{"report_id":"390c2c67-f3e0-4f76-90c1-86b217836c32","version":6,"status":"done","tags":[],"date":"2026-03-30T21:50:41Z","url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"title":"Kpsjitu – Destinasi Utama Game Online Seru dan Berhadiah","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-04T21:50:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-30","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"jestercloud.net/uploads/mj-1-20250930-053024-adb8.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-30","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"jestercloud.net/uploads/mj-3-scatter-hitam-20250930-053551-7600.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"api.livechatinc.com","ip":{"addr":"23.0.161.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"domain_registered":"2005-10-31","domain_rank":29526,"first_seen":"2013-12-20T14:27:35Z","last_seen":"2026-03-23T22:39:45.742119Z","alert_count":0,"request_count":2,"received_data":7418,"sent_data":1222,"comment":"","tags":null,"fingerprints":null},{"fqdn":"png-res.png999.com","ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2022-06-06","domain_rank":280263,"first_seen":"2023-05-31T09:46:52Z","last_seen":"2026-03-24T11:26:46.637573Z","alert_count":0,"request_count":34,"received_data":3197931,"sent_data":16260,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kpsjitu.live","ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":48,"request_count":48,"received_data":709482,"sent_data":27662,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"jestercloud.net","ip":{"addr":"172.67.183.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-06","domain_rank":0,"first_seen":"2025-09-10T15:36:22.20184Z","last_seen":"2025-12-21T21:32:02.863747Z","alert_count":2,"request_count":4,"received_data":14230988,"sent_data":1881,"comment":"","tags":null,"fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-29T22:23:59.734728Z","alert_count":0,"request_count":1,"received_data":465126,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"message.tjqkpapi.com","ip":{"addr":"47.129.137.26","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"domain_registered":"2024-06-04","domain_rank":0,"first_seen":"2025-08-11T12:32:42.612007Z","last_seen":"2026-03-19T13:38:31.556834Z","alert_count":0,"request_count":1,"received_data":231,"sent_data":590,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"analytics.ahrefs.com","ip":{"addr":"172.64.148.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2010-11-25","domain_rank":48245,"first_seen":"2020-05-06T23:41:55Z","last_seen":"2026-03-25T15:50:45.993606Z","alert_count":0,"request_count":3,"received_data":15516,"sent_data":1325,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"s1.kpsjitu.space","ip":{"addr":"167.99.75.0","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"domain_registered":"2025-08-27","domain_rank":0,"first_seen":"2026-03-30T21:50:45.404437Z","last_seen":"2026-03-30T21:50:45.404437Z","alert_count":0,"request_count":5,"received_data":599869,"sent_data":2315,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.livechatinc.com","ip":{"addr":"95.101.10.202","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2005-10-31","domain_rank":36142,"first_seen":"2012-06-22T08:37:34Z","last_seen":"2026-03-30T10:48:29.74947Z","alert_count":0,"request_count":1,"received_data":103468,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kpsjitu.live/resources/common.js?v=2023061202","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"855102b463848721a6fc6f0fb08b523a","sha1":"2e70f55249ffc84f9d0b0e730ac6050ee5bbd7c2","sha256":"696348bc15d8907f21e00e8c1cd6ebd50bc4aeb9aa9afe68b0431113029eed89","sha512":"50f3d02312f66f31a3a5dfefe74e881252754683c3bd436e1304dba5dd626fabc923eeed0b3f7878f89f54eb2c80877d08e7079a208a3c2067c098aa9044ca56","ssdeep":"384:webBf+be5MovYavaQ70Vm6oilwjZf950QtZXGV18:2PmplGr8","tlshash":"06721a5b338074a78197229901db9509f23b8a77650b0a39f071cda6acb4e9447fff68","size":16865,"data":"","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-04T11:33:08.856963Z","times_seen":149,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0aa20f30f15121cf2fb98058ff0514d2","sha1":"b0b45097c1028468be64b73955954b529de17c0d","sha256":"61bb4a4132ac35bc602ed388230aad25d7c2f3a7e9dab183ed6d80e429fcb4ff","sha512":"8f7a9a794aea0156c11b6234afc86d719d24f5fc052cfcfa29aa940149a05b6d660f724be029e7e476fa3ae4f4134021ff1c5931b79e37782b255c705aef76f5","ssdeep":"","tlshash":"23c02b8d210a1cb051f727408b3ff600b0823224d4e16931481933444d30e13fb84810","size":153,"data":"","first_seen":"2025-10-14T06:41:14.060509Z","last_seen":"2026-03-30T21:52:41.824879Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/qrcode.js","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"05f0b1d7d4b9b0b4975870606d650e3c","sha1":"f424bd339870510d1160d1c5da5d698aedbb452e","sha256":"f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d","sha512":"34551c0e59b857e6b6b233d7ee04442178024858daf5c1ed28f38bd738fa4219c4d2f718ebde4c3837a1aa46866132f22f6c317bfc2daf8678f52bea5ead7651","ssdeep":"384:ILEsd9QYYAA1TRjjrlqgbHH/sgDZUnEbBIg4:wIFbVg","tlshash":"b452c8d1f39142b7b1466cd9681f289e98e8a4a3ac14955cbfb8c0e2e674fd16478f30","size":13995,"data":"","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-06-07T22:39:13.192347Z","times_seen":4062,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=4bf7f393-3a78-4488-8a30-a4a88268b87d\u0026version=15.0.1.7.9.10.1.1.1.7.1.5.111\u0026x-region=us-south1\u0026group_id=0\u0026jsonp=__lc_static_config","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.0.161.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"introduction_type":"scriptElement","is_inline":false,"md5":"f68e9c2e5b71c887e93ee22ae4730170","sha1":"8bcbd76fe1da9c6a1ae04cc9fa4d613d1629e8ca","sha256":"71b2ccac217f50a57daebd08011e711d8bce1d0802aa95343c9ed8f904c367cd","sha512":"f1f6bac91c455b621f7014ee0058035ffbb169c7814d3413a2152c267920651c3146072b992c6b1ffc88db33c1a054cebecc04d5eb279c643be71cab54c39008","ssdeep":"96:NhUsXhUAKhUwhUtSHKJAtyXAlJ/mjIiiyfwPJ9On/m3PE2sU6ymNem13PJvCLq:NGsXGAKGwGjcQ9fIIkmymNe2xK2","tlshash":"d7d1332a435bc8b77337d14a62d7b70a34185539b1e9593fe450ca30b5852c6d205eae","size":6389,"data":"","first_seen":"2026-03-30T21:50:52.070898Z","last_seen":"2026-03-30T21:52:41.785872Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/liveChatObj.js?v=2023071301","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6d01fdc6b53045b57fa3cb73c5b91aff","sha1":"89e8e86b677ec605ca4106c6dbb7b50ee41a049f","sha256":"0cb022d913d088d3e4356c7beda48ac29975acb4260a6e22c867add9bbbe193b","sha512":"5b638af15739d7aeb399ae731c0c2c4061727171a07e72bb6fcaee42b64478a6a161fca30808e05b9b969399e719406a81dcd3f2a3cec04b70249f82f9312c1f","ssdeep":"","tlshash":"59415f7f7850a52ba6677216723ff50f1062682c5c449973b8abc7faa910ed34a07cc8","size":1929,"data":"","first_seen":"2025-08-28T03:55:32.283117Z","last_seen":"2026-06-04T11:33:09.022569Z","times_seen":110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"analytics.ahrefs.com/analytics.js","fqdn":"analytics.ahrefs.com","domain":"ahrefs.com","tld":"com"},"ip":{"addr":"172.64.148.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"661ceae031b0d59dc2f3beeac0ae7cfd","sha1":"3b7e9107ffeb21d0c41bfdeef7118ea9d58be07b","sha256":"b270afc5f9df7bcd9239c22857fb1511bba1398a28b1c3548272d720cb433c62","sha512":"b9630a50fbf1c6db29b47246715f640bdc24ed2d268627305989e615be4999fac0d8cbbef4336c2bae701eef903554954566e8dc23a6d623ddf7cfedffbaa062","ssdeep":"192:04fDU0pA7KQisEplEXQI5AuTYafgbNCz1Rx5NFKtiF:jfDU0pA7KQi3plEXQI5AygpC1RnK8F","tlshash":"c8e11a9c723075790877ada1e5ff3743f233a563a881e0914219dd802dac98f42abddd","size":6947,"data":"","first_seen":"2026-01-07T13:13:26.365481Z","last_seen":"2026-06-08T03:09:54.449185Z","times_seen":10261,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/pageConfigThird.js?v=2023080201","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ab63f5c48a95b15094051a16d7c371a","sha1":"fcbf48bfd0347a1c4be045f8e7582b51177543b2","sha256":"152042fecc3f68449c4f715976ce31890349c5da0f0726b80bd4acb556de3e5e","sha512":"35ed45b28674fa12650d24a9d23191ca23324aea3f62710c8c1886ef20adc42d9a2003dff45c44ff9ca940360c3325acd0183552fcc00c40f13b0a389fa24041","ssdeep":"12288:OXu9Ewj+sqMm09nf3kbWntMoNo7S1r7aafO2GBt:OXugsqMm09nf3kbWntMoNo7S1rw2GBt","tlshash":"09942958709820f312b35696392a2f0261e1fa17d9030e14fa2ddafa5ffedc57463b19","size":408907,"data":"","first_seen":"2026-03-30T21:50:52.052276Z","last_seen":"2026-03-30T21:52:41.782143Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/tracking.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"95.101.10.202","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"637b68a021f96a623e601792fbbda74f","sha1":"a72a9e32e24c93532c5bd52ee3f9740f502a948b","sha256":"0bdfbfd7e34c3f5029055680b704b2a065032c4903dca5756bba4a64c3316823","sha512":"a7be4208d8a0427c013879955f19036449721925bd169b78462815d8fec05208cbf0be238eae9c2e9254f9df9f5e5d646de49510f0570c50928b11f0c104fd9e","ssdeep":"1536:E5y/uRri7DJnagIckNmeuR5bydWiBwpDwLCPoRvCRW6Rtt:E4/uRu79aXuRxyk8vCdRf","tlshash":"3ca338d67282b03493f785e7a17f6216b33a291c740d8410f17cec6a396a9879177f2e","size":102724,"data":"","first_seen":"2026-03-30T10:48:37.359497Z","last_seen":"2026-04-01T06:11:13.950109Z","times_seen":136,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/global-mapper/lc_license_id/19614513/region?jsonp=__lc_region","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b17346aced6298b7e1cadcd62f40003c","sha1":"c28b849fff4b4d9d006d803bc4d18368446ddce4","sha256":"a379b1707064386da00957301b6eb053249cfb462047d44e4fb6d52898f5b78b","sha512":"93be3c00856eedc8cedd0c7bd2b2a5873aa85dcf9e893d9e972421d122c568cbb1c9b4ca633497bc80900f688898040a218616dc69a4716fcd3d5a2dc93fb928","ssdeep":"","tlshash":"8080000e20002ae30a20ef3e8023ec0cb03e033223008288c302208228002b0822ae0b","size":35,"data":"","first_seen":"2025-05-16T12:26:33.454661Z","last_seen":"2026-06-07T08:09:45.682147Z","times_seen":27952,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19614513\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fkpsjitu.live%2F%23%2Findex%3Fcategory%3Dhot\u0026channel_type=code\u0026jsonp=__nbhvp934tc8","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.0.161.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b538ddd9ae35e34fcd303a08e6428419","sha1":"d687228bb836b95d258d51d920ce75a0d8587362","sha256":"08fac36d2f0a37d10bf03be1cdda187aa0d9dc57776ed48d5a5aa0235609be50","sha512":"d0103fae14d5adf2bc72a4ef5b57e8f053da8938391bdb68610b73afbeeab34430fae1b8d167b0c18477a93a7582295e4d0bacd4f175aef47a2eb18815629be3","ssdeep":"","tlshash":"7ae068a3a62544315ac0e3f668503a43d63483b36a816db8f5a92340522b7cd2334a47","size":382,"data":"","first_seen":"2026-03-30T21:50:52.044432Z","last_seen":"2026-03-30T21:50:52.044432Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/frame.js?v=2023031601","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"954f70f07f05742168adceba796dda72","sha1":"edf8a6a066f201b1ffad32c585bd79c9982d4433","sha256":"4da87c258eca460d39cdb0f6158cbf69af539d05a1d14f1bc011518511d02228","sha512":"66ee57172810e0002c308c1fd5fc008c1c64573602627ca0313d97742d830c72bb7d26dd3b069e1835c5e3d6f8721f856809eb9ccef18ce8934ff7758f645717","ssdeep":"1536:VjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvv:VeeIygP3fulzhsz8jlvaDioQ47GKK","tlshash":"cb93f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","size":89797,"data":"","first_seen":"2023-04-01T10:27:31Z","last_seen":"2026-06-05T14:58:57.367763Z","times_seen":1037,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"826f024eaf00742ed35f5443b1579806","sha1":"66f06ce1c9d5850254644c9ad0fe0b5f6ac2b268","sha256":"6af8a1b383670a513ba2f357fd107d9b6022d03c9c87baaa3822c4d201ce9f41","sha512":"4cce51ccdd2af8ca8c87b7fbf29682d7a521230f2d6ae4dbae8e6adee6e12dd3a02ee73e0cc1934a4fecd12cecc619f7e9938c160248e98429cbd2a61d85cf21","ssdeep":"","tlshash":"fef02b8d3ca6f06337fa3a38c2238b6f33a2170176839524c646cc3478608865887c8e","size":445,"data":"","first_seen":"2026-03-30T21:50:52.123683Z","last_seen":"2026-03-30T21:52:41.825569Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ddc69ce25f3508c1418b46d7a5086a2","sha1":"6efcd41e22ade78da53ace3f8ef4c5b65d08e2be","sha256":"f41e52f512af6b9742f98aa6402a2dc113eae8365adadeb70c78e43e945af74d","sha512":"14261a8c3a9847f6d447a042f993a03ebca6c79ca7bb5d8141c53cc7a6976e52580b27252713e6fb930b5d4df4cc706429e2f1691aa51da032ae9db35e229a97","ssdeep":"","tlshash":"69f0a35d3c56b06737fa3578c3278b6f3355170175835524c646cc2578648d65886d4d","size":444,"data":"","first_seen":"2026-03-30T21:50:52.124512Z","last_seen":"2026-03-30T21:52:41.826392Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/m.index.js?v=2023102601","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"822514a1e5b315b585435d8fab1e1cc9","sha1":"9353b23257aa4fd3a9a1fa40f3c3e15800264eb4","sha256":"710468725c497e5360235b0608de622e29ff1178d74e5b83450574756840220b","sha512":"cd2553d3ecc98ea5016dbe97f0bc84c518f616ebe3367410eefb2c37d08754f903d04eb98acc208d240124baf902b5e86ed72ece8105840be621cd654e79d4b1","ssdeep":"1536:vo/g18+AK3y1pbQru0iTsMv7qf9HjZ9uN1JycxPB:vo/R+zy1sLihoZs1I4B","tlshash":"c4a3195e748515b703f721ab346e6b04a173e90ec8530904b76da8e81ffeec9a572f24","size":102250,"data":"","first_seen":"2025-11-23T09:56:37.590788Z","last_seen":"2026-04-08T01:47:55.432494Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"560107389ec33c724de853c2dca942dd","sha1":"48e065847fe411e653f98c1c1f4fc3df6b0d1153","sha256":"7d1fd78636cdfc09bc3efa5f9bee47597364b1b41d4194b03eb16bb6a9a1c538","sha512":"a3b56b66be483f1139785e3b9af71d6a5f0ea7b81bae8df11f32655009a2804484f7bbf906552322e172bc0b4458b246aeba8cae2a029d68ee10b77fb8d60d88","ssdeep":"","tlshash":"99f0238c3c52b05337f93534c2238aaf33a1070035839524d605cc24b8545861846c4d","size":445,"data":"","first_seen":"2026-03-30T21:50:52.125409Z","last_seen":"2026-03-30T21:52:41.827142Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"91fa52eef67cf48cc93a0ab3a7666480","sha1":"035c2de3ea23488892086e9069d9539ddd6c0cc9","sha256":"b13bd57dc0ef0bac0177120beebe6d7ef94c7baf846062501cad133f3f81930e","sha512":"c4eaeb1c68eb0a65015f334628796584369c85c3c7fbe0ce9ecab2fc83b74098c68ca1435d768a5e023d7af880edf63b400876ba94047bf949fa6e77f9212aa5","ssdeep":"","tlshash":"9df0235d3c62f02337f93534c3278e6f3395070031839524c606cc3438644c61886c8e","size":444,"data":"","first_seen":"2026-03-30T21:50:52.126346Z","last_seen":"2026-03-30T21:52:41.828279Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-6QVTNVEL3J","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"602fcd1442b159315d3b6e1a71108a7d","sha1":"cd2e8f907d855a8e9dbb1943e54c09bc4dfd8c9c","sha256":"6dbe8e2bd99656bd83cc407c4b03df54119b6feed6d245091e2e5ec3a5642480","sha512":"a5c20957a8be4cb5be25d7d462cfb280fbfc23590984f4a3bb33eeb536d4f2599f6daef7710bd63fb806b646f9dec6bbf530a96e83c01f3672a7103b6a093305","ssdeep":"6144:9BL3joXfV8266D2hfx/sfr8QVe6lasrfUGzT64PzinlbbmMsPg:YV8266D2DsD86VBqbkg","tlshash":"0ea41aceb3d674225396f478503f018ba57b29a2b44cc89af189cce42e7465a4277f7c","size":464522,"data":"","first_seen":"2026-03-30T21:50:52.053995Z","last_seen":"2026-03-30T21:50:52.053995Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"analytics.ahrefs.com/analytics.js","fqdn":"analytics.ahrefs.com","domain":"ahrefs.com","tld":"com"},"ip":{"addr":"172.64.148.