe60bc1c1a48d157dc573805c685fb7b1de72ce32c7750f690777396a7e941b22c2742e2efb661b1f5","ssdeep":"6144:tkDe7WbEbUAOfns+vZcMDYesTQT8PVMxPMbznmsCt:aDeSbaU1s++yUHn38","tlshash":"4d841ade73c674665396b478803f018ba5bb28a2b44cc895f1c9cce42d74a9a4277f7c","first_seen":"2025-05-03T07:00:02.073922Z","last_seen":"2026-04-05T15:42:27.956023Z","times_seen":2353,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-01-30/ef05887cf33f983964f19511737a40d3.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-01-30/ef05887cf33f983964f19511737a40d3.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 30 Jan 2026 08:50:06 GMT\r\nEtag: \"840f182a845cc5c44c2f8bf7f5513f04\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 30 Jan 2026 08:50:06 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 272\r\nContent-Length: 173840\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15422090198307203064\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173840,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"840f182a845cc5c44c2f8bf7f5513f04","sha1":"6a0f0ac351844121ceb3d31780c9d8629d092469","sha256":"79193d9887fe6c93ec976f02ab7447c58b92205cda2478432fff3e4ca4ae3dfb","sha512":"c1be9ba4b91116d77196974fe92c4d59fe83b438c633fc153db423e0710c3e4cecc9b457c9d5475fdbff964b2cac6bee0072dc6051cc302ad7cea3548286a61d","ssdeep":"3072:+KHHcQPpcjpnwRDrTQjaHpHZscE7u4HPsqVQMm5SZY0hWfFfAmWeZ39P6xj3Fh:VNG9lEHZscyu4vsUNAmToP6xj1h","tlshash":"690422767a480b657891bd930dfe16031509b5f9b74a8c53f2eeea0b2a25dcd7e20d0c","first_seen":"2026-01-25T11:27:58.583668Z","last_seen":"2026-04-05T16:38:14.75701Z","times_seen":4909,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":9,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/ads-close.png","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/ads-close.png HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 1443\r\ndate: Sun, 05 Apr 2026 09:06:29 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-7\r\netag: \"65b36999-5a3\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: c1CkfxXElANB1YTwr0Cqjzw8xbZY7i8zd_91-pX2kZQguV4pgfAHVA==\r\nage: 1995\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1443,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 129 x 129, 8-bit colormap, non-interlaced","md5":"1840e82f933a7c08af8408edfc255011","sha1":"97006c40ff1f99238f8c3df3c98826ab2ca8eea2","sha256":"ca85e50e73e0552ea9467c120d2221c68cb29d5c30a4ab54b8ef6ea7330afc19","sha512":"fa0020bc21aeca4251213ec69ea2338f8452d1fa9bde26f003d7edffc55ec612fb2c7a21b447d2a1ccd874d0f53a390da40bb93721db9329df13c9d6e5220ae7","ssdeep":"","tlshash":"0321db42a8fabc5f4192405a7649f290a833ad07996bc671121d3efbd573c554c4f741","first_seen":"2023-08-13T16:34:45Z","last_seen":"2026-04-05T17:05:44.927974Z","times_seen":18034,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-FY0XHF5T9E\u0026cid=1075459841.1775381985\u0026gtm=45je6420h2v9176494676za200zb9218836311zd9218836311\u0026aip=1\u0026dma=1\u0026dma_cps=a\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=0~115616985~115938466~115938468~116991816~117266401~117384406\u0026z=915474257","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:45.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:41:31 GMT","end":"Mon, 08 Jun 2026 08:41:30 GMT"},"fingerprint":{"sha1":"4E:8A:1C:89:CB:03:F7:36:49:8B:A8:F0:C1:8E:63:7B:C5:A5:B1:BC","sha256":"CC:B7:3C:DE:C7:63:CD:0E:81:CD:4D:B9:94:50:24:F5:34:6B:3F:F4:8E:95:53:E2:21:C7:46:7F:37:B9:37:D7"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-FY0XHF5T9E\u0026cid=1075459841.1775381985\u0026gtm=45je6420h2v9176494676za200zb9218836311zd9218836311\u0026aip=1\u0026dma=1\u0026dma_cps=a\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=0~115616985~115938466~115938468~116991816~117266401~117384406\u0026z=915474257 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 05 Apr 2026 09:39:45 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T16:44:12.610074Z","times_seen":768156,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":91,"dns":1,"connect":14,"send":0,"wait":39,"receive":1,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-FY0XHF5T9E\u0026gtm=45je6420h2v9176494676za200zb9218836311zd9218836311\u0026_p=1775381983904\u0026_gaz=1\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026dma_cps=a\u0026dma=1\u0026cid=1075459841.1775381985\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AAAAAGA\u0026_s=1\u0026tag_exp=0~115616985~115938466~115938468~116991816~117266401~117384406\u0026sid=1775381985\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2Falways.tctirbur.com%2F\u0026dt=%E6%AF%8F%E6%97%A5%E5%A4%A7%E8%B5%9B%20-%20%E5%AE%9E%E6%97%B6%E5%90%83%E7%93%9C%E7%88%86%E6%96%99%E5%B9%B3%E5%8F%B0%20%7C%20%E9%BB%91%E6%96%99%E6%AF%8F%E6%97%A5%E6%9B%B4%E6%96%B0%20%7C%20%E7%BD%91%E7%BA%A2%E7%BF%BB%E8%BD%A6%E4%BA%8B%E4%BB%B6%E6%9C%80%E6%96%B0%E8%B5%84%E8%AE%AF%20%7C%20%E5%A8%B1%E4%B9%90%E5%85%AB%E5%8D%A6\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026tfd=2888","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:45.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:36:32 GMT","end":"Mon, 08 Jun 2026 08:36:31 GMT"},"fingerprint":{"sha1":"F1:EC:3B:52:4B:66:50:1D:0B:50:65:93:DD:B9:FD:40:BF:2D:6E:7B","sha256":"46:A7:13:4E:73:FB:45:6B:0B:73:AF:6C:C5:72:C7:83:79:46:1B:0D:3F:B2:A1:0C:AD:70:4A:EA:1E:4A:D1:2B"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-FY0XHF5T9E\u0026gtm=45je6420h2v9176494676za200zb9218836311zd9218836311\u0026_p=1775381983904\u0026_gaz=1\u0026gcd=13l3l3l2l1l1\u0026npa=1\u0026dma_cps=a\u0026dma=1\u0026cid=1075459841.1775381985\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AAAAAGA\u0026_s=1\u0026tag_exp=0~115616985~115938466~115938468~116991816~117266401~117384406\u0026sid=1775381985\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2Falways.tctirbur.com%2F\u0026dt=%E6%AF%8F%E6%97%A5%E5%A4%A7%E8%B5%9B%20-%20%E5%AE%9E%E6%97%B6%E5%90%83%E7%93%9C%E7%88%86%E6%96%99%E5%B9%B3%E5%8F%B0%20%7C%20%E9%BB%91%E6%96%99%E6%AF%8F%E6%97%A5%E6%9B%B4%E6%96%B0%20%7C%20%E7%BD%91%E7%BA%A2%E7%BF%BB%E8%BD%A6%E4%BA%8B%E4%BB%B6%E6%9C%80%E6%96%B0%E8%B5%84%E8%AE%AF%20%7C%20%E5%A8%B1%E4%B9%90%E5%85%AB%E5%8D%A6\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026tfd=2888 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: null\r\ndate: Sun, 05 Apr 2026 09:39:45 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:178:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:178:0\r\nreport-to: {\"group\":\"ascnsrsggc:178:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:178:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":79,"dns":0,"connect":8,"send":0,"wait":18,"receive":1,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.gbhqubok.me/","fqdn":"always.gbhqubok.me","domain":"gbhqubok.me","tld":"me"},"ip":{"addr":"154.207.77.151","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:42.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gbhqubok.me","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Feb 2026 00:51:47 GMT","end":"Tue, 26 May 2026 01:50:37 GMT"},"fingerprint":{"sha1":"10:EE:FE:CC:A7:88:36:3F:2F:0C:AF:61:84:B7:E7:18:8B:DF:E1:43","sha256":"FB:34:31:7A:AF:58:5F:A4:60:D1:F5:83:97:38:1D:D9:A3:8A:11:05:54:8E:7F:83:F6:9C:DF:B2:9C:12:ED:51"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: always.gbhqubok.me\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sun, 05 Apr 2026 09:39:42 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://always.tctirbur.com/\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9ur5GllBrv0V52nXW%2BGDn0kdcsy%2Fi8eQIEPWsWpXEBncTQjtDiCsgb%2BkTG5ChuktvE6c2PJnVwD45UdezdAdJSPZcSd3PEymoj3H%2B91x1ZBbYcXwBj4YmZ2i%2Bz3QUIhfYbfxRhY%3D\"}]}\r\ncf-ray: 9e77964dc9fb5685-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":198083,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":466,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":421,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"always.gbhqubok.me","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/index-ai.css?v=3","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/index-ai.css?v=3 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 09:32:36 GMT\r\ncontent-encoding: br\r\netag: W/\"692a558f-2166\"\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:15 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:32:36 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: NdaXkWPv60sSqrqy4YknrRREQmgdhQCjL46wmm3tD757FJlouKidyQ==\r\nage: 427\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":8550,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"2a2c6808214b8c4bebf4ef136eb65925","sha1":"d757a56272052afcb5352a2b170af4c683c620d8","sha256":"daba2b23052b3d4f27dfb7b31e3739d7592bc398a9ba41192268466317da9a08","sha512":"4f1cb919b2d26326ed96bf29d4e372f4666d5333faea92ffa3f60c739154755163dfb2c504477a541dabe90243205acbd345875c1fdc4a0d1cb284c92bd9f002","ssdeep":"96:8XZCoJPC+0vApyTLjNTzpdSlp57BvebMhZ4yumJ+ZS6FjXJQjJ3CyZnVVchc8jfy:8nGAMTN/pMlr7BAWbuA+ZmVF","tlshash":"2d027654e35f386b770a81f4a7d5fbc4263c2814fe00afa471a8b972468a3e554737b2","first_seen":"2025-11-29T02:40:47.003326Z","last_seen":"2026-04-05T15:42:27.806812Z","times_seen":1604,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/assets/player.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/player.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Mon, 25 Aug 2025 14:19:11 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:55:56 GMT\r\ndate: Sun, 05 Apr 2026 08:59:18 GMT\r\netag: W/\"68ac70df-1003\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: RRHH9gjWItWC4SuYGbx6X-eOHHZzy4hQ8R_qSINhJPJ3o7aYhIcOsw==\r\nage: 2425\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4099,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b4fddf8525d2da6fa0e24d94674fb9f3","sha1":"4149060a09da22bbfaa201f413d1f4b446fea1da","sha256":"8c7d71d123ec4f91eec964ba54ad1b8ed87f18d6952bec4b268137197eb42685","sha512":"db14528dfdcffa6605438ddfdf5f5dc40fddbc01e62faf85f41c80b72487ea3958e26ae50aa12ecc59b9379be8fe2a519cb70383f9bf65f2f721aaf163fcfa94","ssdeep":"96:PC2C62HyiZWWlP+oErxSiUtIEu7VfAn1PO8NUWzShC4Wp:qXLHyiZDlPM1SptIEu7Vf+uhCv","tlshash":"b0812e1c68f75021525bb0f68a6fd118b2344a870208de20fe0cab5cdf6953e46f2bed","first_seen":"2025-04-02T09:15:20.181739Z","last_seen":"2026-04-05T15:42:27.921446Z","times_seen":2394,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260315/2026031510470512790.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260315/2026031510470512790.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 15 Mar 2026 02:47:09 GMT\r\nEtag: \"18fca374fbb041cca752bdfbf85d4624\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 15 Mar 2026 03:22:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN52-P1\r\nAge: 1425\r\nContent-Length: 233312\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5745313263441663638\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":233312,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"18fca374fbb041cca752bdfbf85d4624","sha1":"54d04d29f4ed32c930e1f71453ca811559d8947d","sha256":"cb66df721fc71d3e4a8d3de671f3ededbc06a49eecf2651420d622e91abd66f7","sha512":"77b48ba9581153e642c83de6ee55c8381b19646d222468b06308438bdb7ac2d2b4c7562b19b6835fb4bdebd03df2f7d8746e32010c725027bad6942c3d891b49","ssdeep":"6144:RwXZCIx6hacRCmfVSqGj7MgBb4hojGaluLKbPIhI:RwJJ6DRCmdmDFBjRlkWPB","tlshash":"41342321f2807606d8e4c70cfc1625329998c6fca520df3731a76e7bd5ce61cd9a26ac","first_seen":"2026-03-15T20:31:50.722132Z","last_seen":"2026-04-05T15:42:27.798037Z","times_seen":235,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":135,"dns":0,"connect":0,"send":0,"wait":14,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/59e74294064996bb856c1beead3bedfe.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/59e74294064996bb856c1beead3bedfe.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 19 Mar 2026 10:35:03 GMT\r\nEtag: \"0b0fdf9efe1395ca2e8bd6088f05ef94\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 19 Mar 2026 12:14:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 646\r\nContent-Length: 483104\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11324341004018594368\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":483104,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"0b0fdf9efe1395ca2e8bd6088f05ef94","sha1":"d953f58f67c88b79b9543dc606d1ebb3f0b698c2","sha256":"50efb6697bdb71826148571cc334ecfca084e97aaa5457f3cea08da707df2701","sha512":"c6b1416b8ba3a54558dd04bb55e2d905fc449e11bd83e18d8d7fa924a6ba2b768bc3183d36d3f3f36268925973e973f216a4c212b47de1834bc8712b2cd9fd45","ssdeep":"12288:A3tpOCsReeKp3qsWwg8KXTtBtNEj1rlDbyPy0:6yCZRaPwg8KntNEprN2f","tlshash":"78a423dc7d5504c8c86ef85866f46f128c341a1983bb9a3f4b9b30b5c6f8306d5ba687","first_seen":"2026-03-18T21:18:37.787698Z","last_seen":"2026-04-05T17:19:28.158921Z","times_seen":5003,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":176,"dns":0,"connect":0,"send":0,"wait":23,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-01-30/37e47d51eb97f63359a6ad3ac235516a.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-01-30/37e47d51eb97f63359a6ad3ac235516a.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 30 Jan 2026 09:09:59 GMT\r\nEtag: \"c7a0b003306a2e88dd3df6a66283c550\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 30 Jan 2026 09:10:43 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 238\r\nContent-Length: 151856\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 435570799360926400\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":151856,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c7a0b003306a2e88dd3df6a66283c550","sha1":"fb3a781802c18ae33b0b444ba6d3c375a82a03a8","sha256":"8f616d12eef84b94a4b5ff9f2e845697058a8f39f86642ed9681005b669d083c","sha512":"d6589f17e07ba0f2e5740c949444e5b35088d99e49c1099f787067e3dcd5573ba85413586e58f2b65090df607bb4d7b7faaf0c020a251c96d16cb6224116507f","ssdeep":"3072:tA7z4wXQP4ysCMwPOGefBh2gNJmhD+ljL/1+4ORQXolxhc8:SzPQP4oM+Obj2gtD+uoFj","tlshash":"c2e3235aedd003ba57cc2db60ec7bbdde6e8066f5c950184cf1d4016d78ee809dd4a1a","first_seen":"2026-01-25T11:27:58.658626Z","last_seen":"2026-04-05T16:38:14.787202Z","times_seen":5495,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-27/d7dcef7d47cede64c59679240dcd3303.