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"661ceae031b0d59dc2f3beeac0ae7cfd","sha1":"3b7e9107ffeb21d0c41bfdeef7118ea9d58be07b","sha256":"b270afc5f9df7bcd9239c22857fb1511bba1398a28b1c3548272d720cb433c62","sha512":"b9630a50fbf1c6db29b47246715f640bdc24ed2d268627305989e615be4999fac0d8cbbef4336c2bae701eef903554954566e8dc23a6d623ddf7cfedffbaa062","ssdeep":"192:04fDU0pA7KQisEplEXQI5AuTYafgbNCz1Rx5NFKtiF:jfDU0pA7KQi3plEXQI5AygpC1RnK8F","tlshash":"c8e11a9c723075790877ada1e5ff3743f233a563a881e0914219dd802dac98f42abddd","size":6947,"data":"","first_seen":"2026-01-07T13:13:26.365481Z","last_seen":"2026-06-08T03:09:54.449185Z","times_seen":10261,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5446c79efaa0e9c3758e3f930f307aa8","sha1":"d6afbb177ec88d9088341771ab10a4a30a8e820c","sha256":"0aa1a43dd645591aed92dc46a0c013aa686bfe3aac7719c3dc6f2eb9d4ab2aea","sha512":"1c778a4d6ff5b8c0912e7852d40edd6ba2b7cd5758aa45d73191df294778a280e9d0334f252d36f43c33ba1eaea5e1ef7616ff4af9cf5af0d9324f518f5e0012","ssdeep":"","tlshash":"e1e02da22d08ac632bb023b460bb961a3482210031995b41c59ca50032220ab8017a88","size":329,"data":"","first_seen":"2026-03-30T21:50:52.127185Z","last_seen":"2026-03-30T21:52:41.828973Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"23cf6d69084d6d38631231388e4c92e5","sha1":"b1cf16995ad65a3524eca41673ecd0f961c407d0","sha256":"664c0025227ff27f096d2910be7958bc666fa2098cf41bea86400594b5d63498","sha512":"ff2d2c500b0d5dcf840fe2b1e05e8b30d8559f0cf3b432d07b4cce571940f30441281146bcbab3fed4f5dfef7a6617877eb9955076e0b5ae5f6e14c318a2b4da","ssdeep":"","tlshash":"e611fd6852f56374993376600b0b7b05323a22033c80d8993e9e8b890f4cb9cd673be7","size":955,"data":"","first_seen":"2026-03-30T21:50:52.127997Z","last_seen":"2026-03-30T21:52:41.829631Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"577b75469a3768905dc929b3ad4e05ce","sha1":"5e48e36da78eccabaf17e3ca824b991dc4a44452","sha256":"2ed74145febaa25618ef6d1dd9fd57ea27e88f1d2928f16cea5dc7a8c3133049","sha512":"96dcc408c64a4b4f04618603a27f94b5c344a16427a44da2b32ba5e2450e0fe9b26c17c9cbae219c34402c9cd83575cffe95378783ed800d9231b16ef908b204","ssdeep":"","tlshash":"b831e22407374434833b2265278ba3407174215baa49c95e3edecb555ff2e4297f37e9","size":1779,"data":"","first_seen":"2026-03-30T21:50:52.128862Z","last_seen":"2026-03-30T21:52:41.83034Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1879cf952f5fc8ff6dda65e068e8e28d","sha1":"76c000194ac8cf658cf3f72ff506b8ce4ca56492","sha256":"35a7b07297f69fcbbff1b8272f60d4c696ae1d813ae1573319382588a89ddf3b","sha512":"1916d78d6acd6d83514577b7c012cc73b19be43cfef654060e142d2cf5640b9050ed7e6344284b9bcf6903b141af63bbbd465e9499a5d9f8182ea1af9888e1f2","ssdeep":"","tlshash":"a121be8536fd093704a34813df4be10ef22871439007da483b4c57da2f64d2c8696adf","size":1234,"data":"","first_seen":"2025-10-14T06:41:14.076001Z","last_seen":"2026-03-30T21:52:41.831161Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19614513\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fkpsjitu.live%2F%23%2Findex%3Fcategory%3Dhot\u0026channel_type=code\u0026jsonp=__nbhvp934tc8","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.0.161.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_dynamic_configuration?x-region=us-south1\u0026license_id=19614513\u0026client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5\u0026url=https%3A%2F%2Fkpsjitu.live%2F%23%2Findex%3Fcategory%3Dhot\u0026channel_type=code\u0026jsonp=__nbhvp934tc8 HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-security-policy: frame-ancestors https://kpsjitu.live/;\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nx-frame-options: allow-from https://kpsjitu.live/\r\ncontent-length: 382\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":382,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (382), with no line terminators","md5":"b538ddd9ae35e34fcd303a08e6428419","sha1":"d687228bb836b95d258d51d920ce75a0d8587362","sha256":"08fac36d2f0a37d10bf03be1cdda187aa0d9dc57776ed48d5a5aa0235609be50","sha512":"d0103fae14d5adf2bc72a4ef5b57e8f053da8938391bdb68610b73afbeeab34430fae1b8d167b0c18477a93a7582295e4d0bacd4f175aef47a2eb18815629be3","ssdeep":"","tlshash":"7ae068a3a62544315ac0e3f668503a43d63483b36a816db8f5a92340522b7cd2334a47","first_seen":"2026-03-30T21:50:52.044432Z","last_seen":"2026-03-30T21:50:52.044432Z","times_seen":1,"resource_available":true,"data":null}},"time_used":176,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vs20olympgold.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vs20olympgold.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 80809\r\nlast-modified: Mon, 28 Apr 2025 02:58:31 GMT\r\netag: \"680eeed7-13ba9\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80809,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced","md5":"c9d79a383be1713ea529e639996ab7c9","sha1":"56d0d0811ccefac77e1bd4a837f668bffc40d624","sha256":"68c0939b0185cbcf81b276f63860efe0aadf87f4d65a73cd90e05db6e7802e36","sha512":"378d33e27c9e5eef1b8fd7654b0c4bb5c4c32eb72cd0902e399750e5281d0e94b123caebe2ef7f3b5c5332b207e501bfcb260b23c8bf0d784b380d547edc3d12","ssdeep":"1536:eTBtMOW/D4CLb5AU83ER7d4ylWkGntDUlUi2DMJAxUN/WauW5j1i7:eTUn74CH5AXK7Gk0gVDJA2nuIo","tlshash":"2d8302e55008b1a26ead93938bf817480f84d72bf72777d182839a4319b8dc6dd57bc8","first_seen":"2025-08-22T02:45:47.817208Z","last_seen":"2026-05-30T21:03:18.030021Z","times_seen":66,"resource_available":false,"data":null}},"time_used":638,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":353,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-forgot.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-forgot.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.style.css?v=2023090801\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-758\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IptYcQyXRm5leWHL2MVJtqmIxa%2BrOjy6tvPAfhBR7mA1QddSdupA214qKAP%2FmZk7YXpmyCfNHIJgDUqYJcCCGla4gcaifv48uuhYqZwaYKW1wz%2FZ%2Bet%2Fj2bSbULjcLk%3D\"}]}\r\ncf-ray: 9e4a5450fda4b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1880,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3a89dbfa3257d48345e252954e547734","sha1":"983c290d75ebba1cb4e78114262697356ce310c4","sha256":"0f8c513854865c5cd1ca9380c547b15504cad6ecf9d1aeb860f1980f963768c3","sha512":"b583c89a9fc779aed84566683a2a4af12a9176381ed755ba43c8dd4356ca180a0a843d5c49f06c4d1820efab637a03196be8c092972691d9c49d3cf2fcf7e08d","ssdeep":"","tlshash":"5f413d1a8255e6b29d46c33c69f16844a4488dd6e0b0f29c7c9b148bee0ccd0c698fee","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.725518Z","times_seen":118,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":724,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/office/game-oc/game/getNodeInfoList?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /office/game-oc/game/getNodeInfoList?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: https://kpsjitu.live\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 3600\r\naccess-control-allow-headers: Origin,X-Requested-With,Content-Type,Access-Token,Authorization,X-Access-Token\r\naccess-control-allow-credentials: true\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 3\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5XAcT%2FiPXO57grdKshtExGPYPd0cVpYfmMW1FyeLDLIVx%2BsTzg6zH2MnUwbfEo7G4dm0hVVoIJxe4%2BvqAgWudcoiUbWDHalbFuYDlcXs2JWGG2ul%2F1aUun2SOde1qK8%3D\"}]}\r\ncf-ray: 9e4a5456fe32b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5192,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4fd42c4957fb32c675445608a2387d79","sha1":"2ef819a0a64696273e20f7937018a3b18a23eac4","sha256":"6bf2a00c8685483d9c6469565550ffd73ff857bd14032bc158e9a6cc362f6bc1","sha512":"1907930e8c7e4c06ffaa00891809d3d49278458aab14781be87b85fe6c919617d29e6db5b484ccc72431e6faa1e9e434831aba7e22fafeeb52d7339d9c20c524","ssdeep":"96:l+alJjUM+aUNjZQ+a53UF+acvK+axeK+aDVy+aJVd+afeq:lZ7BZ6aZ5qZcyZxPZDIZJXZfp","tlshash":"a5b1ac9459289ed63699ee55322cbe436bfc113f8e458fb0758dcf1ac4f62b91232213","first_seen":"2026-03-30T21:50:52.047281Z","last_seen":"2026-03-30T21:50:52.047281Z","times_seen":1,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnTogel.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnTogel.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 22930\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-5992\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22930,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"56883bbb56bd40a1383c0684a07a7af0","sha1":"3690be948eda2a9e22b4254d6619f3844156749f","sha256":"c3bd90399dbbf27e9b8f9f60539a03640025ca4a61b73e9ae47e1bc6213b2bb6","sha512":"6def86982f499f7836faff7dfb101eb81d55930d36826d622902cf6828f21ef5c607b1c56ca51f416431841651a518646f14f214e9009984589e68fc3495ee9a","ssdeep":"384:SIX32Dq2XFAmGwcaO7TYmjolVdOr5/O2jdSVkP/r0MMvRh/yCIjQ+RUd3e2:Ryq+AmpOfYPaTjUkP/rtwGCIc5e2","tlshash":"c1a2e158866283f7d85a63429ac0927750ff0d642ffd4395042d7e817341d16d6af39b","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-05-30T21:03:17.98185Z","times_seen":36,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-psw.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-psw.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.style.css?v=2023090801\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 716\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-2cc\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GylS3JX0etPql55EBpmvRkpl9%2Fef9AfGQGVv1P38fFLJQ5CKBmp2cYawcvFcoRmfRl8%2FFT9su9LsbRiytT6OSgUW9SiuWQJyWZHYkpRjahmGMvpkke6alz3OnI11M28%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54526dbbb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":716,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"59b9389c74d505554861aa406ed0ab52","sha1":"cea6cd88857582a1994a1dbcdc93d72f6a226cfb","sha256":"5e06e2ed0a8d9ad570944b8f4dd8036ed2e50e049dfcbc5b1294823a4b5590b2","sha512":"b727d71ee9115d833abaf20a28efcda8396772f6e67425778a1fd7633ed4a4343c13296e5447c816ac2cb85f61d1a3eb2df6412f54b1a451907c5847b67986cf","ssdeep":"","tlshash":"860115d116385548c5466c115dc2db8a15ffe440a69d11494fb4c46167d9189e341f4a","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-04T11:33:09.08438Z","times_seen":141,"resource_available":false,"data":null}},"time_used":720,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":720,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/auth/commonpay/pay/common/getPlayerAvatarAndBirthday?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /auth/commonpay/pay/common/getPlayerAvatarAndBirthday?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kpsjitu.live\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 1\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M7qSe3Myi4T%2BsfoOXdughm4QgpG%2Ffs98CicQ1%2FxJmFFfbxq76mo5zxCdZ9QjJNi%2BL5juMq2uiHNNDp0o0nv%2FQiOUMM2l4nrF1apKzPmQc%2F1WZT6pkPp9Ud6JaBK8oVs%3D\"}]}\r\ncf-ray: 9e4a54586e40b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":119,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"dbb296e8a3fccd2f504984e53443fa17","sha1":"5c6ffae026906b3ace628f75183ff3c95fc2d29e","sha256":"d37cd8caa6e9eefcc347ba8abfd008cf0d4b192d45bb621ad5bd12326d20057c","sha512":"6dc68b50fbbf364913b380b91da63376382e6787fffef77f2dff4d7a94adad5bf0d87ec68c40f6515220f8545eab898e30f6ef2e11a909161ac5eb9e07dbbd11","ssdeep":"","tlshash":"dcb0925502585d7b261259c2a00cb9d122fda183a954182a98192b783af48a6366b20d","first_seen":"2026-03-30T21:50:52.049037Z","last_seen":"2026-03-30T21:50:52.049037Z","times_seen":1,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":196,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/loading.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/loading.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.common.css?v=2023083101\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-767\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uCap1I%2BugmVDi2wsVpDiAMol6usPLcaYS%2Fh6MGSM9gcgMIin1NiPbqngZ7VndQMhIzy%2B%2FV4pAjXNMl1RiJfwraalecYw94g%2BviKa3JN%2FVtxLw5Rpd7FjbnNQTjLBKTY%3D\"}]}\r\ncf-ray: 9e4a544f8d93b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1895,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0105b09f81afc460c37a624346595dc3","sha1":"91ed0fa42843cd70422ad8261f6d0da8655ed707","sha256":"0e5d169df77a7a7fc2e0530f38b56141a82035844cc18ee5317e4ca37b7faa9d","sha512":"f2e82450752100e77651131b63ef9ef82680dd78c9b9528cb76a3df1f5a33a3ce81f8b500e5bb51d67c25907759c612a01e12e2e09d8e644ec28b2ec282770d5","ssdeep":"","tlshash":"6941423483d249eaac05862da4d01e4930e9ddab74b1e5ccfc8f581fd08c8e81470b6b","first_seen":"2024-01-01T02:54:44Z","last_seen":"2026-06-06T08:47:49.855711Z","times_seen":124,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/tabs-withdrawal.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/tabs-withdrawal.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-9b4\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jg9bPPSIulJwAf0inMX7owxZDX%2FqI%2FJxO66GwRSjW%2BV%2BgjGnYs2wp7B9FzrwQh7JxZQn499P8mb%2FcUS2ELDII8N8wTzqPXjBswwpvatcBTBE%2FOFXvvJGMqRpjRMK%2FPs%3D\"}]}\r\ncf-ray: 9e4a5450eda0b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2484,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 76 x 76, 8-bit colormap, non-interlaced","md5":"57d33515f662aea08c2fe9297153782a","sha1":"facc5ec4abf8898e10ceaf82e9f592de9b14a828","sha256":"7626215e54ccd3d1e42a09a5efc18dd7d24edfb690e2d6be80bafc1f1b1fb70f","sha512":"618b150560a95a28a1f5bea0549bfd0319d1ea5cee310a435588d4e988e171129241aa9656f3513fedec7d3e52699fc882918deba15bd320e16a27846ca51255","ssdeep":"","tlshash":"e0514c5f6ea00da7a04323b3ba1476b2ce9f556f6864c55c840cccedd6700e963cbe49","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-06T08:47:49.795399Z","times_seen":138,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"jestercloud.net/uploads/vicitoto/GIF-ICON-GAME-20250923-102228-e323.gif","fqdn":"jestercloud.net","domain":"jestercloud.net","tld":"net"},"ip":{"addr":"172.67.183.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jestercloud.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Mar 2026 18:19:07 GMT","end":"Sun, 31 May 2026 19:17:32 GMT"},"fingerprint":{"sha1":"A0:FD:C4:87:34:E5:4A:82:F2:77:62:84:14:3B:1C:90:DA:B6:C6:98","sha256":"98:B1:A3:D9:2B:D1:DA:8F:6B:5E:BF:9E:C1:32:1B:AA:82:72:B6:32:98:94:A2:AF:79:A0:2B:AE:9E:4A:15:73"}}},"request":{"raw":"GET /uploads/vicitoto/GIF-ICON-GAME-20250923-102228-e323.gif HTTP/1.1\r\nHost: jestercloud.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2497327\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Apr 2026 21:50:22 GMT\r\nlast-modified: Tue, 23 Sep 2025 10:22:28 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T2jjs6B7Dfvy%2BjZbeZZW47vFsxZ7jharxBZYRGt%2FshUyoUk7oYsXas19zAxenW7C%2FpTaWt50rW%2BJZ4Y4OTloGH9w4TgIl2bLRHNf%2BfqUzlFaGRTkTHKDLuo3mE13Gt4g7Ao%3D\"}]}\r\ncf-ray: 9e4a545aecd2b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2497327,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 400 x 400","md5":"f5ed1efacc75202cc7f26bc969464aaa","sha1":"9ac5fde964f31ef0a5c8339e906da57c0d207b82","sha256":"4a2c8e0e8bfa1da09ef516078bbbdb2e7b3b11ad08be9645ca1fc99286068a14","sha512":"706f936b6967bf0652d7e17f356226c603937684979b39bfa4b867ec7874b879c97fac76b805fea24ce6f88d7b6baea79bb23df752dc5dc8418601a4a1bfcaa6","ssdeep":"24576:ZqaQOYcK0SrhMhW/Vc8fIQLvaERJ1fcjGxW91pVIVw:4akxr2W/VZfzjYjR","tlshash":"8c2533cac3d126c2e6bed3f93f9e98b25f8d0504518b0f3460f4994349c93a3ed659a9","first_seen":"2025-10-14T06:41:13.803348Z","last_seen":"2026-03-30T21:52:41.776068Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2109,"timings":{"blocked":83,"dns":22,"connect":1,"send":0,"wait":758,"receive":1183,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/pageConfigThird.js?v=2023080201","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/pageConfigThird.js?v=2023080201 HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 30 Mar 2026 06:00:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69ca1166-63d4b\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":408907,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (29561)","md5":"5ab63f5c48a95b15094051a16d7c371a","sha1":"fcbf48bfd0347a1c4be045f8e7582b51177543b2","sha256":"152042fecc3f68449c4f715976ce31890349c5da0f0726b80bd4acb556de3e5e","sha512":"35ed45b28674fa12650d24a9d23191ca23324aea3f62710c8c1886ef20adc42d9a2003dff45c44ff9ca940360c3325acd0183552fcc00c40f13b0a389fa24041","ssdeep":"12288:OXu9Ewj+sqMm09nf3kbWntMoNo7S1r7aafO2GBt:OXugsqMm09nf3kbWntMoNo7S1rw2GBt","tlshash":"09942958709820f312b35696392a2f0261e1fa17d9030e14fa2ddafa5ffedc57463b19","first_seen":"2026-03-30T21:50:52.052276Z","last_seen":"2026-03-30T21:52:41.782143Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1106,"timings":{"blocked":370,"dns":22,"connect":1,"send":0,"wait":350,"receive":0,"ssl":356},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"POST /auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 22\r\nOrigin: https://kpsjitu.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":22,"data":"contentKey=phoneGlobal"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kpsjitu.live\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 2\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hKlqZT954w0%2BsX%2BKkfJvPjgclbDpv5axkCdC5zSvleWrziQwE6TpjWXk9IfvIyMaEXzRxI7h%2BVCN4Vuq%2FHavmz7Udl7BelvSo6OlpmWoeWSXRXkRpEiL31tmiVAsskA%3D\"}]}\r\ncf-ray: 9e4a544f9d94b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":543,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f13f03802491943f2d736cb0ca71f341","sha1":"46768162d2dbbf0bb697942059b60f7b82920ccc","sha256":"f37c3000a7fc0a3e56b4e7370d2ef595c44172e413fbac32be74d798a7486fdc","sha512":"f95dadae9460a0bd7c2a583d61cc83c01b5a91bdb6b9d14d58e400589025b499fdc0eed644a10e5074b02a86c1ea78ad2d5867c121c1288ea316551adc9a76c2","ssdeep":"","tlshash":"30f0c0a75c1de6225385891d117e7d22f49ed259d144ac7d86a0c53c58e0b311ad2f4d","first_seen":"2026-03-30T21:50:52.053142Z","last_seen":"2026-03-30T21:50:52.053142Z","times_seen":1,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":193,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-6QVTNVEL3J","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:36:15 GMT","end":"Mon, 01 Jun 2026 08:36:14 GMT"},"fingerprint":{"sha1":"58:CB:88:A1:C4:55:4E:E5:46:DC:A0:9C:B3:54:25:79:20:1E:E8:09","sha256":"0B:B5:96:A2:57:57:EC:BA:63:14:8A:AF:4C:C2:32:63:18:8B:75:80:8F:78:1D:1F:5B:00:B7:B3:7E:C9:B7:18"}}},"request":{"raw":"GET /gtag/js?id=G-6QVTNVEL3J HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\nexpires: Mon, 30 Mar 2026 21:50:19 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 154368\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":464522,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"602fcd1442b159315d3b6e1a71108a7d","sha1":"cd2e8f907d855a8e9dbb1943e54c09bc4dfd8c9c","sha256":"6dbe8e2bd99656bd83cc407c4b03df54119b6feed6d245091e2e5ec3a5642480","sha512":"a5c20957a8be4cb5be25d7d462cfb280fbfc23590984f4a3bb33eeb536d4f2599f6daef7710bd63fb806b646f9dec6bbf530a96e83c01f3672a7103b6a093305","ssdeep":"6144:9BL3joXfV8266D2hfx/sfr8QVe6lasrfUGzT64PzinlbbmMsPg:YV8266D2DsD86VBqbkg","tlshash":"0ea41aceb3d674225396f478503f018ba57b29a2b44cc89af189cce42e7465a4277f7c","first_seen":"2026-03-30T21:50:52.053995Z","last_seen":"2026-03-30T21:50:52.053995Z","times_seen":1,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":72,"dns":1,"connect":9,"send":0,"wait":34,"receive":27,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-9.webp","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-9.webp HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4016\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-fb0\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cfxcHiJ%2BVHzoOw1WZAflza0FoRTZ%2Bz5P%2B1tdd%2F59KlOlZqWljsB4kM%2FDMZwPdRPeqnrtkmOBMHLkGSFEEKNcyWfUhuR5taK7jc34bY%2BQLwAUlCx1WA46FvkUClqn7PI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54562e1fb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4016,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"580e417b25a02581b17b25f570dfa795","sha1":"546cceb8c32c12bfbfc9b73008495e7c2ea50072","sha256":"87152e5c6abca6bc9a9cb2825d90eed099ce23c453c6c146f92c314c7e9a27d1","sha512":"c772dfb55195e1c3acaf2888be50fd124ea7d2f2e82333b93b41020d1aeb25d384d87f8daeca69fc909def33c7a2765e47ae69db776d36e1bec6fe779affc986","ssdeep":"","tlshash":"ad817ded042a2608a40a1077ddfdfb8eceac79144c97a6d1a87a26419834bd2cc5cf17","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.766509Z","times_seen":141,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":727,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vs20starlight.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vs20starlight.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 23013\r\nlast-modified: Thu, 21 Nov 2024 01:28:26 GMT\r\netag: \"673e8cba-59e5\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23013,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"3926dc47618443b802d6d0301574b606","sha1":"62f20fc060496fbafa1214610fd3377d653ed90c","sha256":"325ab3ce363780d464af55fd58f7a311c11f0979fe71cc0f826abd45e7f6b0ae","sha512":"5940c6f90f4376561768e923f760bd4c8358baaf21129d7391926b85affb36cc025bd003ad2b57d68c2b547e926a61c7b487f07bed1500dc2906dc0de6c860ad","ssdeep":"384:KOpyWVVYYFuIrOwLSi/zZsrUjdpcmOCHyh5p3CmdeAiyr/TQLNJxrSOxteumgzty:Tpd0PQnwUjoPhP3LJsHRrjQ3","tlshash":"6da2e19053478ce58a1e4c3e2db81ebf3b2cd81a76a5c6182e3ad56d0bddc815013bd9","first_seen":"2025-06-27T10:42:52.349571Z","last_seen":"2026-05-30T21:03:18.102525Z","times_seen":26,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/assetss/blingbangball.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/assetss/blingbangball.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 368560\r\nlast-modified: Thu, 05 Jun 2025 03:03:29 GMT\r\netag: \"68410901-59fb0\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":368560,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"9785e73a4e8f14fc747aadc8c42ca873","sha1":"c00b363182c5b27344e74c858f7d71a2aacc11a2","sha256":"038d9821527349d3375aaa84750f5741275f91c4d44e11bf28bd7a68e551e499","sha512":"c69572ea13cf5b09d8f027bfbf508b11cb41a6548b3b59a4ed4748ebb349f80a750a7d4c6cb93a6b2bc4657b86d45c97359a2e788669e992f27697049efc3e27","ssdeep":"6144:JPQlxKv/h37ljPPhBQGDZ7vpWgqVMgLlhYo9LEvW1NJBUVVGfxoOEz+vV+7qY+FJ:JPQlxKB3pPhDdpWbVM279LEG2CoOECvb","tlshash":"dd7423008757c27369a2f27e84cc163bdb9d1788767dc9cca8256f1daacb0051ff5a98","first_seen":"2025-09-20T10:52:06.43363Z","last_seen":"2026-06-04T11:33:09.118567Z","times_seen":42,"resource_available":false,"data":null}},"time_used":694,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":427,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"analytics.ahrefs.com/analytics.js","fqdn":"analytics.ahrefs.com","domain":"ahrefs.com","tld":"com"},"ip":{"addr":"172.64.148.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"analytics.ahrefs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 07:42:18 GMT","end":"Sun, 07 Jun 2026 08:42:16 GMT"},"fingerprint":{"sha1":"AB:42:29:51:83:63:61:89:2F:B7:21:11:53:AE:81:BA:58:56:D5:67","sha256":"88:12:1F:4A:F5:98:86:1D:DC:9B:9F:7C:01:E9:39:74:04:FA:E7:56:29:00:EC:59:DA:1B:D5:81:4F:88:3B:6C"}}},"request":{"raw":"GET /analytics.js HTTP/1.1\r\nHost: analytics.ahrefs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 2692\r\ncf-ray: 9e4a5448e94e56aa-OSL\r\ncontent-encoding: gzip\r\ncdn-cache-control: max-age=18000\r\naccess-control-allow-origin: *\r\ntraceparent: 00-98320bb363b84a4995530ebb9a68bd43-94ecaeefd1454596-03\r\nx-request-id: 3e744e86-4fb5-49c4-aa1a-05b4b0167162\r\naccept-ranges: bytes\r\nlast-modified: Mon, 30 Mar 2026 17:47:04 GMT\r\nvary: accept-encoding\r\nage: 14594\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6947,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (6946)","md5":"661ceae031b0d59dc2f3beeac0ae7cfd","sha1":"3b7e9107ffeb21d0c41bfdeef7118ea9d58be07b","sha256":"b270afc5f9df7bcd9239c22857fb1511bba1398a28b1c3548272d720cb433c62","sha512":"b9630a50fbf1c6db29b47246715f640bdc24ed2d268627305989e615be4999fac0d8cbbef4336c2bae701eef903554954566e8dc23a6d623ddf7cfedffbaa062","ssdeep":"192:04fDU0pA7KQisEplEXQI5AuTYafgbNCz1Rx5NFKtiF:jfDU0pA7KQi3plEXQI5AygpC1RnK8F","tlshash":"c8e11a9c723075790877ada1e5ff3743f233a563a881e0914219dd802dac98f42abddd","first_seen":"2026-01-07T13:13:26.365481Z","last_seen":"2026-06-08T03:09:54.449185Z","times_seen":10261,"resource_available":true,"data":null}},"time_used":75,"timings":{"blocked":24,"dns":4,"connect":1,"send":0,"wait":15,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/icn-hot-checked.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/icn-hot-checked.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 10321\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-2851\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10321,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 186 x 186, 8-bit colormap, non-interlaced","md5":"c9ecdaa99be21577a14d95278d269436","sha1":"062cc679ea0d972f21b1928b1e308ae9f3574bc6","sha256":"a8875a05716ed1b074d90d48013521a1ed1cde4bfe0603e6a7247366fc22f4a6","sha512":"7de51918a9292a3e2673f43e5dc6cd2346144f60d9573b257ef85a6f6a68be67cb31b92eacb5e67bdb41535b9bb698468cbbb13bfda79361dd93272d381bdff0","ssdeep":"192:BX40vJ0LThx4gNPVvO4LpTDGYs9tdpQXeoAyf9AxBLIPeCm:9J6lx4g5FO4lyYmnpQOoAQAxBLImCm","tlshash":"d822af32d0e3da962dfc4e5146a9d3db56dbfe216a7134600c9a36f5357e03fa246803","first_seen":"2025-06-10T18:00:27.019214Z","last_seen":"2026-06-06T08:47:49.778712Z","times_seen":108,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/frame.js?v=2023031601","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:18.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/frame.js?v=2023031601 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 16 Mar 2023 11:39:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6413000c-15ec8\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j3ChuRsyBUZEMbg1M9nQ7Q9EA39dj0pJBHKgsLU5F%2BJMSCC32DN2WjVNWaEdIPFcP0xLLhBR6flr3OGQyIhZUxvUiZKfzoKx%2BtNfXAXGR6oN2rKv%2FsbaAVW%2FJlps%2FT0%3D\"}]}\r\ncf-ray: 9e4a54489d54b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89800,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65446), with CRLF line terminators","md5":"954f70f07f05742168adceba796dda72","sha1":"edf8a6a066f201b1ffad32c585bd79c9982d4433","sha256":"4da87c258eca460d39cdb0f6158cbf69af539d05a1d14f1bc011518511d02228","sha512":"66ee57172810e0002c308c1fd5fc008c1c64573602627ca0313d97742d830c72bb7d26dd3b069e1835c5e3d6f8721f856809eb9ccef18ce8934ff7758f645717","ssdeep":"1536:VjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvv:VeeIygP3fulzhsz8jlvaDioQ47GKK","tlshash":"cb93f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","first_seen":"2023-04-01T10:27:31Z","last_seen":"2026-06-05T14:58:57.367763Z","times_seen":1037,"resource_available":true,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":732,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/tabs-deposit.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/tabs-deposit.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-a91\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cEPQPXCgKbNEYQ0pHbe%2BfQTD6VNg9FdNKAjXcouM1VpRWAE%2FDqCwzZp87k9bwW1J872ntmN8VfQpvGG1Ru%2B%2BBMWxtwN2alwYmlM9WKEKpAewggIiT6MPbkxW8ExY2yA%3D\"}]}\r\ncf-ray: 9e4a5450dd9fb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2705,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 76 x 76, 8-bit colormap, non-interlaced","md5":"b5728a2930bd09132d2adc5821045cb8","sha1":"7f37933f191eee3f1bc60ee51b076782f8925372","sha256":"d0c7103f6f169405c3473b5042519cdf008c46588d54ed75900e16dd3781c7bd","sha512":"b7b5341a9c29a36273e0f0a77b76d87c7affd5b1385d5da329fafbacc46621cb96605237b5b3cab922a99a4e7b41078eecc7853927a6e52ec0201ba3db743b90","ssdeep":"","tlshash":"b8512aea00bb0176cb1845136a302d5f4a2c0a9fb2c4683db54684fb6ec741dc0791bd","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.808299Z","times_seen":138,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":727,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/arrow-2.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/arrow-2.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.style.css?v=2023090801\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:22 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 14 Mar 2023 17:36:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6410b0a2-42b\"\r\nexpires: Wed, 29 Apr 2026 21:50:22 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q%2Ff%2FJzrmVKgOaxF7fKlZ49mhhbSX6Cw7pANKJ7A6mldJkdYfiXkrONLKUT3kUFEb0LOwfV8HoL0aw0Vl4J8zVwMMuVzF7eV54oT1Tfp%2FEEg3T02v%2FPqofkTLxBztejY%3D\"}]}\r\ncf-ray: 9e4a5458ae46b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1067,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 23, 8-bit/color RGBA, non-interlaced","md5":"2f5c64ab3f71c24bfc8d221463fb87f5","sha1":"1153108847966ffaa4e2eed3ac168615f2b82d30","sha256":"e8cc8bd019b64afaf362de0129790911a10e16841c2973a2c1b9a495e8768206","sha512":"ca1294249346dcc8b18b66647ade4464b3da9dfe3d12a983d79efa5f300d425f144f53c1c618308701441451855a44b278c79336dd462792aca979b5e5ff6775","ssdeep":"","tlshash":"4f111246fa1028829a1ed9d114ea642b9a63948059e0e5a6a88be81b15381fa449d3cf","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.805512Z","times_seen":164,"resource_available":false,"data":null}},"time_used":730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":730,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnHome.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnHome.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 685\r\nlast-modified: Thu, 03 Apr 2025 09:57:25 GMT\r\netag: \"67ee5b85-2ad\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":685,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 47 x 42, 8-bit/color RGBA, non-interlaced","md5":"1ae994882d8ab2001c0c6bc3320aa781","sha1":"5fc42239a29f2155badb80816036a750a9856665","sha256":"8db13b2af73c9c1a5de6142e324b4fd7e98ae3f4387b258cdda8cb4bec57f87d","sha512":"c7566b99a6be8d80d9aacfda8ad8743e61c7060618bb6d932f82f85054742515d980090a120bf9506f12b2911cc2adaf0beeb95d0e4786e9bb29ce37bf3b2ae7","ssdeep":"","tlshash":"a9014ee72aa3f014c1400173618f122adcb3e16da463ab8c96c4a3e7f6b554608853d2","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-04T11:33:08.903209Z","times_seen":127,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-1.webp","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-1.webp HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3652\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-e44\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B0OmPEeNKeN4oXK%2FLm9sv0sDlrECESClu5xXgAIZpJqAJgcALmsZqblw28bgxQNkzOf%2FZzc0Iszlq5a0j65eo%2BMorMLBst61NYwOO3yGqgrq4L%2FzsLzPjSshEORbhRE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54561e17b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3652,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"def5d131d7451c2a7afc16604ea6c960","sha1":"1eec27570bf083126dce6b66da10e3f799b90ca1","sha256":"cfb2a18e28d8fbd23f475490aa650eaa017388ad46145185c41fc6d504c5782f","sha512":"d62d461b160868db4edaa60e7adce0ee86bd945380f72b0efc1c2cac7fca40459e1b00ba7b3f237659284cedbdd337d0317674fe0adbaef23c07d09fc77f1772","ssdeep":"","tlshash":"df716e4b587f60e2c5fb148d8d8f5588a6296342b3c1d4926647bc7a3f16d22358d34e","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.777219Z","times_seen":142,"resource_available":false,"data":null}},"time_used":736,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":736,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vswaysmahwblck.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vswaysmahwblck.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 83299\r\nlast-modified: Thu, 21 Nov 2024 01:28:28 GMT\r\netag: \"673e8cbc-14563\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83299,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced","md5":"b2e2f8113933a8d11e3f6df9e877c51c","sha1":"47b02536a59535d843893e5f21208699d40c6052","sha256":"adfab75eef2ceab881a815a729e80bdffc1d7437e54bb18415ed72b7c443f377","sha512":"5377843d569058774bf43cca383608665b30740ee4e2d2c6abdd9094e493b3c40fc092415042beb5374e2535d834aa105232749bba0f91a3eb9463bca7593740","ssdeep":"1536:BO5cxsgUD8Z63bypDr/lUWGeiFzaAIwpnKCVj7081+0dLN546ipFN/JI2n:B4gsxQZfFhTG7ZaSpKU3t+ikFXIa","tlshash":"978312f9097b43bcccf488ee5e6868252951d1a4027f8adb03d46ff53dc56887aa11ec","first_seen":"2025-06-10T18:00:27.00611Z","last_seen":"2026-06-04T11:33:08.967901Z","times_seen":61,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/auth/commonAuth/verifyToken?token=\u0026l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /auth/commonAuth/verifyToken?token=\u0026l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kpsjitu.live\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 2\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2wDTDKzrI4u5NeqOm8KwV6dDAtKX0xr5p0taskBSrFaf9An%2Bh8fS8YKOHjdMAexfDcBctvGTKiLi0LiVptHy7M2Y522p6HsHFuy%2B66T53j%2F5IYQcelzEz0lemK%2FDN5Q%3D\"}]}\r\ncf-ray: 9e4a5450eda1b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":128,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b2a34f1b295053a7fedabf7e8524c30b","sha1":"3072c6e37c780f2110b42471f6657b2b896a9d87","sha256":"31c459de2ad22f21a41416a05502c309c9bf797b0d70158c5d7b02666670e16e","sha512":"fa6c709ada3aabbdd1c00ce2b37db278acddef5715803e3e9a281c4151261028658d9d2ee363dbb37cfa45c8bdf269a2f5b9facab93bbb57f27f085eb8aae17d","ssdeep":"","tlshash":"e3b0124913006f6f1e93469aa15cb9d216fd370299b8689e885dd6fc39e10f233fb217","first_seen":"2026-03-30T21:50:52.063399Z","last_seen":"2026-03-30T21:50:52.063399Z","times_seen":1,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/_icon-tip.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/_icon-tip.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.style.css?v=2023090801\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-c49\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hKb29zMsy1AfmTAizQzvHZhH%2BFqEQ0YrZfoo1ImD2DZkMU3iUS8dnC3SojyblbJEhDSmMa94txC9Dq0iS6MeW9pIp1UIG2JXhHxfkiOVO6UHC0Wvf6jsVIIsHmiIYA4%3D\"}]}\r\ncf-ray: 9e4a5450fda5b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3145,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"648366e8c464e1c3ea3f64b330206b2e","sha1":"e4ae28adb335a3f67c63b51cf9561d9da1041a39","sha256":"9bccf6c1a98556b0dee9c02d57d71260dd571defbde0f79351e95b588675dca4","sha512":"1c6d30e4a9bcae385bdeb5dfbdadb5c7aa3a7f6d8bbe30dfc5ecb5f2a2e8cbf1fcaadba6738cdbe05b87c482f7dc3b41032aef1839ca5c2d3e70fa05cda78db7","ssdeep":"","tlshash":"2f51cd4443e0a7f91c89c23c96757c50a1d63ce6b439a198bc6f64e2c81d6d1a9c8ab7","first_seen":"2025-01-02T01:00:51.123075Z","last_seen":"2026-06-06T08:47:49.777935Z","times_seen":120,"resource_available":false,"data":null}},"time_used":725,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":725,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnSlot.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnSlot.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 21565\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-543d\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21565,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"685de0dbd11fbc7789c9c766c8331eab","sha1":"7372f15a47583457910d8464d7dabbed6c55d96e","sha256":"6c6248d705da56048c13064510896b8438604775bc56d7873a75ceeba50913ef","sha512":"37fcf1f334c883c79c020c56ad15d753f96ccd38d0140b16c30c77086df32007cb22c01ed567950d865c8c581660986194cdfdbf478138164cd7fd4948027f0e","ssdeep":"384:Pc6EWYJ1x56BLXl7Jj6nQ4FE4/crAfBgwfirkO1+aiOfxXPSCvgmHI:SxYlFd6QnwOAaiO1PSCvgt","tlshash":"74a2f2cb9308ad7ab392208d30527483c19f7e2c53f3d4926c8b9d959fcf55169671e1","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-05-30T21:03:17.991519Z","times_seen":36,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jestercloud.net/uploads/mj-1-20250930-053024-adb8.gif","fqdn":"jestercloud.net","domain":"jestercloud.net","tld":"net"},"ip":{"addr":"172.67.183.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jestercloud.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Mar 2026 18:19:07 GMT","end":"Sun, 31 May 2026 19:17:32 GMT"},"fingerprint":{"sha1":"A0:FD:C4:87:34:E5:4A:82:F2:77:62:84:14:3B:1C:90:DA:B6:C6:98","sha256":"98:B1:A3:D9:2B:D1:DA:8F:6B:5E:BF:9E:C1:32:1B:AA:82:72:B6:32:98:94:A2:AF:79:A0:2B:AE:9E:4A:15:73"}}},"request":{"raw":"GET /uploads/mj-1-20250930-053024-adb8.gif HTTP/1.1\r\nHost: jestercloud.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 4962323\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Apr 2026 21:50:22 GMT\r\nlast-modified: Tue, 30 Sep 2025 05:30:24 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xuw74roS78ObsIQgwNCUYnGFy%2B2pbtRZjzcwFi99AnUdFJDLE49wRNxCO5ZGcuyhVr2VPNTCutLYqvWeiqcHRoLBr%2BnlEldh7LsQCht5qKG%2FsVJK5V9MyHtWN%2BOKoNhxzQ4%3D\"}]}\r\ncf-ray: 9e4a545afcd6b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4962323,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 400 x 400","md5":"1d1fc9100ef4cd31deeaec231f043ec2","sha1":"a798ecf2f9fedcf1f64372fe7d93f0f5c0009c0b","sha256":"d5fe44f988ce3754a25417cce886f96a7aba9541d34dfeb90f646323e318bbad","sha512":"d7ba1d63b171ebac5d70a9f2be89a0b96741ae6738e595a88627c43be8af23b8806fa799c338f11fd740d1eec1acd504a70d1f19cc09eab5cc3b793acf8ba3f6","ssdeep":"24576:8VUxVX42V0q+iA/W58w0WOiwQaWO8sX0jLNZ8+TwML8:8eX49i8W5H0DHQaWOrX0jLNZ1wp","tlshash":"7f2533ac486003a27d6daee16af0abcc6e81e5fd535514e378aa2d1dcf414b0c641eb7","first_seen":"2025-10-14T06:41:13.842431Z","last_seen":"2026-03-30T21:52:41.80126Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2426,"timings":{"blocked":84,"dns":20,"connect":3,"send":0,"wait":692,"receive":1565,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-30","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"jestercloud.net/uploads/mj-1-20250930-053024-adb8.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-0.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-0.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-861\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z8YwEgs24YVu66XH2jpODqotHGeruKl6p9wMthAntw%2FWrT4Kck%2Fvgbq%2Bkf88cly0tq3Y%2BlPn%2BYuuQfR4MK8EdombsZw9eZTBdVLl1Y2S2uD8NwFmRg8DWJsitZ12GC4%3D\"}]}\r\ncf-ray: 9e4a54561e16b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2145,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 104, 8-bit colormap, non-interlaced","md5":"ebbafc449470bddab0d4c3403bc06684","sha1":"c93ee34af01151f764df9ff2bdeaec1ec000db2b","sha256":"c2e01d3903198209b3b5272515d21cf971b5441adf21cc50ecb081b24f9800e2","sha512":"d6c0b65f3126ff8481fb939f75a26abe4889a8219ba441e6fcf794551dd8a6944cde2cf7716c0afbba79c1c4a588b4a3594bb3ef415743f03a5fe013b04fcbca","ssdeep":"","tlshash":"1f413cd5dd1bcf643c40e7a66314068da8f5c248d7b718a3eace927be063500419e184","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.765563Z","times_seen":139,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-7.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-7.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-72b\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mGg91cfzThD%2BWE9AhPTmk7LhcuTbXBgOBBRzx6WWQ8UvMfNMu1gQWOe9KLgDCwY7zEJ025B1%2F0h%2BVYq5ICfohcLog825oqoFTP%2FS2alGHZtJ%2F9x0r52h64D%2FxR4LnLk%3D\"}]}\r\ncf-ray: 9e4a54561e1db50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 212 x 104, 8-bit colormap, non-interlaced","md5":"4f0197edaba88735f71b5e23dc02efcd","sha1":"1a666f36721cf2c83e0f02389cd6c3cb7b2ffbfe","sha256":"92ae345cd85452e91a077f26c134fb22b87b4943b38e34aea121ef72e0b5447d","sha512":"afbfc6bff4cb8d6f822705fe1d501befa385b19f9429fdb0bb8752168f48d838675741307190a0e63c76391fe2f3d5f7ad15723d9129b822edeca0b55704abde","ssdeep":"","tlshash":"0331f98f262f9570e945f93799407559d83faf6842b28c3c56fa41698ac01809e30101","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.809395Z","times_seen":168,"resource_available":false,"data":null}},"time_used":730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":730,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PG-Web/cardList/74/app_icon_small@3x.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PG-Web/cardList/74/app_icon_small@3x.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 21275\r\nlast-modified: Thu, 21 Nov 2024 01:28:22 GMT\r\netag: \"673e8cb6-531b\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21275,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 186 x 186, 8-bit colormap, non-interlaced","md5":"8e568f4ddee1423d2cd3d7de428c0210","sha1":"208be8eadaee6beb5f793cb035fa18c576137f90","sha256":"e2cfdc196d06abf4dc2f72579ff77f5d47429409391a43ca2186d2334cc69c2b","sha512":"1876443bc756311b7d25360ecab2362a04b42779daeed1024743fbb5dcf98d21bdf80b4f1f75e604f474bd6a7f28a1eac0d5aba72bfc117f36fe9f0dbf2770c7","ssdeep":"384:xphYjZOTfrCxJ2qz3yvbyZ9rr8BhNrnKhHL4fTfaPAd2kQ55DQPM:xQjZECL2qiOb8B6hHIyfh","tlshash":"6ea2e1d43edbd624d82e4e2b3ddc2577b941a190c6af0a31515ecfaf972b934a88044e","first_seen":"2025-04-05T02:42:19.113933Z","last_seen":"2026-06-04T11:33:09.039023Z","times_seen":72,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/LOTTERY-Web/cardList/HKDW/icon/icon.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/LOTTERY-Web/cardList/HKDW/icon/icon.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 107242\r\nlast-modified: Thu, 06 Feb 2025 03:52:46 GMT\r\netag: \"67a4320e-1a2ea\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107242,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit colormap, non-interlaced","md5":"53749a04f5639a731e5db2f6a4f4d504","sha1":"c36953e7d7e199fd6f6d9d38488c33887be59477","sha256":"c3457ac3f3e3d5f5634ae92fa8361fd1a74825971769a97fcb19fc6f53af7f1a","sha512":"476d003c1d293ff3ef156c5a717d2c39a33ddcecdd97dd2dc8cfbfee6ec9eab3d7845f3f8d787bbcd9a6f72cbb3b47c67a7476b017ab038ff4dd0b921a8e987e","ssdeep":"3072:27LNNcCfR+IDy3otnUfDZ8U23FU2IBJNIRn+yTKEygV2oKnP:2fNNcCwIDhx+DW13FU2I0nrK62oKP","tlshash":"c9a312763293c47a7fd875424e2489edcca8f72a6751096c93a9b5333deda39331a600","first_seen":"2025-08-22T02:45:47.948205Z","last_seen":"2026-03-30T21:52:41.808646Z","times_seen":28,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":244,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-register.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-register.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-cac\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7zBnPzj0kGAYDVh2X5WvbxbOlwDb0ThFUCUvU1ZYj3ehhuKm7qBGjrXyVWgMDx%2BL%2F9QkQYKeQ%2BIDQuCTdESQzgU7jRefrRmiYAbBB25BSTNkZepZ9pYZpI%2FS4iIkOpY%3D\"}]}\r\ncf-ray: 9e4a5450dd9eb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3244,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d16631ecae15a671218489400cf549fd","sha1":"005a27dc2a4488e1fdeef357b4f84c06fe2daaa4","sha256":"264ff44349fbc5f757568492e5cddf87bf7eb86b7fa1232720928b43548e935b","sha512":"89b825deeedea4c60ac5a28b729115464a817d56ad4718ddffc957314134821cd183e354e29939e59cd5a3f71ee4ef7e1029b4b7476d6870bd40817aa659c39c","ssdeep":"","tlshash":"fe610106c36493b9ad9ac32c41306894b9955cfab870f6ecbcef5085e54ecd0514d6ef","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-06T08:47:49.845287Z","times_seen":124,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/arrow-3.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/arrow-3.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.style.css?v=2023090801\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 187\r\nlast-modified: Wed, 19 Apr 2023 11:24:16 GMT\r\npriority: u=4,i=?0\r\netag: \"643fcf60-bb\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Tgv%2F1SyzoB%2FAfMgvyz378Y9nue3RO%2FYqeHQyapW5B%2F%2B6HhnhWFJEMaLNXf3QWY%2FOCTlbUqeHLTWuQyfKcsZnbTEKn4dGRBMsrulw%2FYzX1Kvf9J%2FLFV7aT44A9x48awQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54510da6b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":187,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 4-bit colormap, non-interlaced","md5":"a8f63b096368d7e88c336b5ddc774e83","sha1":"79b3d0ba81fc0153302f00cd5afe000a7f59bdb8","sha256":"6ab5cac82bedcc3fe1906b66f338064a1cda42fe1d890741b3359ab64d7130fc","sha512":"e68ebedbcea47ff14b6acfd81f28e6e5b3244b9035a80b9dd47515558ea14e9c7513e124a0e5a6bde6a0256168b3b73a18420ad9ac8d1dacd7ce63647f32c2a9","ssdeep":"","tlshash":"6ac0c0c73234bc32c803380ccb2520015c922c0ca8320283c801b419077858c50f4323","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-04T11:33:09.028977Z","times_seen":143,"resource_available":false,"data":null}},"time_used":728,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":728,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.livechatinc.com/v3.6/customer/action/get_configuration?organization_id=4bf7f393-3a78-4488-8a30-a4a88268b87d\u0026version=15.0.1.7.9.10.1.1.1.7.1.5.111\u0026x-region=us-south1\u0026group_id=0\u0026jsonp=__lc_static_config","fqdn":"api.