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-27/d7dcef7d47cede64c59679240dcd3303.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 12:36:49 GMT\r\nEtag: \"d74ac510755d43573a1130c538dbc94b\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 12:36:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 95\r\nContent-Length: 235536\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14300845456480111664\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":235536,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"d74ac510755d43573a1130c538dbc94b","sha1":"9c7d77463672084596a82c2f66d89a0208d400d1","sha256":"9c68e2e0c770f55e36937595910391b478ab96377234b2b357bed03dcfbb4539","sha512":"91f2170be0215ac812564262b9e03e57862da3c3ba4038d4205583f284a082955254c4e330e5f68303a4610b9ca0ce913570b277f3dfd62e9f7ffd1272ac03b3","ssdeep":"6144:nlgdHfjGeK5s3y0Y7I06YsKzMOYog7iZcCGWpG1pl:nmdHfjHK5s327I7BKBYoHZw37l","tlshash":"d03423dab0980dce6fbc88df718bbc1cac88976c9207544ca314397795933c97a895f9","first_seen":"2026-03-28T08:41:29.83575Z","last_seen":"2026-04-05T15:42:27.784112Z","times_seen":207,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/images/banner.png","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/images/banner.png HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4856\r\ndate: Sun, 05 Apr 2026 09:09:26 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 11 May 2024 07:37:37 GMT\r\nx-hostname: server-4\r\netag: \"663f2041-12f8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: g5ps96GG_2TrNzJgrTGxi29ltz0bOat7U-xugrbNqcuzUFpOPli0VA==\r\nage: 1817\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4856,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 950 x 110, 8-bit colormap, non-interlaced","md5":"a12f2529838e1559101d2ea1b93d8aaa","sha1":"6fc048ec4bf65d618ae9f06de8f45f24a340b1b0","sha256":"66a3a09da9e1c7eae3a233650d9d07393f5099fe0fae31ad8ed220e4b6142c32","sha512":"41848532320f5325b7d7d4d27c28038e09b95446ddcbeda6717bc2649eb6c8e6631aec767ba6badcf3dd90a9e1d708aa38ff5fc78e89e02cffaab0f5fd83443b","ssdeep":"96:noa0a0a0fwB0sLke5dEqqLO2a6P8eOoMLNuvWK82D+B7zF/sVSfEITpa0aUez:nWsQWdEqqK2aw2MZMzF/qSjM","tlshash":"bfa18e76fc5ac83ec83fd80870709aa7d65d9e05cbd984f551c68ca3436b210a777493","first_seen":"2024-06-16T05:00:12Z","last_seen":"2026-04-05T15:42:27.865224Z","times_seen":2289,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/index-ai.js?v=8","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/index-ai.js?v=8 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Thu, 08 Jan 2026 05:18:05 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:56:01 GMT\r\ndate: Sun, 05 Apr 2026 08:59:22 GMT\r\netag: W/\"695f3e0d-a5c5\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: qoC9RYE8T0ycmRJIu_AqLXy0WHWMgDZv7E3kxYOWzxULmkrpLIiomw==\r\nage: 2421\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":42437,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (306)","md5":"3750f0d71678f328446535ac1b92b091","sha1":"323fbc8311158bb57f8e85322189cc9821e21577","sha256":"a998dde201dff0fc24b1f6ebe0d472018be5d86027e436a5899935b5e0e94253","sha512":"26c98a6e9e42dc8b56cde5334df9df9dd78e3b4f0b53823a09ac9bb1e9835c2df1c3908ff2448c2bf537195f5dfa3b336d189240de7345eef43f176655dc12b1","ssdeep":"384:IkSVlcz8cJPkBj4r5pnUSL/wpY18zkJWMNSCoGp5va6Tr6iI2ep:MVqz8cJw4r5pnUSTCYRJRNn7p5PrVep","tlshash":"7813a50a3aff74118567706b2befa0057630a0177609df087f4d87985fc252996e3bea","first_seen":"2026-01-08T05:53:00.586811Z","last_seen":"2026-04-05T15:42:27.926061Z","times_seen":828,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/60819f2045e6f57f41fa7feda998d20f.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/60819f2045e6f57f41fa7feda998d20f.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 22 Dec 2025 12:34:12 GMT\r\nEtag: \"4d4782772c66197e7bb72273464acbcc\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 27 Dec 2025 15:36:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 31591\r\nContent-Length: 266704\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13895147268405780668\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":266704,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4d4782772c66197e7bb72273464acbcc","sha1":"bb5180f3a210440991063df7c71a5f2a73235d66","sha256":"d1b7c5ceaec125a25f11bc63a88adefca0ebf8d4fd47586ac9e5e8c86d94c10a","sha512":"a9f581a25de284a7a4496c8d4f601f60b686cf7048ec0b9015e3131fbdef9e6a43af3c91fe84ba4e7335f516bfc38e28f07580bed9393be30a0943bd41ed2185","ssdeep":"6144:HZHcEA6bo7O9Do4nLk2E//R/+YFihoUDtUeZ7:HZ8EzSOhos4DWYFihoUBD","tlshash":"324423cb5875e0a1541ffa2ee80de01da06ad1fd46e4dda886adf2c53f13805c1f2a8d","first_seen":"2025-11-23T05:10:59.088648Z","last_seen":"2026-04-05T17:00:52.674802Z","times_seen":16525,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/551970f7d293f046edddc003d2924691.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/551970f7d293f046edddc003d2924691.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 18 Mar 2026 08:31:27 GMT\r\nEtag: \"32c0808917aaefb3cd694e668c49a27b\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 18 Mar 2026 08:31:29 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 12402\r\nContent-Length: 344848\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17512254606344795710\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":344848,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"32c0808917aaefb3cd694e668c49a27b","sha1":"c524c682db189d37200b0a7f70de5466d5ba48b2","sha256":"3ffb47889a3f992e9fde47264d9348623ced9112913b956e5b7ec8fce99394dc","sha512":"84d8d774db3dceb04eb77ad3534a7b7e659927bc16198ac98de9e67e0f704ef6881d55a38ab5bbe4b250661f7a8a34cc45e8ac7ef4fef204831b497ef4c5cada","ssdeep":"6144:Ijku/5PVY2WoU9L0dj+KY6h9WtChhFG7CJfgwmueF+4pvTebsnrVU68Xm6AOrBYT:IjBU2WoUh05PZ/h2CJfgvuz4p7ebcx8Y","tlshash":"f97423a174ecb1de873b6152d9eeb1819dbd2a7fb9121e106c434af8cf0d7c8193416a","first_seen":"2026-03-19T11:57:27.208561Z","last_seen":"2026-04-05T15:42:27.944854Z","times_seen":788,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:45.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_FY0XHF5T9E=GS2.1.s1775381985$o1$g0$t1775381985$j60$l0$h0; _ga=GA1.1.1075459841.1775381985\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\ndate: Sun, 05 Apr 2026 09:39:18 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nexpires: Sun, 12 Apr 2026 09:39:18 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\netag: \"65b36999-4104\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: qWLr2fJ2MPfH8OQtcV6VDeXleLPb0xflPqJQreF8b3R1Bz2vi_PL1g==\r\nage: 27\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-04-05T16:36:29.65138Z","times_seen":19847,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://always.tctirbur.com/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=10002\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\ndate: Sun, 05 Apr 2026 09:20:45 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nexpires: Sun, 12 Apr 2026 09:20:45 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\netag: \"65b36999-12d68\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Zl6fZNSZ9xjVlgvmlMhIfmMiXaJZTgFPCv_RpomjtUP8JWaebrcTJA==\r\nage: 1138\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-05T16:45:27.588207Z","times_seen":413580,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-25/e953b98d8bee24ddc0fbe76d92ee9819.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-25/e953b98d8bee24ddc0fbe76d92ee9819.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Feb 2026 13:50:15 GMT\r\nEtag: \"f359e4e211f9ef0333facb7935ee2c6a\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Feb 2026 13:50:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 17\r\nContent-Length: 501008\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4896206361733399860\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":501008,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"f359e4e211f9ef0333facb7935ee2c6a","sha1":"9e022264cf40e011823b4460f13795cfc38afa8b","sha256":"d041ff5176b7f88072c72e38b0dd6f0b4fe15f6eb6a7ad7a8578a6e524025fbb","sha512":"e1312ed955c861fded1da75dd9cc86de0f04a4b498571a398052296445b41c0082c3e0cd34349ebeb5d63d4f399d0cd1d0ad7782ca67e68ee665a58b40d63989","ssdeep":"12288:UosHVKU3eFUqKTvVZE1JZvsIr/ue7weNbxnZgsBRotUeB:xsV3eTKTvVZE1X//weN1ZgstK","tlshash":"98b4239dd2c0c09a069572b0c458276fbda746e3f58c7b3c22e1269e77849899fc807f","first_seen":"2026-02-25T11:18:39.742443Z","last_seen":"2026-04-05T17:19:28.175101Z","times_seen":5988,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":155,"dns":0,"connect":0,"send":0,"wait":26,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/eb979b77b276a6683ecccbcd44bf906b.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/eb979b77b276a6683ecccbcd44bf906b.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 22 Dec 2025 13:10:11 GMT\r\nEtag: \"df783342bfd99ff16d26d070b90fd98c\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 22 Dec 2025 13:35:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 4859\r\nContent-Length: 154352\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5888250868910583712\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154352,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"df783342bfd99ff16d26d070b90fd98c","sha1":"739e7ef9031b1fcb2f30f0a4652656fe7962846d","sha256":"54f34bc7b8313690f695220fec81ed04ae0d7c6bb537d09f1ff4038e99ad6c8e","sha512":"99b8f5055d9fab7b31773df08efecbbd98ef61af1961613ce035d51ffca153d7d72d0ba355864205a84fffe6e1f8c045b883c1d3a642bc7f3339ebfc774a4853","ssdeep":"3072:0eRoG4jrhIIrGrDDueCfht6YdVxodd8flr9Za+ur6Sv0bXpfNxN:0T5JVsDDuDaxdd8l9I+urZvyZfNz","tlshash":"b9e312cdb8c9028835875e92c1ecd0fe6b15b6dd02e4220906cc43f7db5dda7ad1a878","first_seen":"2025-06-09T03:11:17.631442Z","last_seen":"2026-04-05T15:42:27.857019Z","times_seen":1644,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260314/2026031419110017629.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260314/2026031419110017629.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 15 Mar 2026 01:15:07 GMT\r\nEtag: \"ea67ad19d18c107dd37fa4e138f5e21c\"\r\nContent-Type: binary/octet-stream\r\nServer: nginx\r\nDate: Sun, 15 Mar 2026 01:15:08 GMT\r\nx-amz-server-side-encryption: AES256\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN56-P1\r\nAge: 2135\r\nContent-Length: 79088\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12674665150885402490\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79088,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ea67ad19d18c107dd37fa4e138f5e21c","sha1":"65dca067b1f938d84e4a77e6977c509c2a79b659","sha256":"fa92bf73e3078aef14fd9797b339f20e0294c126e35d6dfd7ed4631698fe81ac","sha512":"835f5c9e75d446aa87226dbdc63821b19725ce7473078b4f9328e919f49fac92ff816cc110d74fa59ae7241df585ff457443e79d3f08c632d01349f25e3e8818","ssdeep":"1536:f/uk/aFCbPU8d55wsRltzAPrpxGHEK6xiaaQPQObiyzXC5kH8FrZlT:f/uk/GCjT5TRbAP1xGH+xraQIOblmrZ9","tlshash":"487302f6a66390dc3b3a82176f4703e476c85143e8531f95e544223b61869e02b8baff","first_seen":"2026-03-15T20:31:50.747574Z","last_seen":"2026-04-05T15:42:27.903694Z","times_seen":235,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/394be70141cc23996f2ddbae082d15ff.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/394be70141cc23996f2ddbae082d15ff.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 11:17:02 GMT\r\nEtag: \"61b5d004bb8e2a9c005aa7180a66a8ed\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 11:17:11 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 182\r\nContent-Length: 150544\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3028198294522114789\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150544,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"61b5d004bb8e2a9c005aa7180a66a8ed","sha1":"611e02b138efebc908cf88097ec1628a9dd5fc85","sha256":"dd9d4a44a5baee8d26ab61ffbda1b70148fcf307b30fb6b6ecfcd512c102ad47","sha512":"c9fbee0b4a6c0861b4b595756469f2fb1f2d34cb26c431c59eb6438dc1f9bd3374ae0b64650e02a2dd5d64afd63a5041d6e12e425d6329ca8fedcf0fda1c6f4a","ssdeep":"3072:Cu4OHV4Qx6B8iM7fQLGUf+mIBWNAyqWD24IA1lJtFLE1T3mVRv:GOM/M7fQtftI0N/vVIilBpF","tlshash":"27e31328cf1b4d9126b7ef8ec08d1d009436e9c28b3f2dec25566756d1094b9f4cae6d","first_seen":"2026-04-01T11:04:29.203387Z","last_seen":"2026-04-05T16:59:41.074066Z","times_seen":3500,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/546fd11c7c273922d9c9335237c453d5.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/546fd11c7c273922d9c9335237c453d5.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 12 Jan 2026 12:49:34 GMT\r\nEtag: \"9be8face9a0c71281c3304b61e86ddd1\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 11 Feb 2026 12:49:56 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 496\r\nContent-Length: 667488\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1571110928559954427\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":667488,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9be8face9a0c71281c3304b61e86ddd1","sha1":"c870ba41710513af0bc27805e71bfc912be6463f","sha256":"fd84827a448c92a0e456aa7fcce612d239716895273632e9c6728b5323bbce1e","sha512":"1658a60f82c609bc3271c5f901f5dc9725d6ee6f537f460752197dd7fd543da92e59a0f5326628cb2bad0c090cab5e793341c607081e9caf9662de35ea4e5b68","ssdeep":"12288:Bl0eA4CdONfZUiaJgigupqlvTymUX1Om5Vu1u8Mn1jWwX08tJjrm/if:z0tlqZUn+iIrylXMi58Mn1RX/tNr9","tlshash":"cae423403385c22f64bb2f43a8159ba13843dbc8edbdfe05d4f95a1b928176de328578","first_seen":"2025-12-08T12:36:29.171473Z","last_seen":"2026-04-05T17:00:52.660708Z","times_seen":14719,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ap.dc-report.cc/api/eventTracking/report.json","fqdn":"ap.dc-report.cc","domain":"dc-report.cc","tld":"cc"},"ip":{"addr":"13.251.76.74","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dc-report.cc","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C2:B5:BA:75:40:71:82:8A:0C:30:43:7C:87:CC:C2:C3:63:69:3A:16","sha256":"41:CE:19:28:BB:9F:95:C3:A8:5A:6E:DA:C9:CD:C2:6F:06:2F:9D:37:81:96:91:C2:D9:EF:88:93:F2:EA:18:E8"}}},"request":{"raw":"POST /api/eventTracking/report.json HTTP/1.1\r\nHost: ap.dc-report.