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"23.0.161.50","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /v3.6/customer/action/get_configuration?organization_id=4bf7f393-3a78-4488-8a30-a4a88268b87d\u0026version=15.0.1.7.9.10.1.1.1.7.1.5.111\u0026x-region=us-south1\u0026group_id=0\u0026jsonp=__lc_static_config HTTP/1.1\r\nHost: api.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=UTF-8\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\ncontent-length: 1938\r\ncache-control: public, max-age=600\r\nexpires: Mon, 30 Mar 2026 22:00:21 GMT\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6389,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (6377), with no line terminators","md5":"f68e9c2e5b71c887e93ee22ae4730170","sha1":"8bcbd76fe1da9c6a1ae04cc9fa4d613d1629e8ca","sha256":"71b2ccac217f50a57daebd08011e711d8bce1d0802aa95343c9ed8f904c367cd","sha512":"f1f6bac91c455b621f7014ee0058035ffbb169c7814d3413a2152c267920651c3146072b992c6b1ffc88db33c1a054cebecc04d5eb279c643be71cab54c39008","ssdeep":"96:NhUsXhUAKhUwhUtSHKJAtyXAlJ/mjIiiyfwPJ9On/m3PE2sU6ymNem13PJvCLq:NGsXGAKGwGjcQ9fIIkmymNe2xK2","tlshash":"d7d1332a435bc8b77337d14a62d7b70a34185539b1e9593fe450ca30b5852c6d205eae","first_seen":"2026-03-30T21:50:52.070898Z","last_seen":"2026-03-30T21:52:41.785872Z","times_seen":2,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/authentication-0.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/authentication-0.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-176b\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U8esCQZXhRut%2BomnxAFwnltbPDe411BqYjKNJj734xufcJJPrC1hyYNS0ii%2B%2BxPyyL1KdSTrqoFL5ngeFmFFznaYWms%2B7mdMVv1s9%2BKAg6uNsAspXyhU1UpK0D49SRY%3D\"}]}\r\ncf-ray: 9e4a5455fe12b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5995,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a3c9a8971cd1de93bf8aec41540bfd37","sha1":"ed13edcab154dc68b63886887e03f088f99020a5","sha256":"31b422b7c0511728a573488deec7c5f7b6315d1f798518c831e2c76605ce5dac","sha512":"2023cf9aa79c6a5f797a31082e236e35be0afdddf2f236fc8ea3bb6eb3c6ba1b4ff4b0a870dddee84a6d3dfd6e275741fb5eb579d09b3fdcd6eb1c3958837c0b","ssdeep":"96:qePU6cL9EHKnOsZQFbHjL/ATwp3s1y3yOx7OAMkydOoFOfYS5:PUJ5ZQFrjL4Twp3YyPx7OcqHUV5","tlshash":"bbc196c6036093d8c5de8d2eef2bf899b96da0fe99ba51c192eed7098553cd1fd00814","first_seen":"2023-08-07T14:07:42Z","last_seen":"2026-06-06T08:47:49.726584Z","times_seen":131,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/assetss/wukong.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/assetss/wukong.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 284542\r\nlast-modified: Sun, 27 Apr 2025 08:26:56 GMT\r\netag: \"680dea50-4577e\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":284542,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"ea85798bb5f9fa1e2b12ad2faa524f7c","sha1":"8f16275529c2b924c6d667ef2a0474ed47fa831a","sha256":"c79cfc87bbbabd6c81eb81753555d10fa07bfc67e242c29586a35b730b07e75d","sha512":"04195a376bc87c22beedd8f554e2d3a7301e3714cf061f318fea6ae9576bcf26270ca8658640dd9356860d4558ce91d01e38867557bd6b0c2a56cfd83b7ff189","ssdeep":"6144:KyR0ot4ZMghlt5Li88V3seUnfPSXlJJ54KKf6crM6ezo6eJi:Kgt4eIt59S3CnfKXlLqvQfeJi","tlshash":"5a54238e4f99124c787c3d2a2517e781e3fe7eaf204935e5cc6e965b29b1ff46260480","first_seen":"2025-08-12T08:05:17.930126Z","last_seen":"2026-03-30T21:52:41.784528Z","times_seen":23,"resource_available":false,"data":null}},"time_used":649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":374,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"POST /auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 23\r\nOrigin: https://kpsjitu.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":23,"data":"contentKey=phoneSetting"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kpsjitu.live\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 4\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BvaWOaEe%2FzvSHtck5QgBxEAYPD33ZRrZzSVpMTMISeF%2FbEHsbnRYupPUnnAdskDfpg1d8yzG7TsJzXXM4cM4TqEaVl%2Bx9YRdrgisRRO0uS9%2BTWKY5HCyyRo9uW52cLA%3D\"}]}\r\ncf-ray: 9e4a5450eda2b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":2130,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a0990bf8412243e118dbf2520ed89226","sha1":"72bd4c457802dec3a4af63ed90fe04b144424c99","sha256":"de74b4219172e0fdee9086d309feb59506a4edcefcea3039f36c2656b72cb4ab","sha512":"e94b9ad033b0a187827b4c871babd95966558646bd6684d10e3840852c23fd5cd78babd8e81136bb04f8fed557138430d5935a80fa84ca215e1dd4a7675e3450","ssdeep":"","tlshash":"07417bf7bc24d17dd2421c8da37b2c28998e425bc485d93beaf1ccac813a4f43764a56","first_seen":"2026-03-30T21:50:52.07387Z","last_seen":"2026-03-30T21:50:52.07387Z","times_seen":1,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s1.kpsjitu.space/slide_banner_pc/KPSJITU_BannerPC_01.webp","fqdn":"s1.kpsjitu.space","domain":"kpsjitu.space","tld":"space"},"ip":{"addr":"167.99.75.0","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s1.kpsjitu.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 06:05:14 GMT","end":"Mon, 22 Jun 2026 06:05:13 GMT"},"fingerprint":{"sha1":"EC:90:16:BA:11:0A:AC:E7:D6:21:1F:09:FF:C5:E1:23:3B:B3:DE:4E","sha256":"BC:34:40:67:31:4E:5F:58:18:2B:4B:3C:D1:10:EF:DD:35:77:30:D8:49:77:B4:6D:77:37:05:26:71:68:C6:61"}}},"request":{"raw":"GET /slide_banner_pc/KPSJITU_BannerPC_01.webp HTTP/1.1\r\nHost: s1.kpsjitu.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 75726\r\nlast-modified: Sun, 17 Aug 2025 07:36:39 GMT\r\netag: \"68a18687-127ce\"\r\nset-cookie: SITE_TOTAL_ID=ffc05a60a57faf19312d63840f11715d; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75726,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fd01ff434312ea6251495551ad0a3956","sha1":"ff0b7d5040b948e71f86bbdad0d9e51f90ef87c7","sha256":"1d677f49430b5304aef3a2a294988e81eaddd8c1691fd0cb6dcc07fc8d68f982","sha512":"c7b24d1d9d4e2c275d65dbdfc367cfba3dc53c04b5c11256e15c2a2369d0a270f06c4289ff11c03c5a0c2071815323781b6aca4eb0798d5e7cfac8d5d49ae784","ssdeep":"1536:xJJE7fcBL9IIDDd9qBj0c/siQFT+Jz6TGizyI:xJJp9MBo0Jmbv","tlshash":"3473f1771a73ee01dde59b3cade0e3da25b257219a33354d7cad2e2a3b74041c94c192","first_seen":"2025-10-14T06:41:13.719671Z","last_seen":"2026-03-30T21:52:41.771341Z","times_seen":5,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"message.tjqkpapi.com/message/push/stats?login=\u0026device=1","fqdn":"message.tjqkpapi.com","domain":"tjqkpapi.com","tld":"com"},"ip":{"addr":"47.129.137.26","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"message.tjqkpapi.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 05:07:49 GMT","end":"Wed, 17 Jun 2026 05:07:48 GMT"},"fingerprint":{"sha1":"66:5C:C0:51:B6:46:D0:8C:65:F9:9E:C1:78:1C:6E:85:25:64:43:35","sha256":"D9:B2:27:0A:AE:D1:F0:46:1B:6A:E9:78:D8:85:AD:16:20:F2:EB:35:60:08:CD:DA:3D:97:F8:A4:A6:EA:1C:17"}}},"request":{"raw":"GET /message/push/stats?login=\u0026device=1 HTTP/1.1\r\nHost: message.tjqkpapi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://kpsjitu.live\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: elQbmhFyz6E6D9xlMy065g==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: openresty\r\nDate: Mon, 30 Mar 2026 21:50:23 GMT\r\nConnection: upgrade\r\nsec-websocket-extensions: permessage-deflate\r\nsec-websocket-accept: 8aQ5mwvVpx4xqA53aA+SpRZGSQU=\r\nupgrade: WebSocket\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T03:34:23.06459Z","times_seen":16228689,"resource_available":true,"data":null}},"time_used":3560,"timings":{"blocked":0,"dns":1052,"connect":1381,"send":0,"wait":463,"receive":0,"ssl":1696},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/assetss/mahjong.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/assetss/mahjong.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 306926\r\nlast-modified: Thu, 26 Jun 2025 06:21:29 GMT\r\netag: \"685ce6e9-4aeee\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":306926,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"c15b01fc7a2fd07d1f0930994d8c2ce1","sha1":"16fbd72fab7d453f338536919d26cbd41fc8908c","sha256":"7dd477dd86831e7faaba6e016eb8b9158e85ad4ab521470513ce99c56a55a86a","sha512":"872e5b88f03327a0826d9173c3aa8db229dd8cac78d5a07e8a863ed7d1e27cbeb155a0f6c443bc4568f3761f1c0a6440ef27e88f4db76ed455c0656af4268a78","ssdeep":"6144:xOjQ2Z0fOzFCkAfHrGmHsjSMMwhLMRUNKwSeAkLKpq8u:8E9qwk54sjg6ARsKwSeAkmQ8u","tlshash":"356423da53c32702793606823b1fee6ed271f3ab9685d71b324e099624b9bc5352c734","first_seen":"2025-08-22T02:45:47.919079Z","last_seen":"2026-03-30T21:52:41.816992Z","times_seen":30,"resource_available":false,"data":null}},"time_used":649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":369,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/#/index?category=hot","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-30T21:50:18.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:18 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Mar 2026 10:46:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mScKbpeMbKOJjlTNjxD6DKdF8%2FZRB3sWCkI2BnuZ8Sroh%2FBZ051v1kSCE%2Fb4q1OOuImWvMem4fDzt%2Fnr0d5om6TnT02MKsYEpX%2FzfqHqB8i8tDKZOrpT2b6Bt%2BOQY8I%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9e4a5443298fb51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"AMP","description":"AMP, originally created by Google, is an open-source HTML framework developed by the AMP open-source Project. AMP is designed to help webpages load faster.","website":"https://www.amp.dev","common_platform_enumeration":"","icon":"Accelerated-Mobile-Pages.svg","categories":["JavaScript frameworks"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21253,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (496)","md5":"660dd4f6cf276f20c9fdd1321e884f03","sha1":"8515c60a016284f5606a92095c8d1a4bfef97218","sha256":"53dd35e4e456a4699a256474f023d1306fe1fb0705e6b7f730689c898421b9d2","sha512":"d4ca0561beae7bc61f9952727e1c5de991675df3851c783e88fe0208aedb26e0cda9b70afd833861011aefa7c4cd87a8adf938e2ba9413006f55a1f0a1c3f45f","ssdeep":"384:AbxOW+/KO5rAGtxDT07k6LIjcw/gs0m0CM:AbsW+/KO5rAGtxDoo6LI1NBQ","tlshash":"6792e97a1cb2681612a351709bf3f30cb2796103d64acc94b6dc462a2fc1dd99de3b8d","first_seen":"2026-03-30T21:50:52.077024Z","last_seen":"2026-03-30T21:52:41.803377Z","times_seen":2,"resource_available":false,"data":null}},"time_used":818,"timings":{"blocked":42,"dns":21,"connect":1,"send":0,"wait":732,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"POST /auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 22\r\nOrigin: https://kpsjitu.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":22,"data":"contentKey=homeSetting"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kpsjitu.live\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 2\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=esw6Suo6Q%2Fmsp0wt%2Fk8P1jwO3wkmVq%2FQ%2FTX6OUqAgTGKBCIYEReUF7xDJ%2FVXUgGN0A6RXmDiGeyX5JlshD0qw2mO5GWtoa6Gr6Qo%2FqtTB%2Fdhc456rP1MlW%2FRdGzQDb8%3D\"}]}\r\ncf-ray: 9e4a5455adfeb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":3386,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ace8611d85ce6e826531a4d1b65d4d64","sha1":"56097d43e45b9f546decfcba6f02fb2dcc00d07b","sha256":"b9f94c01cafaa809bd6f4da73bed5820eceb920ecb4feebfa98580216164dd66","sha512":"4eeda77f142503503206a1dca3295032c8d4aa2904b5e9675e55aabc58feea586d76e3c548cf29e4b914823128db91b8285c5d7fde751d488918e838feaebd2f","ssdeep":"","tlshash":"656165961d5cfa2d91055e8eb3feac152c8e01568744e72acfb0ce3414a297027b1fd5","first_seen":"2026-03-30T21:50:52.077828Z","last_seen":"2026-03-30T21:50:52.077828Z","times_seen":1,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-8.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-8.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-6da\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9oOMV94PLwmp2%2BJ%2B6Jn21dNpEWv1H1rYl%2BxwDRzEvVOg4cbal0xVy5CMWHVoAcPesFsYQiuW5e3D7SqwqECCel2vImbFyDUdx%2FNGhtGdXUfoVMgAhjzA%2FCgG4zQHUGM%3D\"}]}\r\ncf-ray: 9e4a54562e1eb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1754,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 164 x 104, 8-bit colormap, non-interlaced","md5":"92720c9de138d72c9e9b5f659f31f1f1","sha1":"989b4f935741d2a56d7e16e84d07755bd616d7c3","sha256":"cdee89f17f6102109276d6fb434f25f2f92324e8e589be9f0ddea301a5ae5a67","sha512":"cef02830f0d51fcc50ef32bb0a045a1fd58b4640bfcdcf0d59ea03bedbbab99e9d439659f1c2997276cd051fb6ed39544c86ebb44057671308dacf195da23ce8","ssdeep":"","tlshash":"b13128a3e9eb0c6beb792a3347960c46f8f8e0b952430d5928c5439e2d0c38604f801a","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.738311Z","times_seen":138,"resource_available":false,"data":null}},"time_used":730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":730,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-1.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-1.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-518\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=InXdlMbNb%2Fx71OZopjbQsQI6DKS2ANe%2B%2BDBvyovS2Hr%2FMed1kXW6scTLl9NWn8vJRwI0Inqc167mYe5Q0RN2C0edpoes0T6Gw2q%2BWUdJNW%2B%2FaqOmkVIwqUjd9cmdaiM%3D\"}]}\r\ncf-ray: 9e4a54562e20b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1304,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 26, 8-bit colormap, non-interlaced","md5":"f58a3f67249aba65120f5cff6607dcd0","sha1":"aa49a0e48c3f0633af56ec36247662efa9ee4896","sha256":"70202582ebd368f727ca7e5eed3ed9b403ba644435272e4f1fca9e09802e4a7b","sha512":"a4ffe5dae8176b696eff617464d3027d57618e0fad5993f459f5b913a3bc96d83435eae9f5d2da1db2aad2a1b1f800050bcaafebcf2e96f92865d09ea2bb52be","ssdeep":"","tlshash":"382187e2ee368117946a4bcecf2a141541445e7cdf21645d86e8fa7462f3085357a25c","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-04T11:33:09.066235Z","times_seen":135,"resource_available":false,"data":null}},"time_used":738,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":738,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnHot.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnHot.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 21215\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-52df\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21215,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"223df7942213c1e17c44ed8141a4d62e","sha1":"531b941e81d8e8b1aa53ee6025cfb0a2d9b8cd95","sha256":"9598822d6e8db1e3bdd12e6d701ad28d938a6d22383c5e13d7264350277d6c8c","sha512":"2c895d4ede7822c152255a756ddcf534566fb0e4de6ac414e26f5071fccc0269325e3fcc680243ee7a676e3418a4b4073bd4aedfb00aff89ef6abb5c53a755f1","ssdeep":"384:M1FRu8ciVInHCLHab+RbgzTNL4HrF+o43YzEdgrosAl0rDemCfbf:gu87XLHabIgvNkco4zmrobUebf","tlshash":"3292e04a140d36a0f84be46987e59d63f84b20f4e97db3a6ed38577f1483243a568907","first_seen":"2025-06-25T08:01:42.568678Z","last_seen":"2026-05-30T21:03:18.007917Z","times_seen":28,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnSport.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnSport.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 23114\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-5a4a\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23114,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"32c01eee0385041c64f75478acdad737","sha1":"f884671b05e0ed6ca2d51ebbce1fe2aae1071521","sha256":"1c58fe4b3a4401167347f97371ee7c14d24fd5e2da27a1023ef13023310f71c1","sha512":"309f82afbf15d8bc773f2a6773c0e3d0f9f999b43d497edcecbd544fb915157c0fb70676b5a8e0dbf9102fbb2e279e67c9f44a12b8b007bb1385ba2928e891bb","ssdeep":"384:1SYBw2NJYK6yvBUAv0YwK+JFrHcSWbCmY8cqJMFv68qkwQP34Xwvesd7hqH:1SBeUyJVlz+7rzc/JMxtq64Xfq7hC","tlshash":"e0a2e197a5546ba0904b03d828d5e588377c3f085ab1335bc01f8f54d43c72ee67db89","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-05-30T21:03:18.003244Z","times_seen":36,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/LOTTERY-Web/cardList/HKGLT/icon/icon.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/LOTTERY-Web/cardList/HKGLT/icon/icon.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 55917\r\nlast-modified: Wed, 05 Feb 2025 10:03:35 GMT\r\netag: \"67a33777-da6d\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55917,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit colormap, non-interlaced","md5":"5be2a71296f3bc3e25ca0c1812358635","sha1":"46e01d86aaefed78ace1e350de91abf46963abf5","sha256":"6cb399f7c6c5279e4809bf3c765f2f0c46670797dca67aced82b52ade652b100","sha512":"17fa918a157c3ba139342a25ca0e840fd92290a2af407b37979b872ed980ede904880ff2a904f3d86238a2d8daf0889b75f591ffef2da397b177900ba1edc2d3","ssdeep":"1536:9/atnYeeqRfrQQ0EllFRkP7HHzFV6PB/ldTiif:ZatnLeqRfrZ0wyP7HHa3YE","tlshash":"634302fe5a930fdef977a60599144b510b38d2b333241a1169a43eb0e988ee6117067b","first_seen":"2025-06-10T18:00:27.037883Z","last_seen":"2026-05-24T16:02:20.855057Z","times_seen":46,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":272,"receive":172,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"POST /auth/commonpay/ida/common/api/queryPioneerByContentKey?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 24\r\nOrigin: https://kpsjitu.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":24,"data":"contentKey=globalSetting"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://kpsjitu.live\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 2\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P8b%2FwPoTmQdfBd2SFkdvNpHg5sD1%2Byn7lBsJs4%2F%2Bj8kCkbgd%2BBDH0q0q%2FNfjJxSO6tyMcMTxOPuzVQ5Tjn8QZApWIhFjjeV0ZiDFq0DWrfLCN9MS9ZfcEkox8jJto6w%3D\"}]}\r\ncf-ray: 9e4a5450fda3b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10805,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0386ea463a1228fe1f9d51fb9ce17ae0","sha1":"36095418396952bcc6b951a20a48501fadc4cc2e","sha256":"f5841fede1a31448018483ea5d10cff94be9d3b81f23f9090ccccf4a8e45b067","sha512":"67e4550638d6cc690b2ebf3fffd7ce9810d3c377790e82c943652befb10cb9f577d269a84c5911d2bb4e9d2154f420bc3896ac425991be5c096a1ffcf3294537","ssdeep":"192:7TwWtJaqgDIE27fbpX5BrfFmvXph/rTet26YC:RcqgPS3pNkZxTLC","tlshash":"542240d75d82f22d91b19488a4e9dc132a8a232293d5673fbf6c8e7097c9170cdb31c9","first_seen":"2026-03-30T21:50:52.082123Z","last_seen":"2026-03-30T21:50:52.082123Z","times_seen":1,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/authentication-3.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/authentication-3.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-1fd5\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Drp5BNuHkNcwN6e90bpz8rh4QA8PcX%2BEITPaOcaHts%2Bqbd6sggmnYIXaXGBzx3%2FsXkqxp5GKnbEi1YXJRB94%2BreBH0Tod0xt%2BX%2BGckaYcAbqkT7g%2FiYmSnLSAAiOmNY%3D\"}]}\r\ncf-ray: 9e4a54560e15b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8149,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fb2700669bf859c474bfdbe0a8c1f913","sha1":"f83033c0f5cacfd401a109f1a9a53eb884be67ec","sha256":"60976eaf71a96a297c7d005a5cfe05a19750c63de8678411292b89e6bb15421e","sha512":"0cf6475921aa549ea684c1619eb16a8ff4d34bcc84b00889739eb936c9cd56c850d3eab63dfd0659a3e43786f01e17b0c0d5b39e0d4c1c9dcd2eebf6056df200","ssdeep":"192:XpwEjKZ5r2pGY1K1YXithMSvPsBtFJ7Ty6Y7gdcGvy7rZft5:XWj5CpGMjyj1OtF+LZl5","tlshash":"cef183d61370e3d499ced58eff36ed98624bb0fd5e3a64c142af8a08559f8c4f608848","first_seen":"2023-08-07T14:07:42Z","last_seen":"2026-06-06T08:47:49.844167Z","times_seen":128,"resource_available":false,"data":null}},"time_used":729,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":729,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/office/game-oc/game/getNodeInfoList?l=id\u0026parentId=10653197","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /office/game-oc/game/getNodeInfoList?l=id\u0026parentId=10653197 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: https://kpsjitu.live\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 3600\r\naccess-control-allow-headers: Origin,X-Requested-With,Content-Type,Access-Token,Authorization,X-Access-Token\r\naccess-control-allow-credentials: true\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 4\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PftiUwFBcAJLByo9nCAkpcH4sdnTjDq2c3LA0FGhzwA7SnUBlpbBPf%2BHSbOuaieoxFY6wYTP42okTStqrRrb2YXzBHnrNL24mIo3w%2BVQCVlTrXh7W3pVXHruASc4vDQ%3D\"}]}\r\ncf-ray: 9e4a5457ce3cb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14422,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"de99bb522866a9edd2b4125c15c2d51a","sha1":"155318b19d0e71d5fa1deaaf9dd63148e40c874d","sha256":"ef6d6fe226d42edb5aadf2bda08d2bec9e99ac7e309a2f921810ca99652c714b","sha512":"6535bfa61d0c24d1922ba35841397a2696ddeb333ac8e958f58adb561f5d83d704b6afa043c86ce23948543a0c1d328a70238790b85b76c1d2719e20fa31c6c3","ssdeep":"192:+rNxXQByFRG5II11mfYxB2avaRynjXFQ2UBjMnS8IAt:+xqcTMdDqyfVjV3UJqSxC","tlshash":"67524091990c2d822675ffd8225cbe836add122fc9d1ceb4985ccf38e8f66f91131522","first_seen":"2026-03-30T21:50:52.084706Z","last_seen":"2026-03-30T21:50:52.084706Z","times_seen":1,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/common.js?v=2023061202","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:18.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/common.js?v=2023061202 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 12 Jun 2023 10:04:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6486edc8-41e1\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VhI8bRzc3%2BdBeARRUAg1dO%2BwzH94lErPdQWULNKRa0kBIITuIWijyAVdS63HOK8n87d9Vf0r66JdhFNY%2FoQu4OmCQ%2FVCkmxDqYxn2vSD7vFalqTNYLHzx6bNxqPod1M%3D\"}]}\r\ncf-ray: 9e4a54489d56b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16865,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16831), with no line terminators","md5":"855102b463848721a6fc6f0fb08b523a","sha1":"2e70f55249ffc84f9d0b0e730ac6050ee5bbd7c2","sha256":"696348bc15d8907f21e00e8c1cd6ebd50bc4aeb9aa9afe68b0431113029eed89","sha512":"50f3d02312f66f31a3a5dfefe74e881252754683c3bd436e1304dba5dd626fabc923eeed0b3f7878f89f54eb2c80877d08e7079a208a3c2067c098aa9044ca56","ssdeep":"384:webBf+be5MovYavaQ70Vm6oilwjZf950QtZXGV18:2PmplGr8","tlshash":"06721a5b338074a78197229901db9509f23b8a77650b0a39f071cda6acb4e9447fff68","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-04T11:33:08.856963Z","times_seen":149,"resource_available":true,"data":null}},"time_used":730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":729,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnContact.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnContact.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 436\r\nlast-modified: Thu, 03 Apr 2025 09:57:27 GMT\r\netag: \"67ee5b87-1b4\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":436,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 41, 8-bit/color RGBA, non-interlaced","md5":"7440131f895946791366dbe5977867f1","sha1":"071cb17b370898f8e11acae98c3b8d91f719e0fc","sha256":"d0b04628d432ee3971df15916f1defb39ec2c39196f0847b438b6f72f8d69b0b","sha512":"932c1b208e4a2261e576184b8666769e56c4a9f3c749a7564236bd8714f9a32677ad27aadfad78c9b54dcde94820e7e4ca07764caa897ba6c955bc4da6286aa9","ssdeep":"","tlshash":"04e023c5366924304413213d5ba381c5f235de623db6e57c5705d1390f12b5d11c0253","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-04T11:33:08.932057Z","times_seen":126,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s1.kpsjitu.space/slide_banner_pc/Kpsjitu_BannerPC_05.webp","fqdn":"s1.kpsjitu.space","domain":"kpsjitu.space","tld":"space"},"ip":{"addr":"167.99.75.0","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s1.kpsjitu.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 06:05:14 GMT","end":"Mon, 22 Jun 2026 06:05:13 GMT"},"fingerprint":{"sha1":"EC:90:16:BA:11:0A:AC:E7:D6:21:1F:09:FF:C5:E1:23:3B:B3:DE:4E","sha256":"BC:34:40:67:31:4E:5F:58:18:2B:4B:3C:D1:10:EF:DD:35:77:30:D8:49:77:B4:6D:77:37:05:26:71:68:C6:61"}}},"request":{"raw":"GET /slide_banner_pc/Kpsjitu_BannerPC_05.webp HTTP/1.1\r\nHost: s1.kpsjitu.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 56036\r\nlast-modified: Thu, 02 Oct 2025 08:46:12 GMT\r\netag: \"68de3bd4-dae4\"\r\nset-cookie: SITE_TOTAL_ID=cee6e28718e365d587f3fad9d99ce850; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56036,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6c460025581959db2637bee19ad4e684","sha1":"3e76618334012488ab4a14aaa0405aa6b1b3fa83","sha256":"61fdb5f3fd24d341883536fd5b32282662739814b001c86b3851ffb4e22da46d","sha512":"3bcbf18aeae1839d45558ae2c4ae7b74a52ee5de8ea8f0ad4cf3e12250054b69a5c0636fb8477bdff8e647dfb41af7f82e35ed14ee919a957de9cefe283845c2","ssdeep":"1536:NAithl9wp2cpmJclzjPJ6Ypr6E4dhjmDr:Bs2cpmJGvh6YpfIor","tlshash":"2f43011aff638e05cc8ad228ddcb51e0ea3f6a9d99e8b4215f8c450a0f21c676570cd9","first_seen":"2025-10-14T06:41:13.856131Z","last_seen":"2026-03-30T21:52:41.78284Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1019,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":694,"receive":325,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vs20fruitswx.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vs20fruitswx.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 20488\r\nlast-modified: Thu, 21 Nov 2024 01:28:27 GMT\r\netag: \"673e8cbb-5008\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20488,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"cb7ccbdb7ffa7e819e97d19048942d86","sha1":"cf8151a3e14f6466bfc0acca1788d5cfb7dcd314","sha256":"ee6e67c268b48a23156f56bb46c91bb0dfa8f3cb44cb1b0497609936bf52b44e","sha512":"103cff9f0fa6b6df7d137d48c040c43085519aaa60caf60672dc890d037ae943dc2b99ce7792dcef691d6fdf3eff39706052c5d9621207a4722e6f8cfecfdf5f","ssdeep":"384:vEgRpGyP0tU6vdu8o5dM7QM2scPrAX+YcAbZCxYKDp3t:c20tddzo5dM7QMyVYcAbc9p9","tlshash":"1592e0e6d1dc5c4e39d3ca2f73bc20344db5520105e68b8bcc897165e7ed90149b1ab9","first_seen":"2025-01-10T01:34:08.301424Z","last_seen":"2026-04-23T14:57:57.852145Z","times_seen":46,"resource_available":false,"data":null}},"time_used":533,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":246,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jestercloud.net/uploads/vicitoto/Koi-Gate-20250925-123734-1509.gif","fqdn":"jestercloud.net","domain":"jestercloud.net","tld":"net"},"ip":{"addr":"172.67.183.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jestercloud.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Mar 2026 18:19:07 GMT","end":"Sun, 31 May 2026 19:17:32 GMT"},"fingerprint":{"sha1":"A0:FD:C4:87:34:E5:4A:82:F2:77:62:84:14:3B:1C:90:DA:B6:C6:98","sha256":"98:B1:A3:D9:2B:D1:DA:8F:6B:5E:BF:9E:C1:32:1B:AA:82:72:B6:32:98:94:A2:AF:79:A0:2B:AE:9E:4A:15:73"}}},"request":{"raw":"GET /uploads/vicitoto/Koi-Gate-20250925-123734-1509.gif HTTP/1.1\r\nHost: jestercloud.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 558621\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Apr 2026 21:50:22 GMT\r\nlast-modified: Thu, 25 Sep 2025 12:37:34 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y2312Y0B3fZ8PyV5mq14nuDk7zFIBEuNps%2Fcpd%2F8HVSU1WnGztFEkZnVy1JnY5eaqC0HgrPotQViQcWT8CDT7JXmIuhi5i%2FlgzRpQ27N5E4tZHAycINMjOGFbPCABjIfDEI%3D\"}]}\r\ncf-ray: 9e4a545afcdab50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":558621,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"d5acf3ee6624fd46c7712169673c4479","sha1":"5b0fade2149000e816fc03b3363ab9b80cd63b9c","sha256":"f99967eec8fc04da98e84eb30e13967b5524ef042f505223a48501393b30d413","sha512":"b72e017f4f6a85642b4aea4122adf71f2c7f9ad124c645f552d5e57fc70b1075135af3fddf1cbfeb6d661d8a3561e59d030fed8c168f173d68c5d188212afe2d","ssdeep":"12288:5UoGST292SvNIUkfxViBD/L4hM6KHI4qgYnQAbui8:V292iIUIj4LqT4wnRbuZ","tlshash":"d2c423930aef81a75cf4b855ecc1a9c36e169ca98134df646f235291de41e1f40fc3aa","first_seen":"2025-10-14T06:41:13.716506Z","last_seen":"2026-03-30T21:52:41.761444Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1548,"timings":{"blocked":83,"dns":21,"connect":3,"send":0,"wait":695,"receive":683,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/authentication-2.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/authentication-2.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-302d\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VJz8ZW%2FyEqKT5OAvcguiOm2yOBNqBYPeXlvwmMXcgo%2BgUNP4EZyvO%2B3ILO97RAMCCCzvH4g0X6D0LUxB6mO5COjGbGhP3EMVIOEN0LLJiMCdWOBHq%2F2paEdBuZwX7rw%3D\"}]}\r\ncf-ray: 9e4a54560e14b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12333,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c9e1fa1277d508c5a8de45ed38e89c64","sha1":"0a5e05c59a7d286ec59e1843ae66cc806fc5690b","sha256":"821ec0683e8a26a64d64a5dcd0444f4f65c9b28b7184280579773de23e87f1bc","sha512":"9b81bf977d52e092f2529ae6ce37cdb18147fc066ffa5d64bad9a68185520667b18b05f0cc7f6a4afca10a7c6a896aaaa00abb5e49ed0049b1383c0ca0bff86b","ssdeep":"384:ySBcOKSirg/4YXxBFzp6TIsno9Axf5f/6:BBsSOytzp6TIsnr5fS","tlshash":"2a424fc6137093c0e9cae85edf3bded0151ba0ee5a7655c05a9f974c689f8c4fb08858","first_seen":"2023-05-10T13:38:30Z","last_seen":"2026-06-06T08:47:49.847921Z","times_seen":159,"resource_available":false,"data":null}},"time_used":724,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":724,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vs1024mahjwins.