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded;charset=utf-8\r\nContent-Length: 524\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":524,"data":"event=ad_impression\u0026page_key=home\u0026page_name=%E9%A6%96%E9%A1%B5\u0026ad_slot_key=home_banner_46832\u0026ad_slot_name=%E7%A9%BA%E9%99%8D%E7%BA%A6%E7%82%AE\u0026ad_id=46832\u0026creative_id=\u0026ad_type=banner\u0026seen=true\u0026channel=\u0026uid=0\u0026event_id=ec092e404ab91c1a95c621e6337613bc\u0026app_id=TJ-007\u0026sid=406c4e4b0ea1c87a0d5d4c8bb347595b\u0026client_ts=1775381984\u0026device=PC\u0026device_id=1e9ec5db7a935b084495031a47e525d9\u0026user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026device_brand=\u0026device_model="}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 09:39:45 GMT\r\ncontent-type: application/json\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: null\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":2285,"timings":{"blocked":953,"dns":1,"connect":330,"send":0,"wait":330,"receive":0,"ssl":665},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/assets/DPlayer.min.js?v=3","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.js?v=3 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:32:44 GMT\r\ncontent-encoding: br\r\netag: W/\"6908307b-4a650\"\r\nserver: nginx/1.22.1\r\nlast-modified: Mon, 03 Nov 2025 04:32:59 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:32:44 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: pbovhJ2KlBNlXq84LQWXajdm3WXhtQo5147A-MwDmgmqekM_YyED5w==\r\nage: 419\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":304720,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4046f013cf323ea4de2e2518386c3d5a","sha1":"cc1bb7b97ba97a03c92593de7524a22ea87c78b0","sha256":"5c9811be07c774e5465097e43c4945941c501333fe482a90f5286cfb3c88e280","sha512":"b50531b05b763c25361b5fa23e258acf12f1c470bdcf0fd60d1a22451f1f954f55761446344067075cf4bc794177c83dbb9eec21565c2ffcde52bff93acbbae6","ssdeep":"1536:PFri4r9aKySaa3rzg7hSwaKySaa3ref7j3MEwOMEa8vTDadMcBjOsCSwixK1LzV+:HNDyMgjKbixKVhjLIR2INivkJ","tlshash":"4a54b20b364131340262afe8c6db534a36347310e9729729f65ef9de8f9d84c6427b7a","first_seen":"2025-11-01T05:08:56.775869Z","last_seen":"2026-04-05T16:55:02.684551Z","times_seen":26580,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/7ddbb52d957c41d27e9f86e74ce2ca9f.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/7ddbb52d957c41d27e9f86e74ce2ca9f.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 12 Jan 2026 12:49:34 GMT\r\nEtag: \"270c23bb6b155cc2f205ceb7711dad31\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 11 Feb 2026 12:49:23 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 529\r\nContent-Length: 123872\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5328277514755142057\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":123872,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"270c23bb6b155cc2f205ceb7711dad31","sha1":"7a210bf1c6eed26d1b0ceca91a5e301651c0f60d","sha256":"d5eff0e960dfe769b56c7b31cad6194dc35c03b9860c88463601d0a803d81850","sha512":"76f1616cac5ee10c2d9792e292f63f2cbfed718c83408f6166a143578e7889539080d616d396a8d7c1af24eec83d9ff46b42fde8aabd0d1edeaaa7406b85b741","ssdeep":"3072:/W4f7Oegaj/Mf6R0nPKOB/ARD7uTRXTVjus4GXiGH3L1RzsjnsmCebYV:/Hf9xj/KtPx/aD7uT91/4AH3zsjnNMV","tlshash":"6dc31343c56b627318594543c1893faedc17c803faf66608c86ef9e9d116bda9a3c3d8","first_seen":"2025-02-02T04:28:56.959782Z","last_seen":"2026-04-05T15:42:27.941709Z","times_seen":1890,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/303effb606fdc3ad64ae9427bbec4d6e.jpg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/303effb606fdc3ad64ae9427bbec4d6e.jpg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 12 Jan 2026 12:49:35 GMT\r\nEtag: \"076f5f36a59be7e57a711cbdf41b7315\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 11 Feb 2026 12:49:23 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 529\r\nContent-Length: 119920\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18098253870044415525\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119920,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"076f5f36a59be7e57a711cbdf41b7315","sha1":"a423abc706db55e08c6f24a9ef3e11799e33b7b9","sha256":"c87eb3b5d4f546461c304abdcecd8c282fbd6f164246b508d06a766a90d99636","sha512":"8b44cab28dea7898d8af2c1ad757cc4520c6b287d004d4a5e136e85581698cde3dfb36f646892e7e84e043978a9c75eb695dc0d8701b074a8ba86c1f4d3fb621","ssdeep":"3072:dklQdS6JK3OSdJ2IlAIgoqdibu9vCOBaogWC3+5:dklQdhEfrLr/KNRpCQ","tlshash":"eac312a7eae4494ce11a709d75bcf34c9f094c4027007b05b7bba61f44aca3a3aed917","first_seen":"2025-10-18T10:46:31.901245Z","last_seen":"2026-04-05T15:42:27.876618Z","times_seen":1428,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.mrds66.com/favicon.ico","fqdn":"www.mrds66.com","domain":"mrds66.com","tld":"com"},"ip":{"addr":"52.84.50.77","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.mrds66.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 25 Jan 2026 00:00:00 GMT","end":"Tue, 23 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B6:6B:12:4A:AF:BF:E7:AB:7D:24:68:F9:F7:81:D0:8C:48:1C:4D:A6","sha256":"7B:9D:88:7F:C5:CA:6B:7E:62:15:6E:FE:DE:B1:4C:89:37:93:41:CA:7E:3B:79:3B:29:C6:E1:C4:82:1B:54:37"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.mrds66.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/x-icon\r\ncontent-length: 4286\r\ndate: Sun, 05 Apr 2026 09:19:55 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:20:47 GMT\r\nx-hostname: server-6, server-5\r\netag: \"65b36b5f-10be\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 652549e0dcae9775148cb207792b2a40.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: hoV8MCu0LaPDqDCgPwRpEn_IKTbtGquDu5lEVuS41toJLtV3NlERag==\r\nage: 1189\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"47d548d69d1f84a499e4f9f700cd0c31","sha1":"c3446995ff34f1bc4a11636e099957da25aab849","sha256":"4f6db322fd42b4c307464f4657b5351bf6e87b2ac49007453a32c4f42b9b8d85","sha512":"2356db571cec7e3fa440195808761491844af8bf464ee6ca3349495e13d09d56864d6e5cba6c9e4087842f519fbc1a4aeaa65b6191233fe9cf630eeb33c3c0f1","ssdeep":"48:ZFWZmp4mP2BUpDJ/QyGc5yTVB/483HHdnkemDyG0Co3:ZMZmp4mP2BUpD9Qye/bHdnkemDyG0Co","tlshash":"6b91974b3b051e47e1b307fd4155d2b5a3535f0ce4a6c35248f5fc2bb488e63ac2a6a0","first_seen":"2025-03-16T23:29:40.289659Z","last_seen":"2026-04-05T16:27:32.45694Z","times_seen":594,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":4,"receive":1,"ssl":95},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-04","alert":"Sinkholed","trigger":"www.mrds66.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-27/ccf2e5c7e2403890187a82514e74088b.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-27/ccf2e5c7e2403890187a82514e74088b.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 12:00:15 GMT\r\nEtag: \"9b01029230bd47447b3b662722192d63\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 12:00:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 859\r\nContent-Length: 101456\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16427416008989729399\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101456,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9b01029230bd47447b3b662722192d63","sha1":"854c87136b50d51f609d869ec86c751d8f66f6fe","sha256":"5eabc9f248aa523b4230e5336bc5c414e4bf372e6231f0d2c21137d2796d928a","sha512":"2db5619e28585ca1d8bf3636c38fa015ff4acc8312bff26106fcc818e9cfdb4d059bb8431812e4cb405bafb740abcc0adec26ebc0ffff67bff3d226003799d3d","ssdeep":"1536:VoBimuxaaDP9YCZUtGmBWYQLrTvNJOOLsjtwz34OiXeYvXc2CZHGbXv90yH:VoBKaWPHWGmBg7tI6QvXHCZw1","tlshash":"baa312aff7dc6a4ea42e1153a9a79f3e02dad899c21f9d06dc349d0814b4bb10c506b7","first_seen":"2026-03-28T08:41:29.762785Z","last_seen":"2026-04-05T15:42:27.882242Z","times_seen":201,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":116,"dns":0,"connect":0,"send":0,"wait":33,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260320/2026032018020755048.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260320/2026032018020755048.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Mar 2026 14:45:06 GMT\r\nEtag: \"c076d9533896fb2ba1301d036bbd6872\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 20 Mar 2026 14:45:07 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 362\r\nContent-Length: 188864\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14304483829534100720\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":188864,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"OpenPGP Secret Key","md5":"c076d9533896fb2ba1301d036bbd6872","sha1":"21b8d3e0988187712204de25bc38a0e652562c5b","sha256":"2d68493dc951bac13d9965d4b16e140bfaec724b26ba7c8b7d7577fc4a2caa0d","sha512":"162694c52ceb45a334dd531dfcfd8fa1a35d3f302ecf6a68a06eb3edd2f1d826464dfcabcd570b1cf225a51ced71461a903e6cca4788156c5b3443e7ae15195f","ssdeep":"3072:z69+fjfT0p9N/Llm2Z9mKl0Q4zAsBX0agOm2F21DGRw5vIe5ELCNKI7kDQEVVSIV:zqYK9NjI2LmKLMAWaOmKYpx7kD7ZJRTV","tlshash":"dc0423967faac1a06bf376216770506fdf8311a4da0a37da0e377920346783c4761ee8","first_seen":"2026-03-22T10:04:18.671192Z","last_seen":"2026-04-05T15:42:27.80514Z","times_seen":213,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":172,"dns":0,"connect":0,"send":0,"wait":33,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260309/2026030918484795330.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260309/2026030918484795330.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 09 Mar 2026 10:49:15 GMT\r\nEtag: \"ffef2a0b059de343370bfac888ef2eb1\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 09 Mar 2026 10:49:15 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 181\r\nContent-Length: 77872\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6071492328580896\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77872,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ffef2a0b059de343370bfac888ef2eb1","sha1":"f9bc9b41d6a7e260186fe0bc523cadbe81d0554a","sha256":"b96e94beaf2288db36bde70c19519a34cddcc798a6805c02b024ec329137c2a2","sha512":"b25f551bae7c285286f1c11337ac96531c61d784f2f5e321e9a9e9057cf6c9eee2143b1cf5a46ddb6df048a1e3a52a803b5c2d3d141a2442638bce2415b30ce3","ssdeep":"1536:wlPlvgUcRM7tuppc1tWnyQr8UGZE9ceR2ds/pMBZ7I1WubG4D0gHiuqSH:uPloUAM0PatF88XddOpMQWu+gVqq","tlshash":"a3730227f0e2ed6d24bc09d6e6114447b6aa21df747e187478aecfc2a3c3172a587427","first_seen":"2026-03-11T13:43:09.981458Z","last_seen":"2026-04-05T15:42:27.915967Z","times_seen":251,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-01/6d52c5971c57eafde220f780ddddea93.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.110Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-01/6d52c5971c57eafde220f780ddddea93.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 01 Mar 2026 12:30:49 GMT\r\nEtag: \"adcb1db33f4a184c0af8339266cf5260\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 01 Mar 2026 12:30:49 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN52-P1\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nContent-Length: 279856\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16842610982088679374\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":279856,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"adcb1db33f4a184c0af8339266cf5260","sha1":"1d165d534628185acd0e20d1fc42002fb99db090","sha256":"946a0467fc1aab75b9b4835b41bf3159e87cf4a681b0d466ff4351e6b47002ab","sha512":"305072ec0c6ecadf427596d2a938d7af4de5948884b14abefc479490ddf680671f2b143f266cc1b710a1eab8f7e8ba07950a65a8eefc7cdf484ce2b60b37d285","ssdeep":"6144:PQ1+mLNRW8vQTvN3e8qx/UdjiItHcvBZBcDVs+xp02Oqbz6:Ic0WKQTFu8qFU4IOv7BcDVs/Joz6","tlshash":"13542325a249c4c9502ccb48525beedb67e1e81f2f1a3744b0e870ed9d6e19ce5c06fa","first_seen":"2026-03-01T08:27:11.685811Z","last_seen":"2026-04-05T16:38:14.768073Z","times_seen":4879,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/f12c8f5751f1bbcae7fd479dd8b07b6a.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/f12c8f5751f1bbcae7fd479dd8b07b6a.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 14:37:05 GMT\r\nEtag: \"a5744ad664e010338253087936c9f9b6\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 14:37:08 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 227\r\nContent-Length: 217904\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17265891503508125616\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":217904,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a5744ad664e010338253087936c9f9b6","sha1":"c6a21f3621ed71ec12cffaef26ef183d8eca5222","sha256":"d4a688e68531a82ae6028df82cb397d8b30eb18cd591ada1885679c59287b96b","sha512":"b55e9a0a913607c2cbd47643356e42ccdb31a463caf7a8e394f362797535dee5091daacc056269ee854a7951332405a673c294dfbc34fd784ea4fda5b7e7fd85","ssdeep":"6144:QHMokeiABeGWZ3JLjhCSWOIBlEt5yOHJ+H/yvydZ:QHMofiAkZthC1OI38nXvy3","tlshash":"c324139d915194736e3746be9cc5f5a837c306cefa28c27902ad182e58d4a3f076a4f8","first_seen":"2026-03-28T16:22:38.383087Z","last_seen":"2026-04-05T16:59:41.075536Z","times_seen":3494,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/vant.css","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/vant.css HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:56:06 GMT\r\ndate: Sun, 05 Apr 2026 08:59:42 GMT\r\netag: W/\"692a558e-30a89\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 1CUVw0Jp6eN7edUeXhyVBEtEaz5dpjbfx69pag9FEomXaH9eZz_cUg==\r\nage: 2401\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":199305,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ec97f98b8f11e72ca35d2a8939500e67","sha1":"fcdcaecbd29eb74c4d507c0f23d3758052aba3eb","sha256":"52fcb2a7486d329611d7fc1562e0dbcde9f4494728b88dc26932388fee77391f","sha512":"16ec7dfa0d84e113ac71cf66bc4aa1659d3a9089fe76c8e2834d0bd1ee25db5fb2ad0dfe35dbb9ba2340957396a603a09c8ebbacf49c90a65df12f522d9b851d","ssdeep":"1536:VjQbFNJ+jqkiHckCwsBlDOFIxuVoxJPBik/1Al5aIzb2VTVaxA:VuClDsIxuVSmRdJA","tlshash":"ec149495e69091bcbf27f275ab8b96dcf23cf560ed01daa4f10051580ec7bf50623a1a","first_seen":"2025-06-27T04:20:30.581604Z","last_seen":"2026-04-05T16:55:02.616914Z","times_seen":25895,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 09:31:22 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:31:22 GMT\r\netag: W/\"65b36999-1cc5\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: jxg-A-dsM25derdctnAGRfNBBCLOmmrdZJU9yaMzm0JgkntQ-UoaDg==\r\nage: 502\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":7365,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7365), with no line terminators","md5":"e9078eef34fe9a44e44bdd55b48fdc55","sha1":"73ef00229810ee179915661786d9b66b7fc2d568","sha256":"ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f","sha512":"dbf200ca6effc6bee2f7e8f516dafe6b25fa66093f19fff117a8bd87732a3ca0206480319d5f733eb07d18f564cba1dfc6143587cbc5ea1d5d370948d8ab3921","ssdeep":"96:7OyDQi4ijYyC43i7hlVVZ4LyLk5bYsBE2rBOB:7OQQfyPCoiFVqHbrBE2rBA","tlshash":"45e1cc71b1542cd4702bc222b4a87cbfaef8dc02dae3265ce5b8621b85c15b7957d34b","first_seen":"2023-04-11T12:12:51Z","last_seen":"2026-04-05T17:00:52.694345Z","times_seen":26472,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/tbxw/js/zzz.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/tbxw/js/zzz.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 08:55:31 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 08:55:31 GMT\r\netag: W/\"65b36999-c67b\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 3X768PZDOR6z4wNbR_X0E0z0G01QMfvv1iv9s1Ob6HyvGuk8YDCNUg==\r\nage: 2652\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":50811,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48316)","md5":"78dab9fcf576de8cba46edd716dd2309","sha1":"7113abe41f95159f9bfccf70d01bdda1055af2ad","sha256":"7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5","sha512":"dbb858875e532b475f827c930c154cac09e9a952b20053a0f7e1b34a050100a0a3a41f8aabeeab4af2dd90082363fe3ced3a5957f7250a4918d305b49655e040","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpn6ZFCsUleZ:vZYDc6lXJd1mZpZEdq","tlshash":"da331bc5a19c609153a774d50d7f704bb4637526170d89acf228e8eeecfcaea9039d38","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.62584Z","times_seen":26402,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/images/ai.png","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/images/ai.png HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 360\r\ndate: Sun, 05 Apr 2026 09:25:33 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\nx-hostname: server-7\r\netag: \"692a558e-168\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: zal3-PMqC1f_WJrWNYWKnuWozGyiQ2OF8VmUJGoMoyR2XRxbIVHgNA==\r\nage: 850\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 19, 8-bit colormap, non-interlaced","md5":"bdfd73be05b313c5c343e02c19e69b35","sha1":"40a591d8ec0f5134270fad42812002458e1fa3b7","sha256":"ea22009d2eb53a8f88f109607d8ff75814059f83ad1e4c1aa54179f5b1385bc6","sha512":"e67420d8689d83569fef893f166ab041b5863fd33f1b8a34056044e25eca04836cdfde2000cc306d1efccaed4340889c643706420f9d927d309100d41cf40474","ssdeep":"","tlshash":"eae0c072728cff3a9cb10273089791f58a2a4f76516491065f15841c68e6644415278f","first_seen":"2025-11-08T04:26:01.793992Z","last_seen":"2026-04-05T17:00:52.651398Z","times_seen":17233,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/0066c27364841c7d5cc717b9b7bead43.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/0066c27364841c7d5cc717b9b7bead43.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 19 Mar 2026 10:10:11 GMT\r\nEtag: \"9ddb04d6c9042efb4712480b176fca4b\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 19 Mar 2026 10:10:11 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1563\r\nContent-Length: 238208\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17700980491040074248\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":238208,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9ddb04d6c9042efb4712480b176fca4b","sha1":"968363ef8310f01f11fb32b10d40d13da1a8fe5a","sha256":"b0dfd63db1409768231c02ea74abee6262dfd8b9269b565267dead839baa5842","sha512":"0a65c857ad6082f3d60912e768ae8e31a1a07e75be14aa79877f60e9944f38a5ee317cc65056db467b54dc8d21828102c23bb1e84c5d48621eaeb4719fca55f9","ssdeep":"3072:5HpwE8Rnr9Z3dL4Yi2YJ44ng5lZnedKBpkHoRDhnDgi0zEdsJot2lyPzToxjM9H8:Fp3CZVpCAlZedWIo/nQ9EBPzToCXhU","tlshash":"9d3412ec67fd5877af32303a25b34e9cbe156b507c32c0562f217509ecaa756b0316a2","first_seen":"2026-03-19T11:57:27.122402Z","last_seen":"2026-04-05T15:42:27.861928Z","times_seen":790,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":97,"dns":9,"connect":14,"send":0,"wait":9,"receive":21,"ssl":74},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-27/b07d8051f7d38e6e8c2f4cd51ce254ed.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-27/b07d8051f7d38e6e8c2f4cd51ce254ed.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 12:16:47 GMT\r\nEtag: \"ff861de69ec97ca29015721823ca1258\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 12:16:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nContent-Length: 171872\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3216312637302375591\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":171872,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ff861de69ec97ca29015721823ca1258","sha1":"f8dd28006dc464be630b21c292cf9a79f76de4c8","sha256":"57f5a54bba41fa9f950a7c45a1d9e61954170d0271c9fb9e94415fca08d44af9","sha512":"26d2d67813a45460d5905feaa99bfe274383c1998aad718b3dd834249f8d1f866794fc83b61b8adedf4e6f403bd5748d0cab95084b96e84d30b4541f4680aeb5","ssdeep":"3072:odHZS1wyZwNEtcNDW/ootfH2zCryclvnsg+G3Imn9wxFdvhVTaBlKIHoBgoR8h0G:odHZsZwgYDpGnImn9odJVTqKIG7AAq","tlshash":"76f323acfb404b79c33a49d021ca50b76d28258fb774eef45261c3b277446e3e8d62a5","first_seen":"2026-03-28T08:41:29.840937Z","last_seen":"2026-04-05T15:42:27.860471Z","times_seen":207,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-16/a26cd4a7b044a1da523609082538cc2b.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-16/a26cd4a7b044a1da523609082538cc2b.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 16 Feb 2026 09:50:30 GMT\r\nEtag: \"2a202535843819ff7b7da158aea12f26\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 16 Feb 2026 09:50:54 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 331\r\nContent-Length: 434048\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9326713208321938032\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":434048,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2a202535843819ff7b7da158aea12f26","sha1":"eca12420025367f48222d9ce8b46af69df69f6c8","sha256":"017f172bfe2e479de6e3ee175dd8388c40b1304488e62eb86ebc437e4407ccd8","sha512":"22410167287aa04dad31f70715aac44b077bb343a996c6f52d40f05ddf861749e2e19694120339b9691665c887949b274135ab641386362f131ba6c37a236c18","ssdeep":"12288:Ht8Podbov9AP/2/8LTYMUFn5LdYAxYKJf0M4xr:vey32ELTWpdvxYKRt4R","tlshash":"539423eec46959efb9bf81a3dd790f4a517f458ac0e448903eba0500334fec663d94a9","first_seen":"2026-02-16T10:21:28.994948Z","last_seen":"2026-04-05T15:42:27.919676Z","times_seen":340,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-20/ccd2aeeca23441392815065a9d051a57.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-20/ccd2aeeca23441392815065a9d051a57.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 20 Feb 2026 10:30:32 GMT\r\nEtag: \"e97e057bd9562b220f748376baff945f\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 20 Feb 2026 10:30:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 264\r\nContent-Length: 200704\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5838079744085473460\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":200704,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e97e057bd9562b220f748376baff945f","sha1":"57cd8c6bc0c9a2b6f907faa57c83746fdd8034ac","sha256":"03fb071fc068645426f1eddf31d7dbc3db4c83e8b4c16e934cabdfddaabbe462","sha512":"7189c58023e7cff0e52e137991c5494e662aac3690392cf8fd4e837b5fc6d81d8f298b4e698e93f5089869675c4055885df4267476a82c4bf2b778b48a8db515","ssdeep":"6144:LC4mE1JerozHcAitvMdDDmjPEIkKX1tFLNev:LCXEoomP0W1re","tlshash":"e714132e54f09ffcb2c031e0ca0999f6c0c5a9a88e7a5ef5ccd8791a5e12c9d4d73945","first_seen":"2026-02-14T11:26:11.304576Z","last_seen":"2026-04-05T15:42:27.84335Z","times_seen":379,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FY0XHF5T9E\u0026l=dataLayer\u0026cx=c\u0026gtm=45je54p1v9218836311za204\u0026tag_exp=102887800~103051953~103077950~103106314~103106316~103116025~103200001","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:36:38 GMT","end":"Mon, 08 Jun 2026 08:36:37 GMT"},"fingerprint":{"sha1":"8B:73:AE:59:60:F4:D1:86:E6:25:8C:8F:1E:F7:92:DD:D3:8C:F0:DA","sha256":"F6:EA:BC:29:37:15:42:CF:41:13:28:BA:F3:C5:86:88:DD:C6:3F:81:75:10:45:14:D6:EC:E6:F0:E6:B6:B1:04"}}},"request":{"raw":"GET /gtag/js?id=G-FY0XHF5T9E\u0026l=dataLayer\u0026cx=c\u0026gtm=45je54p1v9218836311za204\u0026tag_exp=102887800~103051953~103077950~103106314~103106316~103116025~103200001 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 05 Apr 2026 09:39:44 GMT\r\nexpires: Sun, 05 Apr 2026 09:39:44 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 156149\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":470532,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"681ebf713de39cca992bba5426a91e55","sha1":"aed95ae1282217bc26787ace30dcf6e2a5963672","sha256":"ecbdbdeca908ff3b039def9063ec4dcdad68dbf83c5f1513c7b554c0426ce595","sha512":"dd5bae5c42a5ecc2660d0bf4468f3b3ac348849823fc7f0753e40c07e1c7645d77426ffa3fb3b11f50eb3ae9763a8d58a5dac55efff5b2e60a2007ac1ec082e7","ssdeep":"6144:swOsP1r/F1KkX3t5SZEYGeddUYi8+WacQqXEJ4XK9u4m1vyyEpkfH:f//KkHmzdU98HmI1T","tlshash":"3fa409ceb3d674625296f478903f01cba57a28e2b44cc8a9f189cce41e7465a4277f7c","first_seen":"2026-04-05T08:48:33.152705Z","last_seen":"2026-04-05T14:02:45.973165Z","times_seen":8,"resource_available":true,"data":null}},"time_used":476,"timings":{"blocked":145,"dns":1,"connect":28,"send":0,"wait":48,"receive":87,"ssl":163},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/DPlayer/plugin/hls.min.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 09 Jul 2025 11:41:02 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:24:35 GMT\r\ndate: Sun, 05 Apr 2026 09:31:21 GMT\r\netag: W/\"686e554e-805db\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: x0qf2vK1jSF0-zK0Az1UqrDQDTz5VOn4LXEsA3wlY2ytRvAJtCqBXQ==\r\nage: 502\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":525787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c6b4b0566933bbace745d354bbf66a45","sha1":"37421e0fdc0f834e9b76c83c86b8f8dc5a25f9f5","sha256":"98f063553824f201d7a46e124e1dabdeefbc517e35e800ba0c8cbeedd432ab67","sha512":"b972867cd30918e974a0603937c16d106aca52ae7b52ffecfb1096b093dd21778cc38eac17d777e53a709b9a3c451b5785d9ac2d3ead1b9ad5532dc718389dfc","ssdeep":"6144:tN52SSJ22f+rppL0uMRzXrpbQLTfUUD+6D5U7qKxnU3F4BsibLioRGJ8z0xEnFak:te22eppSRzbpbTiwqKxUHF84xfg","tlshash":"cbb43aed3695a01683c2b169903f5507633a7d0a284cc12cfa2be9db2d7994db13bf74","first_seen":"2025-07-08T11:22:48.878147Z","last_seen":"2026-04-05T17:00:52.658322Z","times_seen":25294,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/1d51f59e736071850144e94df529fac2.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/1d51f59e736071850144e94df529fac2.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 19 Mar 2026 10:10:11 GMT\r\nEtag: \"3630dffc0a201221222f69a4a20fea32\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 19 Mar 2026 10:10:11 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1563\r\nContent-Length: 214800\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12082985886494643847\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":214800,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"DOS executable (COM), maybe with interrupt 22h, start instruction 0xb8bfae8a 3e57cd62","md5":"3630dffc0a201221222f69a4a20fea32","sha1":"beae76e3407b0041882668e7004a0d5abe2fafe4","sha256":"ee5fee7a28e51c20274701c6784cc3268ede9acfd5fd31a385e6672bd26b5212","sha512":"31816b1e4a75ee5437649dec89fcdde7f6f2ba49ea8593ee7cabe1e775e08d4313e24b0940c16117e569bd1b99d2e123ebbea560608b7c8e71cc6699fcaa2240","ssdeep":"3072:SgleipBSCx35qZZoF4SiB6xsgP/KhGsINYAjozCAFnsW+C4sj8kin9Aym1vqshxc:SglTp8C6iF4l6YfI2zxBsW+VssOvNx4P","tlshash":"bd2422dfbc0d55ea19f3d3e098823a9979e5c0f3879250ac84b504f4571a7933cb5987","first_seen":"2026-03-19T11:57:27.184371Z","last_seen":"2026-04-05T15:42:27.821189Z","times_seen":795,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":98,"dns":2,"connect":8,"send":0,"wait":8,"receive":23,"ssl":91},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-27/7ce55db470c6c9ba8b38e46a667939fc.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-27/7ce55db470c6c9ba8b38e46a667939fc.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 12:20:14 GMT\r\nEtag: \"acaabfe00221709331a3b6655d1ec89c\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 12:20:15 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1385\r\nContent-Length: 261552\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3880548894965141245\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":261552,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"acaabfe00221709331a3b6655d1ec89c","sha1":"f4e401eaf4e46e2e5168c197a1c23ddb42741ba7","sha256":"07fa756e5ce54a14f45c27309cac3795ab23195c37a1c581ddf972d906dde651","sha512":"2b039830bade3f6d4758d0b07692dea9823aaa766bc79bd09b2561ae956a05cecd9a23729a53fc66ad13b40de832e91845caf73826c8117b04ed8db8b55b7bae","ssdeep":"6144:XzbgFEXhoju3c8PUfiwGMnctTGIgMsX3u5qB3l+kUDPT:XzbaKho63clfrGMcAIgMz5qB3C7T","tlshash":"cf4423825d60e8dcdb18bd1f4960c4c1b0fe4b28f4e6bef66ef006126daca8715e9d45","first_seen":"2026-03-28T08:41:29.80218Z","last_seen":"2026-04-05T15:42:27.912266Z","times_seen":201,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":143,"dns":0,"connect":0,"send":0,"wait":25,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-10/b7e9e1b468f3414e787ea98c96d563b2.