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vs1024mahjwins.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 21100\r\nlast-modified: Thu, 21 Nov 2024 01:28:26 GMT\r\netag: \"673e8cba-526c\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21100,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"fe72750c2f134fcc5524eebb4ce50d69","sha1":"5edf350828d596d6a0f71ba3ef5174d7a49cfaa3","sha256":"870b8790a1ff066af1c18c00251761a2fea143aa53c64a4c8ab460208d81200e","sha512":"2af3a21abed4c6c8171a24f7b08457b47e258e1e43d6d53c58e1c38b03cb907b2d1aeb2f2bf9d9775e622ba2cfff6071ed8f17d6b59c2bcd595f25c9d17c8ca3","ssdeep":"384:iuNewnZVCoFf6leEW+txhFsU2xL3q3qIcY/QeB16tmrrdBSd:PegZjV9EZxwU2xL3q3qI5/QeBoA5Ad","tlshash":"2f92e02a4b1529681d7ecb7747a6243cdedb6a9040d67af2ff2a581c47c7a2483c8c46","first_seen":"2025-09-30T05:52:13.023314Z","last_seen":"2026-04-03T13:25:06.693078Z","times_seen":7,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":186,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-6.webp","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-6.webp HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4318\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-10de\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OnTuNN3D174pJCFr9iZ3qLHS7XYlzyi8TMfjFP2rCnSOWDOMeQKIzcga14sC%2Bh8ViAIhE569XihL0T6VqoZ3Ul%2Fay3TKk8HoVNtsHHh9vQiqWkvI0uJbzqZVvZmed4Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54561e1cb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4318,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2137bff5f06e9d971c8ebaa102e434d5","sha1":"5ce96afaa41c060003223f6f2873c38ba1e78166","sha256":"cbeeee892d996fc9f68abb5c8e228a2aa67787844092a9788eae0d55d26ef1d0","sha512":"b5a09ef0eb4c547f1e35988eb94571f974ea390aff0d83b704a68fb0887fff706d6c53f6e788c259f0b19dbb37b4b15676c136bf25252f0d27ce2cdaac4b34d0","ssdeep":"96:w2f1LxG1KqEWYK21+DIH7/6o34gYL/NNxYyp/h:D1411XIZb/FcYyp/h","tlshash":"bf918e1f40f66d21c8d439df590f899a68df0edb9c6a9a19d7c211f72bb16571d00c00","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.757403Z","times_seen":171,"resource_available":false,"data":null}},"time_used":733,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":733,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/authentication-1.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/authentication-1.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-8603\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SlsMFi3fzjcxkJ2Pz4W7zYh195wRWLnqFoQhmrIMGvJcQcGae0o00sr5bLGKnxD3HvmMgfAEiJf49roOu3vg33ZPsEaYbpugXLbEkYf73RWD3VZYw86m%2BC1K4GdpYr0%3D\"}]}\r\ncf-ray: 9e4a5455fe13b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34307,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b6f018017eb442195cb343e5b81e896d","sha1":"5735e5d87de4bd80464171a120a66f2b962af89b","sha256":"ca05cf4dd00dd3ac375682643913b0ade056c9c4629278af082b6dc64f2c431f","sha512":"9f6bcabd9f07a64c05ab57d2eda6c7ec467a367148b51e6cac0bb48ce96f4922e359bfe589f7baa0fde941b326069a4dd4a160008b37107ab227a773ce84bb28","ssdeep":"384:iLdismO6YTLYtGSmh1Ih7r1VR9LckNGGAYR5kv3k6P3lKo8OCFELZ8IY9bVmC17Q:+ismO6LtGSmMRfsGukg3soyELZvYiH","tlshash":"15f253ca5220d388adced55ecfaeedc4511ba0cb99b2d5c65aef870c150f9c4fb08468","first_seen":"2023-08-07T14:07:42Z","last_seen":"2026-06-06T08:47:49.783176Z","times_seen":162,"resource_available":false,"data":null}},"time_used":725,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":725,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnFishing.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnFishing.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 22936\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-5998\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22936,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"0fa7fa1aa9fd00b262de6fa617dbba04","sha1":"828c068e79586b165312c7c6cfb75a16dae2cfc6","sha256":"d9ebb011e494823567838dcbb53771f31151041bda85ae91466bd35dc2b343d0","sha512":"70c2b78763120efc81882a7aa620f6f519bf6f1410567b6888f2d2fe3ab6bee6e935c39f98f0441db559997056ed51d3d1b564ea468055639c516925d18f86a5","ssdeep":"384:rX8GhOeienpNq3XtTtNzOZtJ9KtiV/OQkLdgpfWXO7Xjy9m+mFshgzVEDOZoGukg:rX8GhTnidTtKtfx51kMfkOTm5wVEDOW9","tlshash":"74a2d0e4f456e29faa02d35d6b0d10f61c1f2f97ea7a3e3391a5d49d440de29022edc8","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-05-30T21:03:18.097918Z","times_seen":36,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/LOTTERY-Web/cardList/SYDLT/icon/icon.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/LOTTERY-Web/cardList/SYDLT/icon/icon.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 87475\r\nlast-modified: Wed, 05 Feb 2025 10:02:28 GMT\r\netag: \"67a33734-155b3\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87475,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit colormap, non-interlaced","md5":"85c0888db58a4278f69dace0783ec9b1","sha1":"34d9a70ab4ecab0acd70d302aef48b14129509cd","sha256":"12af4dc085cc8c792311f7e9900ed7860b8a50f379c27c735969b42d569e5c7f","sha512":"8a924576c3f8250f85b1474fd14c70f9e2c6ae4e8b2fc491ed94eb4a5cc2a472adb62ebc19f499916ff2a49bbeadc7505c4f23b976d4f2df127fc64cd19a99c8","ssdeep":"1536:6nozfA2Gc2xcpKjU17fjpTfZz6zO0Plclq9SW1OT6ZJN7ILHL1IpnIgHRcEA4PIp:6ozfA2T5h17flTfZsOnkpsTiN7IbLtg8","tlshash":"e6830281a91d1b01e21d7522fe32b0927173351acfd23b80da2adb5a1f15ce716df9e8","first_seen":"2025-06-10T18:00:27.056987Z","last_seen":"2026-06-04T11:33:09.018474Z","times_seen":45,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":189,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/theme.css?v=2023070401","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:18.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/theme.css?v=2023070401 HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 02:33:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69bcb207-57ddb\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":359899,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, ASCII text, with very long lines (65536), with no line terminators","md5":"a3a275a6ac1575a2819437fc3924b22a","sha1":"e96023cd2c7c5458f645e49551a829560c9a1572","sha256":"b8561c3868a03ea47cf77ccef9596890a398912251057a18f98b3a754c8e723f","sha512":"3f3ceb1907957f38f41acf2a1ce8bef2660a315452e7171ef7272a207a2550da3b71bb3cf37452623c61eb7290a8f23c7ddb3e9445d31db50fa24ae9b8a6cf32","ssdeep":"6144:mNPHKHaV0yfoRzRwmmZ4StvOVetZEf8KyXylzK2wEhlkgzfDyZKjd4y0IlFihNDf:mNPHKHaV0yfoRzRwmmZ4StvOVetZEf8R","tlshash":"ef74b73aaa9f102b70ab94277415371c471ef011cb903ae6f91fbf75a5666bb10b3309","first_seen":"2026-03-24T11:26:56.641899Z","last_seen":"2026-03-31T06:13:12.175489Z","times_seen":8,"resource_available":false,"data":null}},"time_used":936,"timings":{"blocked":374,"dns":21,"connect":1,"send":0,"wait":179,"receive":0,"ssl":357},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/liveChatObj.js?v=2023071301","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/liveChatObj.js?v=2023071301 HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 26 Aug 2025 07:59:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68ad6974-789\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1929,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with very long lines (1929), with no line terminators","md5":"6d01fdc6b53045b57fa3cb73c5b91aff","sha1":"89e8e86b677ec605ca4106c6dbb7b50ee41a049f","sha256":"0cb022d913d088d3e4356c7beda48ac29975acb4260a6e22c867add9bbbe193b","sha512":"5b638af15739d7aeb399ae731c0c2c4061727171a07e72bb6fcaee42b64478a6a161fca30808e05b9b969399e719406a81dcd3f2a3cec04b70249f82f9312c1f","ssdeep":"","tlshash":"59415f7f7850a52ba6677216723ff50f1062682c5c449973b8abc7faa910ed34a07cc8","first_seen":"2025-08-28T03:55:32.283117Z","last_seen":"2026-06-04T11:33:09.022569Z","times_seen":110,"resource_available":true,"data":null}},"time_used":1117,"timings":{"blocked":372,"dns":28,"connect":1,"send":0,"wait":353,"receive":0,"ssl":354},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnPromosi.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnPromosi.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 2009\r\nlast-modified: Thu, 03 Apr 2025 09:57:26 GMT\r\netag: \"67ee5b86-7d9\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2009,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 46 x 46, 8-bit/color RGBA, non-interlaced","md5":"a8d0c83c07f148ba09254679a16e7a18","sha1":"2ec2d34940f3bbdf44f96f8be5613f7943075fa4","sha256":"2bcb35cd5331926f4cfef8c3d423cc290cb90e9a4702148dd5ce3d0d0f91c38f","sha512":"f52bb72af939fddd266a7b8a2dfce8c910b1d30376e6f54c236b0ead428d318ff2452b8add4e158294b62e1ef8033f212daff824c8fc134c9ac8721a013abc96","ssdeep":"","tlshash":"4541c802e9a9658165cd4d0614edcd3dce220862fcd4925af5aacd1b4e763f2447f1d3","first_seen":"2025-06-10T18:00:27.028041Z","last_seen":"2026-06-06T08:47:49.802762Z","times_seen":104,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":190,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-user.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-user.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/resources/m.style.css?v=2023090801\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 949\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-3b5\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t%2B381%2BHt7Y2NXrM22HTNwQIPKeIeHhL60%2FZE2wrThCVX0jqK5THplnScPp2V7omz%2FH7cQwE2NjCAAj7jBR%2BISPElsd%2BNHcsHaaKbf3GNS5XEi330BM8tTf%2FKVglMyko%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54525db9b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":949,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"9e9d366c9e459d27e9b9d7b88b7d20e1","sha1":"7416a1f8faaca241cffe38d8c32cdec45f932b60","sha256":"1e4dad28e5c3840fa37465526be2bf0577c44fe2afb4e53bf02d3d29929b707e","sha512":"f7dfb8538d69821a9c6c69e561b1e18073b0a4b70aab65b44cd8f8b0531b5e70f5eca3ec5eec089d9830f1a6b0fe1d75c3d33b1ed21423d0125bef16ac2b6f0f","ssdeep":"","tlshash":"4c11c87d86a9b3e98d95c431446fce4a50bd483872078d1621fdf25e5383b8dca0c1e2","first_seen":"2023-10-27T00:09:28Z","last_seen":"2026-06-04T11:33:09.138395Z","times_seen":142,"resource_available":false,"data":null}},"time_used":722,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":722,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com//assets/Habanero-Web/SGTheKoiGate.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET //assets/Habanero-Web/SGTheKoiGate.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 267576\r\nlast-modified: Thu, 21 Nov 2024 01:28:31 GMT\r\netag: \"673e8cbf-41538\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":267576,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 700 x 700, 8-bit colormap, non-interlaced","md5":"45de89a96bbac92531fea371b2298532","sha1":"ce12f51449614d8ebca6e1d2af5f0b6c4542a928","sha256":"88f438668e5aea54f5c451aae9d23d448590fd2aa47e88bac206c5f56f4ce6ac","sha512":"d5700b51967aecb37da0d914182715ad7a80efac27b48f7a8ba033b739aff42c654a3bb55db0d9d34ea25c7876d5944c90ed663381c7ebbf6950ac0b14f35b8a","ssdeep":"6144:IQsW2jmTpWKX6xMCNfMR3uGmwSk71c7e6JxwW:IHWOmdroLNfEmY71c7e6JaW","tlshash":"df442345f22c9a30996e257e44ead428a0161b1c67bbe4d0cd5fedcfc226bc6954cf32","first_seen":"2023-10-17T18:30:07Z","last_seen":"2026-04-22T20:29:00.33052Z","times_seen":13,"resource_available":false,"data":null}},"time_used":732,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":441,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/qrcode.js","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:18.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/qrcode.js HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 16 Jan 2023 15:51:00 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63c57264-36ab\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dSXEUXRtpjejJryAP7IKWmpojMljBUfrhDfCTBEFLQTZK%2BNdwF20SS5rO4zX3BCx8tEySybZVR3Xu701kQSf9ZDJWydS80FHxer8RrV27m0yi9oHzcfjW%2BreWM%2FR8QY%3D\"}]}\r\ncf-ray: 9e4a54489d55b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13995,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (544)","md5":"05f0b1d7d4b9b0b4975870606d650e3c","sha1":"f424bd339870510d1160d1c5da5d698aedbb452e","sha256":"f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d","sha512":"34551c0e59b857e6b6b233d7ee04442178024858daf5c1ed28f38bd738fa4219c4d2f718ebde4c3837a1aa46866132f22f6c317bfc2daf8678f52bea5ead7651","ssdeep":"384:ILEsd9QYYAA1TRjjrlqgbHH/sgDZUnEbBIg4:wIFbVg","tlshash":"b452c8d1f39142b7b1466cd9681f289e98e8a4a3ac14955cbfb8c0e2e674fd16478f30","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-06-07T22:39:13.192347Z","times_seen":4062,"resource_available":true,"data":null}},"time_used":732,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":731,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/m.index.js?v=2023102601","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/m.index.js?v=2023102601 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 22 Nov 2025 09:54:48 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69218868-18f7a\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vLyrHC%2FjHw3DVCCzJ%2BqMg9knNyJuGXq9adOBkU4AsEqfwYVxN29difBI3GQKY0Ecmhqqj4OgQJvTqyxMXzw7GBEsxhZrknxEkuMEj4tPGmHaCAccvhEmLjN34RjKeRo%3D\"}]}\r\ncf-ray: 9e4a5448ad59b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":102266,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65502), with no line terminators","md5":"822514a1e5b315b585435d8fab1e1cc9","sha1":"9353b23257aa4fd3a9a1fa40f3c3e15800264eb4","sha256":"710468725c497e5360235b0608de622e29ff1178d74e5b83450574756840220b","sha512":"cd2553d3ecc98ea5016dbe97f0bc84c518f616ebe3367410eefb2c37d08754f903d04eb98acc208d240124baf902b5e86ed72ece8105840be621cd654e79d4b1","ssdeep":"1536:vo/g18+AK3y1pbQru0iTsMv7qf9HjZ9uN1JycxPB:vo/R+zy1sLihoZs1I4B","tlshash":"c4a3195e748515b703f721ab346e6b04a173e90ec8530904b76da8e81ffeec9a572f24","first_seen":"2025-11-23T09:56:37.590788Z","last_seen":"2026-04-08T01:47:55.432494Z","times_seen":44,"resource_available":true,"data":null}},"time_used":727,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":727,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/office/game-oc/game/getNodeInfoList?l=id","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /office/game-oc/game/getNodeInfoList?l=id HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: https://kpsjitu.live\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 3600\r\naccess-control-allow-headers: Origin,X-Requested-With,Content-Type,Access-Token,Authorization,X-Access-Token\r\naccess-control-allow-credentials: true\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 2\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DyxR0PwR7nzBwQx7hIMDT1Rm6oBQIZGkN5FfW%2BMbzaRnzZG3zZ5P%2BZZ5ZV0I0B5dYyJxD561E8NK6ar%2F5so86T22rXw7HDDzL4Ku4eHYoI5kDjgu8vLz7BT8mwGVv%2BQ%3D\"}]}\r\ncf-ray: 9e4a54511daab50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5192,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7c5d87293ad221d41db321bfa511e13b","sha1":"b693ed4fe02736709b8b9c35c8bc3ec90ee5b513","sha256":"a8b24c40d2ba68ef3ff8b823f15794c3edceb851eac6a83bd55a809c9ad8cb95","sha512":"2c4ec2fe38ec40bb98ab47eb2577f3c9763f869f09f971c9129a54f884a939f8468efe17f42c3c15a956845f35a36100ffc7886f554c1154c2ac9e914b2a391b","ssdeep":"96:l+alJjUM+aUNjZQ+a53UF+acvK+axeK+aDVy+aJVd+afebv:lZ7BZ6aZ5qZcyZxPZDIZJXZfg","tlshash":"68b1ac9459289ed63699ee55322c7e436bfc113f8e458fb0758dcf1ac4f62b91232213","first_seen":"2026-03-30T21:50:52.099841Z","last_seen":"2026-03-30T21:50:52.099841Z","times_seen":1,"resource_available":false,"data":null}},"time_used":728,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":728,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vswayspngmah2.