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-10/b7e9e1b468f3414e787ea98c96d563b2.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 09:20:25 GMT\r\nEtag: \"a9dff727b65970e1a6bd972bb1f35107\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Mar 2026 09:20:26 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2287\r\nContent-Length: 494224\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17419610316744476102\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":494224,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a9dff727b65970e1a6bd972bb1f35107","sha1":"1e354597d97c2231378995e247f60c555bb4db19","sha256":"909dbd4592ca7e4412a1372b77d380a5f9eb116f01f77050923f9b5880ce4285","sha512":"abf5973a2a882be7c6d965314f21ee410e5273f4391d741f2b66d6b0ba54a4771f19a86c013fe755f71b18032ddc77376b91e9b7c10f5a4289e11dcf4ed8c420","ssdeep":"12288:NC8QHL4w488K2NGlv+oQuLCmKdLzySKv6B8KYC:XwfTKGlvQrdLIChYC","tlshash":"4cb42329052e46d09f9db1749fe1d904431ec4bef95ca0eba450478bff23cbce25662a","first_seen":"2026-03-10T11:07:41.060489Z","last_seen":"2026-04-05T17:19:28.145726Z","times_seen":5602,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":146,"dns":0,"connect":0,"send":0,"wait":38,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/f75f0acbce0f6ce8aee3f6cd489c40f9.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/f75f0acbce0f6ce8aee3f6cd489c40f9.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 09 Jan 2026 09:10:06 GMT\r\nEtag: \"ccd77ff3b0d7e7ccdccd4b439174bde9\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 09 Jan 2026 09:10:08 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 257\r\nContent-Length: 600672\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15471699008806693004\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":600672,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ccd77ff3b0d7e7ccdccd4b439174bde9","sha1":"ccf2d848d374dd72fbeb8b1b831d77570f2e1a1d","sha256":"5fccb43676874b4fad745859eb002f4509b2aea994abba04f25901b407fae44a","sha512":"5d1b7455d9c13f48f34f7ad90ac9cabe46b7aaec37d950271991908cb3cac616100d6a91508f6461f3a8790067e3dbf5ecafab85bda6b592156ac30b0778b7f3","ssdeep":"12288:c/oOTclIUWKsPyB3I3RLSXKHy7MiTYOLnVBufi3BhwRRn:+EIUn78LTyNYanVF3BhWN","tlshash":"fad4232bc304194834f0f98d1f15ba7278cdbe9e48b2d1021abf629735ce6a47f81e58","first_seen":"2025-11-14T21:03:21.440944Z","last_seen":"2026-04-05T15:42:27.782739Z","times_seen":1532,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/399ce29181ae674e13d514e4e415e784.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/399ce29181ae674e13d514e4e415e784.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 12 Jan 2026 12:49:34 GMT\r\nEtag: \"0feb0268cd01936cf4c76d9bba9ac073\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Feb 2026 20:34:14 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 59038\r\nContent-Length: 201360\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16836910927867998882\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":201360,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"0feb0268cd01936cf4c76d9bba9ac073","sha1":"ab6f442a18003803309b8275d1a1292a7f517d73","sha256":"b87be7818014a3efa692f4cfee9645502e7de9e302ed61bdff9d24d187fbab1d","sha512":"cda4c0810d31f2d8bb1a12eab0d423915dc63a4266a24c4ea74cfff3fc9cac0354a5cb27e96f529d8b1f765909eda6164113de06c663ede453713deb8e3c7ff7","ssdeep":"3072:k4cTcb9CTynSpZBQ888ySfbwXKuEp95QmzDTpdb/pjeYOZrFMDbZ+TdI6iG:HcTcbwTyeZj3fb4KTpxDpdtXlDF+TW67","tlshash":"23142388d5a700953e5d12afabe1a3ab5df4e62f25b24f5ebe9870db903cd44a1108c4","first_seen":"2025-11-13T08:33:08.248708Z","last_seen":"2026-04-05T15:42:27.78784Z","times_seen":1383,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 09:36:28 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:36:28 GMT\r\netag: W/\"65b36999-37bf\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: iyOMlnNT7pfW8JtJfx1oWZeHUDqRrC0Gtx0UsGYbpBYBYMBaHUxfig==\r\nage: 196\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14271,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14271), with no line terminators","md5":"c234eb06d5f32055092294e78957f17d","sha1":"f15ee0bcb9694f32f5e1d524f2653aa0dd043402","sha256":"5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540","sha512":"3f06b51116d7f8026d81c7eb6a3c4d871462d09fe0a5b8cc8b7feaf20cbc88b0b6a545f0ec7cbc17566a9ff609405f58fad6eddfb3a8b3f6d530ede8fa3fad5c","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXi0nMLPD2OtLzAyPHL/LztJDzyv2OQ7KGx1j9d2/nWUU:1ELr2Otzrzzt42OQ7KGx1j8WUq4S3cU","tlshash":"f75242e144911299b0278721d6dc7eba32f88d43e5630caef2573c1f874c6dba2b6647","first_seen":"2023-03-10T11:40:20Z","last_seen":"2026-04-05T16:54:54.435074Z","times_seen":42699,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=10002","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/mirages.min.css?v=10002 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 09:32:35 GMT\r\nx-hostname: server-6, server-5\r\ncontent-encoding: gzip\r\nserver: nginx/1.22.1\r\nlast-modified: Thu, 30 Oct 2025 04:19:08 GMT\r\netag: W/\"6902e73c-2ffe9\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: NZW1oPN9JLoW-3ih1F8JzMxhIWnlrMJAbOt0VmJ2auDZaxQM8TiYUQ==\r\nage: 428\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":196585,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1228)","md5":"67db66f5f53c74e3901f49aa4b0db904","sha1":"45573775e02da373bcf4a9ebd62a4c531bd202b8","sha256":"68cb75594a50bdaf5385f8be01e278847c7b5c1e3d11ae1abedc5cea9532634a","sha512":"3c967a8bc0ff853dd18fe631608913df657330bd01638849256277b6d868d578eda90f991dd80d973442d2b7c90fa48a528563bcbfa9d9c714f320c6edff1e83","ssdeep":"3072:KUMZDmXvvkwwcGHfhEP/0JXBl4fOBl4fc/rYEG8PnXNsSd1XmF4QSx:PwcGOP/0xBl4fOBl4fuYEG8PnXNsSd1v","tlshash":"cf14747c954511d46373ca1aafc4b6582738f226dd012ebef12721d8dbc2b9b12e2b4d","first_seen":"2025-10-30T04:21:02.383466Z","last_seen":"2026-04-05T15:42:27.771252Z","times_seen":1869,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/vue.prod.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/vue.prod.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:01:02 GMT\r\ncontent-encoding: br\r\netag: W/\"692a558e-2f925\"\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:01:02 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: TU-3cdm230EVY6Ouyh0V8Sptem87Eg-O2J0Ji8ZoDIhnE5xSbaYx6A==\r\nage: 2321\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":194853,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (28532)","md5":"9b14a30d9be6b89ccb5d9426baa70059","sha1":"e55a9116be9d0907b48698418b9e348d36bd3624","sha256":"97374c2e6815b02920dc02d8cca04507973d9a4d82aa5dafa20d04c2227ac9d2","sha512":"90840f4551f1ceeb2e764fed6a632d0eb39006fcbec40166664f0e7f0241347d8679fddf6e41658f939d0b00e893f1bf4ae97429f320c6dc60af0d87c4ef9dfc","ssdeep":"3072:c0RkBL/7KE2X44lDzvWUgT5Asswj2z+e7/72oIKc01DcUrIH:c0KuE2X44lDjWXT3j7e2KctH","tlshash":"2c1428b93181703217ea14e250bb0016f33a1525780984e8b5bde8df2d7695a61fffbe","first_seen":"2025-06-27T04:20:30.543622Z","last_seen":"2026-04-05T16:55:02.674497Z","times_seen":25947,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260327/2026032716411889439.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260327/2026032716411889439.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 08:41:28 GMT\r\nEtag: \"9e1a55a88aeb6c5ea86c623be1bbf18e\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 14:49:41 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 27608\r\nContent-Length: 103600\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14370200092585332043\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103600,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9e1a55a88aeb6c5ea86c623be1bbf18e","sha1":"726019e0cf18be1b796f0a2265fd1584ad9b1173","sha256":"a29c840699e5c6119caa8514709bf13399232133c3e9cc7f42553463be9a1faa","sha512":"9847232a8efaecb82b672343c00dbe93cb0cb2f758e8e6b4250e52426e916c0ee63927deec1684312cfbc5d5ff6611718b5f3d95b057cda6ae08ade8f71a54c0","ssdeep":"1536:uTafRoxUmYJWvmtQQ796eh4ZN4OBEG/QdkkkFkKGfYh78d7wny/AOu92q00WzOee:Ka1JWvqZ17KkkFkQ7849O0L2XYr1V8m","tlshash":"84a31249e5dfc4fe4249c28ac4f3e5a3b0c20adb7d22df89466a45632d2dac744bf505","first_seen":"2026-03-30T16:41:45.320285Z","last_seen":"2026-04-05T15:42:27.930529Z","times_seen":191,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":114,"dns":0,"connect":0,"send":0,"wait":10,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-04/4af0478542e2f0100a770b5185315667.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-04/4af0478542e2f0100a770b5185315667.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 04 Apr 2026 10:10:28 GMT\r\nEtag: \"75f10b7b10d237f65701f2ba4cd0f160\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 04 Apr 2026 10:10:29 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1444\r\nContent-Length: 243872\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3475539290373400028\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243872,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"75f10b7b10d237f65701f2ba4cd0f160","sha1":"9a345f23ec749b16f77e9e2268fcaa76dc207def","sha256":"d2ff23efb11bb7babc7218da09e45e5de163e8636c4d8b138babecdde1ea19ed","sha512":"3fc535e7dde7eb45bdfa4cc75d1d851f932e52dbedfd2f1c440681056c5616d948dd1ef4e10a9c2ae1ba38d6d1ddac0c9de3d23139af1322f4a5931589a011f3","ssdeep":"6144:HjXSQ3IS3rvVRw6rKNP6ybJak2sBRvSU752V8bYg:rRT7dRwxt6ybJYv+5Ag","tlshash":"183423a2e1f2d669058c1d72512799e1d7cfe1ec70e562cda7e4c8e60381d822f7f690","first_seen":"2026-04-04T10:46:05.491268Z","last_seen":"2026-04-05T16:59:41.070053Z","times_seen":3363,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":163,"dns":0,"connect":0,"send":0,"wait":23,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/e3c2ca12d04a23f7c717e51a952aff66.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.075Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/e3c2ca12d04a23f7c717e51a952aff66.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 31 Dec 2025 11:20:14 GMT\r\nEtag: \"e5ee136a4a31b6948eb234d409533b30\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 31 Dec 2025 11:20:15 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 124\r\nContent-Length: 712256\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11973908113393405756\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":712256,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e5ee136a4a31b6948eb234d409533b30","sha1":"6a7da7657429a6022f7974d26e287b07ae452ef3","sha256":"4846f1cd8c80ebcf00eb5937a23282f209c745fa562070fb1bb5b0b8ac98c4b7","sha512":"0127d63fb01bb557b78cedddda01ff746855d06ca7722aa4111ef0891b12916a7f50ddba6783657324b450bf1c176d89eb861010caa396b4e199f416e55c6042","ssdeep":"12288:b6NIwq8fC5tWIUC6/Jkw7jAkJXFm4JunH+S2rtmrEO44sTo4j4FXI3fg8m9xa:Czfct2/JRpJVTJOH0ddTNwXIRm2","tlshash":"27e42356a1511523b209bcd762f7d82c8caeee7296cc6f67e9803ac254d55a3f0bfc04","first_seen":"2025-11-23T05:10:59.070115Z","last_seen":"2026-04-05T15:42:27.887088Z","times_seen":8563,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/6f8421608cec89d81550506b50c0b281.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/6f8421608cec89d81550506b50c0b281.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 19 Mar 2026 10:16:33 GMT\r\nEtag: \"2ae4d745cadaaf6c8e5a769534448423\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 19 Mar 2026 10:16:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 245\r\nContent-Length: 73120\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13349977744793727141\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73120,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2ae4d745cadaaf6c8e5a769534448423","sha1":"266baee7e1bdf159ea905c2de0a285ac8809d98a","sha256":"25dd63b3272d8a94a561a98fda513f7184794ceb82f4e160a43428ff3af2bbda","sha512":"8525a2890c55972a6f0b38a4ad22280fcbc13b4d9c1ddace427b7279b29258a0cf2ff06ec8b75d23a2b15081f0110dc97e29c576d084245dce09c4f4201839fa","ssdeep":"1536:4X1xCDaMb7gU+MV4Uxh2jX1c9Qp6fo5l/B9XI08lYi0o7/iFCmUn0Nk:YxC+27b+MZ2P4fojYZmi0o+F8nmk","tlshash":"fa63024343fc9789273b3b617b1e68b4810dd895e2c2015c01e375807bbf9ba5ba95cb","first_seen":"2026-03-19T11:57:27.193924Z","last_seen":"2026-04-05T15:42:27.762058Z","times_seen":802,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/layui/css/modules/code.css?v=2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/code.css?v=2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ndate: Sun, 05 Apr 2026 09:31:22 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:31:22 GMT\r\netag: W/\"65b36999-527\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 8bfWAuA3xaSNsdeLEjSVLKKLHKo4wS-OC6Fukp68fQ2_v38-sgKmjQ==\r\nage: 502\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1319,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1319), with no line terminators","md5":"986d0d70b033a195fc1bd1527b06993b","sha1":"69ea79bb09bddd3b988db70ef8b10be9ed0f0065","sha256":"3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431","sha512":"a3d1ffa0ba90c8ed8f1330c456760ad7098b683756f1f5d2aae6ec89502c0fe1ff6287e7b1180b9df8f50d517118b610566e9315de055d4780a230488eda10e0","ssdeep":"","tlshash":"d721493aa3852118354bf21574fcbcbca03cb1d6a5ea0eaaff416797c944c51083674f","first_seen":"2023-04-11T12:12:51Z","last_seen":"2026-04-05T17:00:52.648587Z","times_seen":26538,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:45.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _ga_FY0XHF5T9E=GS2.1.s1775381985$o1$g0$t1775381985$j60$l0$h0; _ga=GA1.1.1075459841.1775381985\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\ndate: Sun, 05 Apr 2026 09:09:28 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-7\r\netag: \"65b36999-3fd8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: mXz2pDJEyFRIJy6cHwarDoWJkmuC-uh_O5JoI2jwSrsi0rJCSUvjRg==\r\nage: 1817\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-04-05T16:35:24.062943Z","times_seen":18016,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/layui/layui.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/layui.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:32:49 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:32:49 GMT\r\netag: W/\"65b36999-471d6\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: JChZM4fYxUjfqY_UnDPwWT0Lrn4G2r18835EkURW4FDnvUZxhh9Mxg==\r\nage: 414\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":291286,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"70ed0e8151d23de969de514bfd802a56","sha1":"569e6c1b0ac0b8efaa7dc0015b691334947a9665","sha256":"92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95","sha512":"947eeb19fb055b07a191ec89625941abbdc8b2247b447dbec2e3958ebd3aabc34ac07a79c559e4752bd49bc44db77d500913aab4fae300077556e347d084b1a9","ssdeep":"3072:tVo+F//NOM0SF0Mz0pZN6TPKWjZIpYCrYtJ+8CZrcNBf4XcIiOb9:Xo+FdO3SF0Mz0Z6TfIpPS+8grcNBQcIZ","tlshash":"02543a9d758574b3237360a6406f990eb17b093daa0a8060f166d4fa2dbdc885237f7f","first_seen":"2023-03-07T12:09:26Z","last_seen":"2026-04-05T17:00:52.631562Z","times_seen":26604,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/css/7.10.0/webfonts/fa-solid-900.woff2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://always.tctirbur.com/usr/themes/Mirages/css/7.10.0/fontawesome.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 156496\r\ndate: Sun, 05 Apr 2026 08:36:28 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nexpires: Sun, 12 Apr 2026 08:36:28 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\netag: \"65b36999-26350\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: LLFu6Eowqvfxcyv2VgnJky5PiFFpbu5PvYFtsB6faShryGiAZXEb2A==\r\nage: 3795\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":156496,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 156496, version 773.768","md5":"6c4eee562650e53cee32496bdfbe534b","sha1":"1aae708e3b94ee981b452a918d28ed037fbb5e18","sha256":"9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2","sha512":"ebcb5a2e2a908228f77ecd03b45491778cad73ddc39fa3a6334b129aaf9fa36c16c0307aeaad74d77f616b5b34aac52d91e9f4816945253dc9a826ddd71f4d12","ssdeep":"3072:OvM6gZMLmY8uGpjVnlooQ+GQs8jic0f/KkMdE:OU65LoP5QSsuic0f/cdE","tlshash":"8ce31200d620498d9978fd5b2a1fa1ffa7a939c95ed210bad3c30cb93257143bbc2556","first_seen":"2023-12-02T04:06:15Z","last_seen":"2026-04-05T16:42:42.442261Z","times_seen":33052,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260402/2026040220493628009.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260402/2026040220493628009.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 02 Apr 2026 12:51:31 GMT\r\nEtag: \"ce21cc7ab9c5b67093811ecbee788c2c\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 02 Apr 2026 12:51:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: HEL51-P4\r\nAge: 1509\r\nContent-Length: 74192\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8782938126322769967\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74192,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ce21cc7ab9c5b67093811ecbee788c2c","sha1":"5c8d44992114746352f328739f646e0936e42336","sha256":"44ab4db979eee7987c50f88e6e6f5999c7cfdd72664d09275c6b8a58813241a3","sha512":"e24dd20319ef53488ba7d22207970d0438d27aee1e364e52fc0c162325e36d4e15a6c837962c6c865c074a3a27ecbacaad5458285bc326fba0bcfac575ade742","ssdeep":"1536:ZogOqj+N6+60R/amDKcFWmv1kAnhbqZjgva/fQkW8KACfok+:zOo+0FsymDlFaGqZEyXQkBHCgT","tlshash":"ab73025739a1f2b50f79c0bc2ca9938e8245342c2ce843d094dfa2b4a978799dcb5653","first_seen":"2026-04-02T18:05:40.086592Z","last_seen":"2026-04-05T15:42:27.836361Z","times_seen":178,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":116,"dns":2,"connect":22,"send":0,"wait":22,"receive":23,"ssl":98},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260322/2026032220580720519.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260322/2026032220580720519.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 22 Mar 2026 12:58:13 GMT\r\nEtag: \"7b2158459f6b9c2f0234b8f62642de34\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 23 Mar 2026 02:51:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 810\r\nContent-Length: 985584\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10243610467156759678\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":985584,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7b2158459f6b9c2f0234b8f62642de34","sha1":"b9b64d8e7d6c62e1a675b16bdd417daa35a880b1","sha256":"c84e9ed4242c92c71b4e1cd7b93e0e253b2c642e418ff63611b8f89ca29d19df","sha512":"d316b206ca5cd5a0d85f8dd02bd26785987ac3d67720f48ad555abf3ef057c0eabb342c0feddfeffc3bffc3f0b8909a70b3fa54d3aba48d6b8bdfa807ed824f8","ssdeep":"24576:5mN2EudgjXVoLYgAmjDXRx1pysl3zAfyYizhRcRJXftt1cEs:pErloOmjusJA6jlgd1LcEs","tlshash":"ad253363095f408cabb2f00c5ebfe2aeda5c07217fa2ec19744d8669b9315543587ed3","first_seen":"2026-03-25T08:46:48.857271Z","last_seen":"2026-04-05T15:42:27.802359Z","times_seen":204,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":149,"dns":0,"connect":0,"send":0,"wait":13,"receive":217,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/ff47c2af04292e3b93748a1536fe5d5d.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.554Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/ff47c2af04292e3b93748a1536fe5d5d.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 11:00:17 GMT\r\nEtag: \"aa17b2abf016a6a67f1abc758d9f953b\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 11:00:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1235\r\nContent-Length: 223536\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11723602722109681965\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223536,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"aa17b2abf016a6a67f1abc758d9f953b","sha1":"c6e40dc70565bd90849b6752ef3e0f878080b256","sha256":"5e0f020fc8b0c96f00a6a4b22b024f31de337fbd25ab451cafec5cd48afb8d65","sha512":"119bf79be647226e334d685c9898fdac7b4ea4a9e0736fa3a261483adf43aa84202201b55086e6c067d75ca49b0563a4f63b282ffeb1f4dcd3f195e6f63a97ac","ssdeep":"6144:I3CYPO50ViUpOZeYLeeYY7h91QTQpXCHcqzBp:I34k4ZLeeYYxXCH/7","tlshash":"6b242387013b903a7e17913b9daddda170009eb82802aca1c347a4c9d755facf99eb46","first_seen":"2026-04-01T11:04:29.225549Z","last_seen":"2026-04-05T16:59:41.114255Z","times_seen":3484,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":142,"dns":0,"connect":0,"send":0,"wait":14,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260301/2026030112043668029.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260301/2026030112043668029.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 01 Mar 2026 04:04:57 GMT\r\nEtag: \"159979daf48a13a2cc555fe117190b1d\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 01 Mar 2026 04:04:57 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 798\r\nContent-Length: 210768\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9196534904864029763\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210768,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"159979daf48a13a2cc555fe117190b1d","sha1":"819dbd4cf5b3f693178b79082f5e172bc8cb1ccb","sha256":"8e05222edb87fe51149c6a8759f59a45dee09fe4a460291ba87c8120531e0e2e","sha512":"d29f3f55279519acf189a7010b93e69ba60d95ddd02a1e5e7d982e01afe843c2d55587ffcbc08af40c273ecc15a93b5020f21319b08cd4ab396f286debd4ac98","ssdeep":"6144:TUQsZO1u9QsrwgDWNQoHe11vM1eSa7Kp7J:TUZ0Uu4w/NSMM3GV","tlshash":"ac2422dbe03087e7645f87e0a8db965a377788bcd57f30ea4a3838352e7845e9293015","first_seen":"2026-03-01T07:46:48.002312Z","last_seen":"2026-04-05T15:42:27.811237Z","times_seen":274,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/images/avatar.png","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/images/avatar.png HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 595\r\ndate: Sun, 05 Apr 2026 09:06:25 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\netag: \"692a558e-253\"\r\nexpires: Sun, 12 Apr 2026 09:06:25 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: EnOliXHp4XQ-FWQliwwnlekhz8If53C6QHxbuAmiAmAoCspuKt27hg==\r\nage: 1998\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":595,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 66 x 72, 4-bit colormap, non-interlaced","md5":"7ef43b76aa8991226255e8eaa6ba91c6","sha1":"254b85b5d76f4762340818752e3f8f7e27f1ff8f","sha256":"1fe727cd388b13099a4676286b04303adb63768ff4f7ecfcc7b044a1c945442e","sha512":"72c77aca3d301d927b661dc256aa063c509b03eee30cd9058a3688ec5f275a5807715d8da1962d6ccfcbdd5f09a78109e4002b7396aef65c25d9f77576eb61ed","ssdeep":"","tlshash":"c3f02683eefcda00dec4039c28a36ec2b59614fd2b1551cb7b8a093c9a761c045be3d9","first_seen":"2025-11-24T19:23:52.00535Z","last_seen":"2026-04-05T15:42:27.907689Z","times_seen":2317,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/js/user.js?v=6","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/js/user.js?v=6 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:56:09 GMT\r\ndate: Sun, 05 Apr 2026 08:59:29 GMT\r\netag: W/\"692a558e-3ab8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: q50ukEAUMKQxJoiG3SF8eRKz5FU7NFOT7PxxE8SbDMGrmcYAQ1ADNA==\r\nage: 2414\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15032,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"26408a8b354961c977e26332d67f8b36","sha1":"b8d8acdfb48d4c4dad225b86af6cdcf3a312d868","sha256":"fc4bc24fe53e76b87284ab6ab91efeb0aed8e552273d7e785df785955622ccb7","sha512":"f43c0c8b31432f53cb63df177df3553bffee6e7c867dca657aab236a3a94b25f14aa72cd8215b27b606c14cd22e808c43662f9ba58b19c185800de6b01f35bf1","ssdeep":"192:G4pcNs9UU7DzCneMrO4bUDUrdVCr1JB7yifGQ/FoWjxk0vwnaI3QUGMugCNAVrgX:G5Ytj/J6KUBy","tlshash":"e962630af1f904620b1365a46b9b2108753095472a0acd183e7d9bd82f5ed79c2f7bef","first_seen":"2025-11-17T10:42:59.258806Z","last_seen":"2026-04-05T17:14:23.540473Z","times_seen":5930,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260327/2026032720201912896.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260327/2026032720201912896.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 14:30:05 GMT\r\nEtag: \"53b5915d5e60bb0ec34c722cb6ea1389\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 14:30:07 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 588\r\nContent-Length: 127072\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12553302659734699831\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":127072,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"53b5915d5e60bb0ec34c722cb6ea1389","sha1":"c13a09487cee3205e286fb9570f58f1145b3b7fd","sha256":"114f52c09232c64190632f4281de39ca7ae271a10e7e903c952aade60c6c3d69","sha512":"7f76c7c9d0f16514a35bd93e973feb4ec46ad021d4ab90eb0067977478eb8b54c58bfc424d5122aa46c3051989b2d96ab587649343842c3dfb294244e4eb6a48","ssdeep":"3072:oPTaYAzrql2Lle79/D6ru9j/sJiLP9efMpBU1v21Axh5lW8vBJdrp:oP2YMrUElW9/ZgJiDJR2xTBp","tlshash":"97c313dc661be0714c4609d616ce1792be687370d7ebf7de6e02aaed04c8c0ed4d6912","first_seen":"2026-03-30T16:41:45.35222Z","last_seen":"2026-04-05T15:42:27.868524Z","times_seen":191,"resource_available":false,"data":null}},"time_used":491,"timings":{"blocked":200,"dns":0,"connect":0,"send":0,"wait":23,"receive":75,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260327/2026032720360516773.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260327/2026032720360516773.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 12:36:10 GMT\r\nEtag: \"2e63483b365c1c5a119e80f54d5f9d0a\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 14:14:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1369\r\nContent-Length: 847024\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12963760090904513014\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":847024,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2e63483b365c1c5a119e80f54d5f9d0a","sha1":"67e7cb4f9000bdcd0881eafc145a8e79df571435","sha256":"b77ce7541d9bb8ead5f88c2440f60895f400fcd2d9b6ecc69a58dd68dcf6311e","sha512":"13b5aaecaddeb1441c4bb3265c280e9ec79a26d2587d13f8497a4897cc06c17a12ede3c6e6a114de87b3cfd9936ae9426f10bff67517da703a9ba12839251e29","ssdeep":"24576:o5W15CgO5dxydAHtmOk04spZrNLRaSMYml2BpS50zVW:QW1az0AN9kwFXaB92m0I","tlshash":"d7053350705c7b9f8c4add470a9ae54d785ff7c90ab3c6c058e133b6b60f8119ae89e4","first_seen":"2026-03-30T16:41:45.240295Z","last_seen":"2026-04-05T15:42:27.795677Z","times_seen":191,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":105,"dns":8,"connect":14,"send":0,"wait":13,"receive":125,"ssl":81},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260325/2026032515241649129.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260325/2026032515241649129.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Mar 2026 07:24:20 GMT\r\nEtag: \"5db7588b67d7248a7e1d785e6bcef427\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Mar 2026 08:27:07 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3519\r\nContent-Length: 110048\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1164056308165549015\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":110048,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"5db7588b67d7248a7e1d785e6bcef427","sha1":"68e17dd7e7a8aef4c3dbab6280c6d6505f598d70","sha256":"8d7b1c46206fbfb74fa5d0065dd783d59425eca8921c91ea38bc6d5cc8b8a65c","sha512":"3418f80be2ac0adcd9566af43cfd99aca48538dd9f46645ecdfee9ecbe3da2385ab3d112b1dc775d27ae05cee2ab66ba382e01e2e4b2531da59e9511108488f9","ssdeep":"1536:Ctl9gjtNO6vPy5iXg/buJMZIb7V5rOE808mUfC0mgedrqhgRL51CrHe//AJRbzac:ClgxNLs/ZsVdOk8D95eEir5ALZ","tlshash":"5fb312bd2e55f5cdecda324aef8eb5e085f4261443e8eb806b964f21c4c392ec0055a3","first_seen":"2026-03-27T02:31:56.102814Z","last_seen":"2026-04-05T15:42:27.780948Z","times_seen":202,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":120,"dns":0,"connect":0,"send":0,"wait":22,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-22/d283a633e1e7b7b8dcabb219115c8538.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-22/d283a633e1e7b7b8dcabb219115c8538.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 22 Dec 2025 13:14:12 GMT\r\nEtag: \"5b0f07a3f5eb80c880c76cd73644e62c\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 22 Dec 2025 13:14:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 460\r\nContent-Length: 143456\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14651748686592285229\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":143456,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"5b0f07a3f5eb80c880c76cd73644e62c","sha1":"f6a36e95fa8be605a911c71a435ddf04658268e3","sha256":"450659b11ee0dbcb0012b415431dfb70a50393b87d20eae9e1428dedec9bcece","sha512":"f1a1024d123758f1e42725cfae5ead58bf4f08534b810cd750c81bc4f80427a2e777117050c59971092094c4685fca128981a1b13a1378859bc4a7a977184be3","ssdeep":"3072:vOnJlhYgTD9AXeR9R38ofmObF9SZ0lUoAu6/ECMIMMBZzSVsCZwIjG/TC:vklhRD9/nNc+lou6/ECMIJ7ubgO","tlshash":"a9e31283f71daad3b241ea31538ac0cce7ec8756986d61b3258c90d33f89d849bd54a9","first_seen":"2025-10-13T09:03:25.858816Z","last_seen":"2026-04-05T15:42:27.814472Z","times_seen":1628,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:42.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Sun, 05 Apr 2026 09:12:36 GMT\r\nx-server: web-node-2\r\ncontent-encoding: gzip\r\nserver: nginx/1.22.1\r\nx-cache-status: HIT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: xiLNx6GYKECBcGSL08KEUeEbo8ocC2cuc0ZVkmedNeJoTLg_F7JCbg==\r\nage: 1626\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Parsley.js","description":"Javascript forms validation script.","website":"https://parsleyjs.org","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Clipboard.js:2.0","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":198083,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2155), with CRLF, LF line terminators","md5":"5991f54c57a6ebb22113a21fb489b0c8","sha1":"bac6db5f8509051eedc50d74f7e5396b0247e1ff","sha256":"34b76a9b9180480291a076cd63c0dbf048fdfc53251746ddc3e34e9bba8317ea","sha512":"eb76bbc50cb8952037bcb38cecaf014c820adc11c64320fc191b2660a97c45770130bfd5c5f9e23febbb85bf5b0783f7344025e022b9829e9b014880a3d95000","ssdeep":"3072:mcwJnZgfMay/Q1G54tVrH8S+gd/+IOiOhC:IJnmnOiLPH8I","tlshash":"7d141b512cf144b242a7b0daa5b6bf05fe81e007d90add04b79c8ac4afc5ea7d5b3358","first_seen":"2026-04-05T09:13:29.701564Z","last_seen":"2026-04-05T09:40:19.91658Z","times_seen":26,"resource_available":true,"data":null}},"time_used":87,"timings":{"blocked":42,"dns":13,"connect":1,"send":0,"wait":2,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/css/7.10.0/fontawesome.min.css","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fontawesome.min.css HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 06:48:51 GMT\r\ndate: Sun, 05 Apr 2026 08:55:38 GMT\r\netag: W/\"65b36999-18d62\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: qMZJGhOonNDNDzW3o3mVBxgt6l6xlDELFI0DAP5_hDGR-vUpC-2YQg==\r\nage: 2645\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":101730,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (62331)","md5":"39cadfab66a73045efb12382e22bf500","sha1":"1c083f3d16950ef0b3c047abdc45000651afbe2c","sha256":"2bb5a2ba7c578dcd0fa854c4933d94b95192c4362859a107c129e08bcc639ab7","sha512":"42b32823c9882f41e5bbfc2382008ce2ed9bf93c50de895749162ff43695bfa0e26a42689868688978853435682472e717e0442e92c4553af1bd897ee8a3403f","ssdeep":"1536:inMnM+M8MMMtMFMHQ48Efuuzv4p62QzsJSUpNtJ9yD7y:Spfuuzv2QzsvjtJ9yvy","tlshash":"70a339f8e48905e8a372c84fcb55b36c663af770d5425c81f10f9a4d8ec2b5815eab2d","first_seen":"2025-04-06T23:52:34.672346Z","last_seen":"2026-04-05T15:42:27.848803Z","times_seen":5150,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/css/index.css?v=9","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/css/index.css?v=9 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Mon, 15 Dec 2025 08:45:10 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:55:43 GMT\r\ndate: Sun, 05 Apr 2026 08:59:04 GMT\r\netag: W/\"693fca96-f3c0\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 6gVcv_LuW-yjB3JGSg499KB7_4s_tvZXPxKOcCJ-_zoIUCswRAumjg==\r\nage: 2439\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":62400,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"77b4a27fd4889f62b218326c8e446374","sha1":"21ebbb81329a09d19245989ad3afb4c02d7e8aab","sha256":"374897c05f56d1a363016675eaa7c079f9ede57986215f5ab818cf7d99a402a2","sha512":"50765f1b2148f4926d38d1382febd3a8d25e90367f559d041553b7677a08d1d1c02d85e082d9847d4d129bd86135d7ef917ae390ae20df9bfebc2caf48babf3e","ssdeep":"768:VR3/VjKBjwp2GofTdfsudyFi33oKQRQqQoaLvKFxXRCfYA+SF0:PmsudyFi3YKeBgLvKFxXRCfYnSG","tlshash":"8053640416630904785795b9bf7b17c56358c087cd0ac96c7fcfa649cf8e168b4b6bca","first_seen":"2025-12-15T11:07:20.499351Z","last_seen":"2026-04-05T15:42:27.77945Z","times_seen":1492,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/parsley.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/parsley.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 08:55:32 GMT\r\ncontent-encoding: br\r\netag: W/\"692a558e-1730b\"\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 08:55:32 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: IfCV0PQ2OqELAighSs3u_asiuIMs1nrxqLIWThaZCc4dnbF0DoXHyA==\r\nage: 2651\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":94987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (885)","md5":"a442261f7fdcdb3396b2982e7d5ff2d3","sha1":"f2a873ba1e0a2400f6c5f165eb9d4f4d36b4e2dd","sha256":"be43eddbeae875bbc9b68f4a6a95de3fad6798b733dd55f2cdc2bf81a5a33848","sha512":"16aff01ee308ec0adaa0e2be8ee139a1820b2af48f7ba182e595999efa4e3bf64f76dc80dbd9fe6b99152cfe1768bc83cbd0f52013d8cdd17270edf72237743e","ssdeep":"1536:qAj0W4ZuOjkI33R+a0WQ09uH60SkAZzvH6KomR7Gi21l:qAQTuOjkInuH9Sk2vAl","tlshash":"f49371497ae221018d2730bc1fafa0067274811b5409ad94f98d93d0af94d7993faff9","first_seen":"2023-03-12T07:21:41Z","last_seen":"2026-04-05T17:00:52.688349Z","times_seen":17994,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-01/79ed95381bee32a475e0951ef7924bcc.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-01/79ed95381bee32a475e0951ef7924bcc.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 01 Mar 2026 12:30:12 GMT\r\nEtag: \"9aeca8b1aad82d715a8539fa4196ae75\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 01 Mar 2026 12:30:13 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 886\r\nContent-Length: 445232\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9795963840866832024\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":445232,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9aeca8b1aad82d715a8539fa4196ae75","sha1":"ce2b20d4c785313c1471ac77f86a6abb18820486","sha256":"a638e8bd2d32fc097d44e09a543c36e38d7cc6eee734e31bdd575072eb112545","sha512":"90e7c8878f841128214880cb9391e2b215375d80b4a7b0c2b4b161f301a3b1eff809574160e2b0468d834717e9f9a2e2a704d5b18b117a4d7ee52f7c3fcb264b","ssdeep":"12288:hnN0D3HHByJyHLJs2xcxqaKMmYKzG/B+LtrwHpb:hnN0D3n3HLJspqaKMEzG/B4tiR","tlshash":"ce9423b447783859af9b0870457c7486c98d22d6dc2dbbc2abd4501bd9f6234a73e0bb","first_seen":"2026-03-01T08:27:11.645402Z","last_seen":"2026-04-05T15:42:27.764008Z","times_seen":306,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":8,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260322/2026032217320695396.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260322/2026032217320695396.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 22 Mar 2026 09:32:12 GMT\r\nEtag: \"24608f56af0c447aaad02692924d3e2c\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 22 Mar 2026 16:04:54 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3363\r\nContent-Length: 1320112\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7622310991513961574\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1320112,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"f78788d6f085a760f45dc3baaea5a979","sha1":"b54fdbef9b50d3d7129bf7af3502f17b1f0ecbd3","sha256":"3c71cca2467d0e7c9d8679b19d2bcb354a829cac0bec19f96bb9e621b48f9982","sha512":"0437495ce2d8d78d2c7446023b1b530e7f5e45b8fe61998f6304063ee0d3188233aea8f58df78209e263542df0548b6d341f9cc8a413a016c9963b3e690bf857","ssdeep":"24576:Vx/FbTlkODuQhkBkxDisKYqWsCOYJcy2RMuo1A3pubfS:XFbTFxhkCiuqFCOY2y2do6wbfS","tlshash":"cf25334e29ead724f84145f7ca4cd0efd0a0e5149cad86f88529f022df983884ee6fd5","first_seen":"2026-03-25T08:46:48.867549Z","last_seen":"2026-04-05T15:42:27.809701Z","times_seen":204,"resource_available":false,"data":null}},"time_used":420,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":38,"receive":198,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/5090acb735fd6a72ed0e9405f004f000.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/5090acb735fd6a72ed0e9405f004f000.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 19 Mar 2026 10:16:33 GMT\r\nEtag: \"843ded4fb6d13eda19f4eba4ccea4119\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 19 Mar 2026 10:16:34 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 244\r\nContent-Length: 74640\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6189565816782892081\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74640,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"843ded4fb6d13eda19f4eba4ccea4119","sha1":"92d12b8f73f41603ae546311eda413b50b5447af","sha256":"9fc70e0c8931faeb59717ea4201764fd1d7bd4767524237065c4eed991efe922","sha512":"02223db50aa6a352dc390f02bbce7aae00c4065477a720d92190d12e8471a6dc7068d828d9fdb23e07abc2c69f74b0ba1c030ab91b16e1d00448c7c91240557f","ssdeep":"1536:rUrlSM2WpvLuQ6YI6Me7mh35u2Csp3TMsU41PJ+HKXCF:KlSNWZLuQM5HCwTRU5qyF","tlshash":"2973128c7ea631a524df0c09dc9e29df043a92f5cbbdc64e02041f9e4af628f7915271","first_seen":"2026-03-19T11:57:27.178664Z","last_seen":"2026-04-05T15:42:27.81288Z","times_seen":801,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-10/2f1f4baa29f7cd3832ed2b20301d6908.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-10/2f1f4baa29f7cd3832ed2b20301d6908.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 09:36:18 GMT\r\nEtag: \"9c396db6c7e057dad21b49fe0f13baa6\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Mar 2026 09:36:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 230\r\nContent-Length: 332160\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1950539736813297519\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":332160,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9c396db6c7e057dad21b49fe0f13baa6","sha1":"3fcd3e4cf8a533c6006a2e4f3fb1067e16ddbd53","sha256":"928a566bdf5a36fc89cede3e372989e0242203074582a751ce5b784b19d55225","sha512":"f461baf4b7853cfec7f568893c91c75ba720580fc5621ccfc65db926b5f39d86ecb556ecba3e7b2e39755cf3e318a4422f00b7bef959534b150a7864b18a0b82","ssdeep":"6144:JI7Gw1c1rOs+/lVHhXIuP7IWg6GdHCEjTuwbd1FasB19GktUtndkaCtT:JwcysGJXIu0WpGBfTf1TByktUtn21J","tlshash":"706423583426088f7583bb6cfb9aae5374b1e6232738e709a6c7c04d45173681b397e7","first_seen":"2026-03-11T10:46:45.242029Z","last_seen":"2026-04-05T17:00:39.696465Z","times_seen":1547,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/images/avatar.jpg","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/images/avatar.jpg HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/jpeg\r\ncontent-length: 9738\r\ndate: Sun, 05 Apr 2026 09:33:09 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 25 May 2024 10:28:58 GMT\r\nx-hostname: server-4\r\netag: \"6651bd6a-260a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Tz67YEXR3Ak713cweNXf2LK26UKxPMBpKdpYqaowDl0oFuriKgYmQQ==\r\nage: 394\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9738,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], progressive, precision 8, 242x242, components 3","md5":"e331808b08c447fb62c360b095951c2f","sha1":"19d11bfc77e882ce20a9f3901114670aa5cb089b","sha256":"f6ec1746206d7496dcde9410d012a7e32ae5707eb3d4f1129c33ca9dbeab085e","sha512":"c05520bf79a42ddc94cfbe27461035443b5e31d5f62c86534450ca1715161a1ec9c7044d41caefac8a289f54a4ef625b18895a0c59ae093dd59180d67719e20e","ssdeep":"192:F3qdot62CnW3kB/FEAN/oV+qokd4K3j6ieSiqt9:hqCt6m3+/obo+Diw9","tlshash":"c412be2225dccb19d1fae233451f73061f779d530d817768be5c8e83bb858206a8d6e1","first_seen":"2024-06-16T05:00:12Z","last_seen":"2026-04-05T15:42:27.790604Z","times_seen":2290,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/js/index.js?v=4","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/js/index.js?v=4 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:02:49 GMT\r\ncontent-encoding: br\r\netag: W/\"692a558e-f08e\"\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:02:49 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 8k4nJJcbayiYbuJzlkElPC__Gznc9djJW3Kx8Lh3PIv8IgBEvdLSKg==\r\nage: 2214\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":61582,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"fa025a4509063e83ad718b71ade383f1","sha1":"46fc09546e34971063879cb604d69b6610d0526e","sha256":"f18eaf5fe987d56e03be67a6363f0d6ca170613e184102106d3a71bdc43256a5","sha512":"c16b19563232ea822d64c457ee5f2c822b247c1bb9d7ff26f0b6ea97e92bd077eb9f3ce5be2749ea4a13b14cb352abc1b282e3afe49cd6e61dabf6bee4f891df","ssdeep":"768:rRSlB98le/8BYkN1HT6ekRqcTEXEHkYRJQyTW7xbhxASgpKUzEXEHG4aGyd+zzTd:kg+CN1z6v9Rbybc3KEjpZzzTQgl","tlshash":"ab53846e22fa550a474330293f9f200a3210a4571d49ee9cbe0d9bd45fdd678e1f2be6","first_seen":"2025-11-24T19:23:51.994816Z","last_seen":"2026-04-05T15:42:27.776056Z","times_seen":2302,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/clipboard-2.0.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/clipboard-2.0.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 07:56:09 GMT\r\ndate: Sun, 05 Apr 2026 08:59:30 GMT\r\netag: W/\"65b36999-234a\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: C9GtfInX3pk1unyxQpmurNZ6e6t6eQNfxvoVLBAH6rgKHqiVmf81RQ==\r\nage: 2413\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9034,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8941)","md5":"ad98572d415d2f2452845a6068a913c0","sha1":"6674f81dd01c76be986cf0a8172d1073e56d7ef4","sha256":"baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1","sha512":"3c88ac453f2615f771c7df6032ced6018e46a7e0ad8d86312af17ddf0f32580bd7e78f1404d0031eeed091abe0afac911be6aca1ca9fba4e5cae335de73f6ce9","ssdeep":"192:RJBFlYPHiG9JyHg4LyAahp1v/N/MosfkApXMdgmkpj:R9yKG9JKziVF/MF/XMmmkpj","tlshash":"d7126599b291b0b15ad731a8412f920ff3766869708b90d0d279d4f0acbcdde4463f2d","first_seen":"2023-03-07T12:41:35Z","last_seen":"2026-04-05T17:08:33.667537Z","times_seen":16218,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\ndate: Sun, 05 Apr 2026 09:39:18 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nexpires: Sun, 12 Apr 2026 09:39:18 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\netag: \"65b36999-4104\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: KgWZYQ-ek27aqTM5JBa7qxgrDnbJHqOtLiqIrmJw_5XPpkOxXfkyYQ==\r\nage: 25\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-04-05T16:36:29.65138Z","times_seen":19847,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260321/2026032115593577727.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260321/2026032115593577727.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Mar 2026 07:59:40 GMT\r\nEtag: \"85211bf37780cc7013dd7234fd30c9d7\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Mar 2026 20:30:07 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3703\r\nContent-Length: 97568\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2938785551304308176\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":97568,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"85211bf37780cc7013dd7234fd30c9d7","sha1":"c771eba2226a57713968bdfa6e451d1a4c242036","sha256":"ec63655108c733ddaa662d5ecb3072e4db7e4f29b6e6b6aa45e2ebdae1661999","sha512":"9ee91c3b528fd9591c44879d04f5bf79f739fec56a7ddcbb7562f5561fde12ced8ae3518db7e0385248c69869d74e12be18cb45ab73dafff9a33c254faf9bb81","ssdeep":"1536:fgdWCyFn/TzIcasKlV3lgYFliE1V1noaD57aNlM1AM0srN1XBXDMb9os4ZFPN:RFVas4LFliQNClM1A3s9DhLN","tlshash":"3393020add6ebedc7fadb608c62335580ff5a46cdcea605e51560201f8a31c52eecc99","first_seen":"2026-03-22T10:04:18.607611Z","last_seen":"2026-04-05T15:42:27.777821Z","times_seen":214,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":24,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-04/4bdb52d81bc09e3b8c1d3c7c6d4e2e8b.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-04/4bdb52d81bc09e3b8c1d3c7c6d4e2e8b.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 04 Apr 2026 10:17:01 GMT\r\nEtag: \"e51ef3e3ccaa62a426cd789a66d473ca\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 04 Apr 2026 10:17:14 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 91\r\nContent-Length: 270864\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10990641397250578385\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":270864,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"DOS executable (COM), start instruction 0xe9ef8714 1779637f","md5":"e51ef3e3ccaa62a426cd789a66d473ca","sha1":"a05cb57a2f8db0aeae557521e780877145edf257","sha256":"96b2b9bd671adb756ad94afdc92b3aa857675576a8e6d7cd0213257b0f709618","sha512":"175474ef55db136c5e02ad56245b84aaaafd812137da51d51341f379f436590a12225824a4bb6fb5f2e7e2b9b2410e883fcbe5fecf24b0f71f5817453ffe9dbb","ssdeep":"6144:pwgF6Tu1KzzpvLsUEtVrJqnhas/I9j3x90sIvDo:pTF6Tu1QNQ3zJqha93f0sIv0","tlshash":"bf4422a5f3aa67f7e9ba722cf2efdd067ea834f0627b67511d06d103418c7884982474","first_seen":"2026-04-04T11:37:17.990311Z","last_seen":"2026-04-05T16:59:41.045043Z","times_seen":3363,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/5455fe684d8aa13a588a913ab498156c.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/5455fe684d8aa13a588a913ab498156c.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 18 Mar 2026 11:36:31 GMT\r\nEtag: \"b623e1b55f0930c825f1f77ccf2aa695\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 18 Mar 2026 11:36:31 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 877\r\nContent-Length: 312944\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10598239741173340856\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":312944,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b623e1b55f0930c825f1f77ccf2aa695","sha1":"2a3fa46412096622bfbf0c8c804e3569563ab50d","sha256":"257c25438d69e04240ed40ad37b4a28caf7fd4aabf061e969ee9235a79f6ba91","sha512":"9640217cfc3e64b0b3f5d8e1c9dc97949071f55ad898a1d2299fb29fdf3e429aaba6a05d5d8c9f00cd6878ab95e5b84db7bdd41e9bf1ee5f72c3d70e5a76e638","ssdeep":"6144:TN11eIfw2XlBj5XN+lXYm2J0ytC/xxX8lTnOJ2xk3/qtXfD:h11eIPT54YCykpxwTnOJX3/wX7","tlshash":"a5642310949180eb15cad88a5ecf5a30a2afc993d7afb41af0d3974b50ec7e93311b57","first_seen":"2026-03-18T12:48:21.453772Z","last_seen":"2026-04-05T17:19:28.142491Z","times_seen":5163,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-25/59d4f0740dd9534553efb499c54a6146.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:44.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-25/59d4f0740dd9534553efb499c54a6146.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://always.tctirbur.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Feb 2026 13:50:45 GMT\r\nEtag: \"b328c0c7d21077dcc512724fb6fbd3a0\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Feb 2026 13:51:08 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 67\r\nContent-Length: 343744\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3971776165134199505\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":343744,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b328c0c7d21077dcc512724fb6fbd3a0","sha1":"9c4cf075979de4b4bb02a22ac07d15f603154c73","sha256":"8ffd21d43f6ce8070ae9c78f2ef752d5f1bf8ef1cd65358fe9b7a361940f61c8","sha512":"73a56db882e239eff6b0e1b8c9a3c2c0e71257b1ba8b15805c71f1e63449503b40bc0e78f6077ac0618570ceced37dbe5c697c4c5ed477ad13f1481a2d5e8da7","ssdeep":"6144:NAqzpp4tb+UBk8NlKEAkkf2ehkPDH+7+m3OJSdWUiHxB9eJhHQvuFzFxgwAT7D9M:dpOHBTNUzf2zcSUiHxBQHfF6wAT/KcA","tlshash":"c774237314d928aea8e7c82c697b473311fcfaeb64387f5346de5bcd25058d104ea84a","first_seen":"2026-02-25T11:08:48.248298Z","last_seen":"2026-04-05T17:19:28.160392Z","times_seen":6383,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages//images/nav.png","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages//images/nav.png HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 140\r\ndate: Sun, 05 Apr 2026 09:12:45 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:15 GMT\r\netag: \"692a558f-8c\"\r\nexpires: Sun, 12 Apr 2026 09:12:45 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: s-u_GhUve-gonc8x3TKUwsWDX0v3T9IP4_Y8usS58JuT-qu0g22Qtw==\r\nage: 1618\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":140,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 52 x 46, 1-bit colormap, non-interlaced","md5":"ee992afad40318e8a12dcb4d8df62e7a","sha1":"39f5062870126424b00d9cc7d239d1cd822204e9","sha256":"166ec5c5a339b08de7b2c6208350d7ba96ab4d07ef001b31daa624ed5505ecda","sha512":"3d9e06c216c2718b4117c6e98991b1d6eddf0d4a841d8a33895711ddc69ea4b9fb0a9112503e5d0f9c98d99a6c2f3a2494b952a90428a40e10aa9a728272cfa9","ssdeep":"","tlshash":"9ac02bc5a70c8e248f59012f46e65040ed18085e500c8a072b0300d80f3a008f180a1b","first_seen":"2024-03-24T13:16:29Z","last_seen":"2026-04-05T15:42:27.817871Z","times_seen":1826,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=3","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=3 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 08:55:46 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Wed, 16 Jul 2025 04:16:48 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 08:55:46 GMT\r\netag: W/\"687727b0-4cb68\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Lm6O8I--mu4kcgDmVLJSicGL6NoBD-_Wth8BT6EOXmvaFD2Is-GPRA==\r\nage: 2637\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":314216,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (942)","md5":"467f79f8918ea5236cd42da189a3ddd9","sha1":"9cd460c1e262681514e331bd3cf1d17c9ce9d4d0","sha256":"7406dc82acf484c36bbe06dd2266cc0b2793fb5bc1622d5d0e7ab76e89ba98e1","sha512":"361dd264e39689a61ca1c9baf5bb3d6b42384d59f3619c20bfd43c4b1e7073ed7adfff7440896ddfe82e5145aca58e98e82d6c6560d3653024b2bd8820ec1413","ssdeep":"3072:/SbqwelyE+K3TAO4czuJ19WxZ/Y8f4Sqvw+Uki/uMSB+jonuLzAX:/Sz4TAauJXW3Y8f4Pw+UVuTxnuLsX","tlshash":"ae64a40baaf314725563b0bc4b6fa5043231806b5e59fd643e5c82dc4f1d83d26b6bae","first_seen":"2025-07-23T00:56:23.107725Z","last_seen":"2026-04-05T17:04:21.635059Z","times_seen":2799,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/vant.min.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/vant.min.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:32:37 GMT\r\ncontent-encoding: br\r\netag: W/\"692a558e-3b3ee\"\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:14 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:32:37 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Un3K24nPjG5B91YrqEpXN8J7aSgZJ--zmx4D7HkuzmceYyF4CxbiqQ==\r\nage: 426\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":242670,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (36859)","md5":"48c71ec4ea36fdd75033bbb278a861f3","sha1":"b47d16bde5c94e468ef249bd2126b846a39afe73","sha256":"0b18e273bc785dd0e5cc43218ee879bce10461fdf3b1274a1f2c8962aaecb49a","sha512":"bd3e587cf0fa0c2d777e1918b2067a2a2cce648996ea7e490098d609b20bacec6c2fb6dbe682ac1e212eafe2c1e33364a8cde40439ab6d24638b9b23b69489a1","ssdeep":"6144:XEB3BhYNbHp+fvbtgMAgMgQ8dOq11tUxLEm+Om0RbU:XEBIHpevogQ8dOw1sEam0R4","tlshash":"d23439a0f685f42547b790e6507a0610e1290b48f009d1e0f57ded8e2aede94b6bef7c","first_seen":"2024-08-02T14:48:31Z","last_seen":"2026-04-05T16:55:02.569411Z","times_seen":25956,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/plugins/ai/common/image.0821.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/plugins/ai/common/image.0821.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 08:59:49 GMT\r\ncontent-encoding: br\r\netag: W/\"692a558f-4b5b1\"\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 29 Nov 2025 02:08:15 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 08:59:49 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: EXcMa-pZoqEOxjxum_OSibDo9uTla3RmHbqn5uPkRzjQBfiQ3tAF9Q==\r\nage: 2394\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":308657,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3229)","md5":"5e58c86a740cd6c1821106b20c0c7f48","sha1":"88ee6c584e88c228fa8d67d969d853c0aeb95ada","sha256":"9fead600c0800d0a226d684f2604f4c6f1eaf3528b2357fdac942d450538a442","sha512":"1b907e01624056461d591abaca6780eb3e33a23c0da393ad369e27895b3e09984922c68e8b536ce4794499c70aab341047d9529737c8a3afc4a3df5e00b5979d","ssdeep":"3072:LPP0McCvleCNzRxnnpa9PYetJYRw0qvl+itTRRnnpa9v4+tJ4xQU/9Au:LPP0LypY06pYU/l","tlshash":"1564104a9fe31194f513b43c6b3f6805a1e6b0275ad9dc0e791ca9e0cf29428c579bec","first_seen":"2025-11-08T04:26:01.795335Z","last_seen":"2026-04-05T17:00:52.702567Z","times_seen":17831,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/js/7.10.0/tjtag.1.0.0.js","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/tjtag.1.0.0.js HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ndate: Sun, 05 Apr 2026 09:05:54 GMT\r\ncontent-encoding: br\r\nserver: nginx/1.22.1\r\nlast-modified: Sat, 20 Dec 2025 04:48:03 GMT\r\ncache-control: max-age=604800, public, max-age=604800, immutable\r\nexpires: Sun, 12 Apr 2026 09:05:54 GMT\r\netag: W/\"69462a83-eabd\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: _S0lMrEci0JD_o-KUcOSyaD5gTS4Ggxd3yQmTAAYM_BNKgJTa4YMdg==\r\nage: 2029\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60093,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (60047), with no line terminators","md5":"7f201cf0a95ccf9a7f24e5060d5586dc","sha1":"4c658c6517399855f5aa34d3bf8abacd04f26a9b","sha256":"fca8e92f6c10174eb14ac3df1723dc2b543d812e345f48b8c8617b45a7ece81f","sha512":"767dfb492cb39d6820ebe80154d22992f6f13fac2aa879510d4b3cc8ad320d0377122e8bacc899dc6d0ac421be619ae0b55cdd5765f322038b3a247b7862cc8c","ssdeep":"768:YN2i27QPT3K48N415SVHjv1ziclmTvActHDIJDDFzDBBq8aWI/0qX0qIS+zQDFoa:Y8d4k4HWbUxntjgHLy0ERRm/pB2jJ","tlshash":"3543e7cf23d6b0aa49ab23b3761b31f5c6346c8c704c8658f108fd6af9e869ce155764","first_seen":"2025-12-11T23:03:23.605496Z","last_seen":"2026-04-05T16:55:57.830595Z","times_seen":19683,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"always.tctirbur.com/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"always.tctirbur.com","domain":"tctirbur.com","tld":"com"},"ip":{"addr":"52.84.50.35","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://always.tctirbur.com/","date":"2026-04-05T09:39:43.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tctirbur.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Fri, 03 Apr 2026 00:00:00 GMT","end":"Sat, 17 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:1B:6F:2D:65:2B:B5:95:F1:65:7D:41:B6:68:25:10:55:E4:BB:32","sha256":"A5:36:36:E9:AB:B3:2B:41:88:CD:06:3C:5F:3D:B6:AF:A9:63:69:F3:32:C2:E5:44:AE:90:C6:B4:E8:31:F8:DD"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: always.tctirbur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://always.tctirbur.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\ndate: Sun, 05 Apr 2026 09:09:28 GMT\r\naccept-ranges: bytes\r\nserver: nginx/1.22.1\r\nlast-modified: Fri, 26 Jan 2024 08:13:13 GMT\r\nx-hostname: server-7\r\netag: \"65b36999-3fd8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 f3eb7b5e20267dea293dbfae056ecd62.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: zugkCYgIBeyJFRvIQ5mQXrCFvk0PGnv5m3eWi6Iu9GVkfbRRwXfZhQ==\r\nage: 1815\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-04-05T16:35:24.062943Z","times_seen":18016,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}