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vswayspngmah2.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 70829\r\nlast-modified: Wed, 15 Jan 2025 14:33:25 GMT\r\netag: \"6787c735-114ad\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70829,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced","md5":"d79f67a982618762eed3ee37b379769a","sha1":"3f123623f9aedd176c5886b94d5d4606b422a402","sha256":"18b514f6bda38d7c450a967a22a49055cd1a98593445b690b527b4401857124e","sha512":"58cb093f2799aa24a2e85db1472e06dfb60402b856b5cc002846a772defc26208025e1d635c3034262a2db64de89c7746ef095d06ed5a7056f42f4799fbfd645","ssdeep":"1536:txnBiQUayBiyPnNZe5PymjXlPKLt0ZjmDU6rKdLVL:txN48+7eHjXlPKh0ZjmA6At","tlshash":"e36302ea3652b62ce7d03e0f816c3509cdbdfd0617312d4e2b58863a492c5c9f4d666b","first_seen":"2025-08-12T08:05:17.992217Z","last_seen":"2026-03-30T21:52:41.76973Z","times_seen":28,"resource_available":false,"data":null}},"time_used":638,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":352,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/close-0.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/close-0.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 473\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-1d9\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uG1qTJ4ETw7prrbvIFkp7TgIwFh6iLiyAa%2Bm2qqHSQaEwr5ctkqoxfNZz8OCrycMfzrkl4xzDlTNjyv2Q4LtONc7lfxtgOtvZewnPTHe9oLHhd2iepiVV6E3n4563%2FY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54510da8b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":473,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit colormap, non-interlaced","md5":"0670b574d93d8af6d3e4d69ecba4da98","sha1":"5e24ceb59d82f72aff94a374feebd25e2c26d0ed","sha256":"4518d13f29fd452ea9c88e0d9c97480baa6834fca84b4f026d93181e5019f711","sha512":"d996738c8d6ff73774743026b92489b5789b69ff9b13b9c5b7732cd9c38e8673a76a3e4bf79999a818f9c8ade4e95798b224eb10adc4c404f4ec4aec5dbb7c72","ssdeep":"","tlshash":"4af0f193a6e56f2ccf46c796033df29bdca24d12306949475430f9acf23368202c2583","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-04T11:33:08.960976Z","times_seen":108,"resource_available":false,"data":null}},"time_used":721,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":721,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnLivegame.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnLivegame.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 21086\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-525e\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21086,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"8a22d8712add18a07f940c28e926aad7","sha1":"41a9bd205af105165778f1b6af226364c627e596","sha256":"3f2364d80bd60d2e7f284bbc41214f5274f33e84e5313a8c576dcee042bc0805","sha512":"b5e93391a4a86abbdd650b4b693723a4f3cc5eab10f156a1bd6f7510952bdb739a59a739a7685b6446bb438e7ba772ab1e9df111947ed32d988c7fa8d4cc8f56","ssdeep":"384:PtfMIvziAVPpDunvCZ2Rakup4sxuC4deqYnsCzwBac0PhJX:W+ZRpineyup5qYsCzh7h1","tlshash":"8e92e068e743a023e7e122615ee1f00cfb96981df54b26202385bfc991bc38075f430e","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-05-30T21:03:18.012041Z","times_seen":36,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":176,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnKartu.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnKartu.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 18219\r\nlast-modified: Tue, 02 Sep 2025 09:01:53 GMT\r\netag: \"68b6b281-472b\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18219,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"4dceeebd43da078cfc2ebe966c0929b5","sha1":"5fbe70061ceab8576ded3913280ecb62a49c11e9","sha256":"00cf9fc7d9d893ab6de86ef798abff5da752c79cf970c5ecac56d0f8e09d338d","sha512":"fed0739ad41dfc6860b69e85fa0f8b726050e1f7ca4e49e4c4312558205a792165a5191638d7c69b116a4dee42a7a9354ed458e256e384772725e50a9a91195d","ssdeep":"384:DpkksbUEqfBTtHrEpfBpF52jJHFf1KlRpHb6e7hOEKYPZlYfTSk:Nk6EIfrEpfxO5ORpOe7hIAlYbl","tlshash":"4882c0e9ad45b0bc5fb819d6011c604a7d9a1298f261ff4f77a30b94a705bdd80fa232","first_seen":"2025-09-07T11:50:42.131467Z","last_seen":"2026-05-30T21:03:17.982778Z","times_seen":25,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/assetss/princemoro.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/assetss/princemoro.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 345754\r\nlast-modified: Sun, 27 Apr 2025 08:26:53 GMT\r\netag: \"680dea4d-5469a\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":345754,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"c65251dc46c85b262bafbb51e211d605","sha1":"2f174ed9529346be1bcacf50e7f133ac132443bb","sha256":"51e52dd7411edb920282a301a58afab3a8a763881fac754320a97ec494ccc4b3","sha512":"416e55e2f296bce617c34331af8e743b3355c32ca709c49282fdb22edff56444015469974455c8d51d76dd8d1987bc4f8eef8ce5a2aa267e645d822ce95c58f9","ssdeep":"6144:JLEabhMxwnE7AkdNRIbTrdR0N2Mdo+MXZJS2FcVSZijsu2jnbmh9fW6lQHX:JPMaE7pdNRirj82MdoDXZHcAljihld+3","tlshash":"2e742335c564f52f3a951b582c04cdcd1e50ffcd6269da634b14c0e26fae83a1836aaf","first_seen":"2025-08-12T08:05:17.917542Z","last_seen":"2026-03-30T21:52:41.781624Z","times_seen":30,"resource_available":false,"data":null}},"time_used":712,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":435,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/assetss/domino22_1697682487356.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/assetss/domino22_1697682487356.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 47768\r\nlast-modified: Wed, 09 Jul 2025 06:33:24 GMT\r\netag: \"686e0d34-ba98\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47768,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced","md5":"5b2856b4c55775418d9ebcf448893b1c","sha1":"65226c145e4bd314b804e9002c2c9d6a69d29fb1","sha256":"437d14fc775acb701c427f87e83d7572635b9201038e9e37f0b1a33470db2da6","sha512":"e27e29a41bc8ab57e3d15d493ed50640d7da3b9d1690900d301aaa7c5c4b8f9ed908190d7b5445008b57b7ba22abbbbfcbdd1ea656591e571af1a114a7c475ee","ssdeep":"768:qZ537lbkMMFMhtsTTAJZ+ybUsLm6/tWZPxddSUHTNPlDdU/0skQBJ4ejxdjO9:qPhvtkAJwLv6uPbHZducsPZy","tlshash":"57230244bb3af66679a7a8036b571374b10bece69a17f81068c6fcf8dc87404a1d6f01","first_seen":"2025-10-14T06:41:13.647092Z","last_seen":"2026-03-30T21:52:41.765294Z","times_seen":7,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":173,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/logo.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/logo.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 15 Aug 2025 10:19:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"689f09a0-1897d\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TYoi08UqLm9I5RVa5ztsqq7pOXbkQa5HdMABg0itjeFiqe4bCHzSL5Oep54dJ3HOzQkQnrvUbdTtXN0lVPm665qNW31oY9KcfCh2YDeeTAuzjTsljQ1B9yFYgld5o10%3D\"}]}\r\ncf-ray: 9e4a544e2d7eb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":100733,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 824 x 200, 8-bit/color RGBA, non-interlaced","md5":"eb11d6702abb956fa6d32c434e321191","sha1":"bb2603515b95877efc92abf0a99f089139094d73","sha256":"5f229faa0acea77ea695e39dce513f208edc96160773c9c637628a8415c9b0cf","sha512":"408a581a1890e3cbe8988eed01ab8268a10c0e4f9f5cc9ed14449830247b73b3c7ade8361a0043a74fdefb9d154e42080b0b7afe6ce4addbc65e918adfffbd8d","ssdeep":"3072:HM+MGGUDhH08C4M0F0TzO/zutIhAPfTyio/L8:bMGA74MfPi6tICTyfL8","tlshash":"a9a312bc6b3adf0e50a8b83cd85229105d2641e1c2b6b5f0fe6394539191146d1ff9fb","first_seen":"2025-10-14T06:41:14.023136Z","last_seen":"2026-04-07T22:33:13.739193Z","times_seen":6,"resource_available":false,"data":null}},"time_used":902,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":728,"receive":174,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-3.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-3.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-746\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UDZdvjm%2B1v0bShth%2BWcIa3%2FXTlMvz0qHkvwexj8xXWpN1Wy80zjYVGBzPY0QdOslTl8W7YtjCKR5kD00LfCQTwrFoJgW6h2HvrblWaNBmUlv6chJw2C1pgtfrZ4D0II%3D\"}]}\r\ncf-ray: 9e4a54561e19b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1862,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 184 x 104, 8-bit colormap, non-interlaced","md5":"e7aa9b9378d9b8e988408d3458d3e538","sha1":"dbb8afb69837f57bbce62d33dcc581ff26d23089","sha256":"1179ea59369220420cf752f219ce3e1f7ae72eaf9403cd5d7ae8590c807dde34","sha512":"bec50af2401d41b25eae8a4c26f9129ba8501bb628e8b1aecd51a948c8deb7d41439f1de8ddb26cdc3e3006bf201a90271c4638fa7289515c29661e67b6e020f","ssdeep":"","tlshash":"4331fb7ff5c1582e948072f2939a21409d7966d72c7c4c4f9879ace9421b6c98238f6e","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.772099Z","times_seen":169,"resource_available":false,"data":null}},"time_used":735,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":735,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-2.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-2.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 881\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-371\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T0tIW0APBeWSfR07E4uHb5ovOX7FR19lbPLytrmUo3ZeIksdQt0Z7GCGDdDc5jYBWcT1i47p%2B8c%2FRn1vyH8bDWUpWBtk%2FRXsSQdW2PV%2FDFMAa5grx%2F3ipS8fUvuLrCI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54562e21b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":881,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 25 x 22, 8-bit colormap, non-interlaced","md5":"9411d15dc80d7b917a840691fbfc9876","sha1":"a464b8a565480f72481a8b41f4d57fc507ee6fab","sha256":"ba44ffbe60f02759e43bb0f137ab92aa680b19e2f04abe083910463a0d8f4740","sha512":"00e57a70eed5e7ba99bf79271685905c9f8d584435631accf968d1a395ac21b0162a3f48483cb6c265fa454991877729334a15cf2a935f5fa20772ea945702e2","ssdeep":"","tlshash":"7d11125a39fd4697c0f8036d836eab2aa7501d04e9305a08713db9ee6279571397e212","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-04T11:33:08.892465Z","times_seen":134,"resource_available":false,"data":null}},"time_used":737,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":736,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s1.kpsjitu.space/slide_banner_pc/KPSJITU_BannerPC_02.webp","fqdn":"s1.kpsjitu.space","domain":"kpsjitu.space","tld":"space"},"ip":{"addr":"167.99.75.0","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s1.kpsjitu.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 06:05:14 GMT","end":"Mon, 22 Jun 2026 06:05:13 GMT"},"fingerprint":{"sha1":"EC:90:16:BA:11:0A:AC:E7:D6:21:1F:09:FF:C5:E1:23:3B:B3:DE:4E","sha256":"BC:34:40:67:31:4E:5F:58:18:2B:4B:3C:D1:10:EF:DD:35:77:30:D8:49:77:B4:6D:77:37:05:26:71:68:C6:61"}}},"request":{"raw":"GET /slide_banner_pc/KPSJITU_BannerPC_02.webp HTTP/1.1\r\nHost: s1.kpsjitu.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 96958\r\nlast-modified: Sun, 17 Aug 2025 14:15:04 GMT\r\netag: \"68a1e3e8-17abe\"\r\nset-cookie: SITE_TOTAL_ID=011299d5c970649c0cbe0602e12abf15; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96958,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ae3153ca960bd348487888866d4a7546","sha1":"37fe080a0b0e2476350f15b939ecb97fcd19a709","sha256":"479f534af3b1d57afa08dd90d12466032e4d7b793f9e37b23110019f553f7128","sha512":"3a9182e73ef2e9306ee86c92dc02e732ac2f166b4ba98262349dc7eb0a206a7cded189b21f19fd55dab06a72826f4342893a9d645461a52b51dad8b0ebf8d714","ssdeep":"1536:+JJqj6fayKYm5U3ObLbi9K9G3VkuL12C/bfyZLmyWL1z2o2220Tj5rGnOB:+JJ4qKYt3qGmufrpyWLBtR1T9rGnK","tlshash":"059302359573afb1cab4e5348eb0e261f1b7536ce722d18978ae23265713050f9481df","first_seen":"2025-10-14T06:41:13.754126Z","last_seen":"2026-03-30T21:52:41.77526Z","times_seen":5,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":359,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-2.png","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-2.png HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"63a0359a-5ac\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ELIa%2F1%2B4W%2FrOl4%2BFhvx0Wi9N%2Fx5BpRWfX%2BsM5epGtMqMdYN7MH1PnGoE1TGRsjcMWuf8qqFFUzhJomt0YNq5jRxD9vwa4nMoHcy9tQCQB5S5KJIJGbObH8iRo3UZ01w%3D\"}]}\r\ncf-ray: 9e4a54561e18b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1452,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 164 x 104, 8-bit colormap, non-interlaced","md5":"1405fd25ed863c4660f8fd4a738322c6","sha1":"778c64143680793a2ed8cb614af16313d5054498","sha256":"a66b05533e2fbb4e719f80cf7950bd228d62d9c45dd71facfdefbc4864bccf1f","sha512":"791de6bea8b9afed48461562f6fad89267471f46175008f0e6cb33ee308bd4c2c2c964266d69726911683b3b86d010aab36a7ee5bf8f67048e629f47539dc3f0","ssdeep":"","tlshash":"8331a7e78317dbc6ea76750d6758a151a87a924c8c17ab030f05a3673d651e2549030f","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.756018Z","times_seen":167,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"analytics.ahrefs.com/analytics.js","fqdn":"analytics.ahrefs.com","domain":"ahrefs.com","tld":"com"},"ip":{"addr":"172.64.148.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.782Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"analytics.ahrefs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 07:42:18 GMT","end":"Sun, 07 Jun 2026 08:42:16 GMT"},"fingerprint":{"sha1":"AB:42:29:51:83:63:61:89:2F:B7:21:11:53:AE:81:BA:58:56:D5:67","sha256":"88:12:1F:4A:F5:98:86:1D:DC:9B:9F:7C:01:E9:39:74:04:FA:E7:56:29:00:EC:59:DA:1B:D5:81:4F:88:3B:6C"}}},"request":{"raw":"GET /analytics.js HTTP/1.1\r\nHost: analytics.ahrefs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 2692\r\ncf-ray: 9e4a544dab56723c-OSL\r\ncontent-encoding: gzip\r\ncdn-cache-control: max-age=18000\r\naccess-control-allow-origin: *\r\ntraceparent: 00-98320bb363b84a4995530ebb9a68bd43-94ecaeefd1454596-03\r\nx-request-id: 3e744e86-4fb5-49c4-aa1a-05b4b0167162\r\naccept-ranges: bytes\r\nlast-modified: Mon, 30 Mar 2026 17:47:04 GMT\r\nvary: accept-encoding\r\nage: 14595\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6947,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (6946)","md5":"661ceae031b0d59dc2f3beeac0ae7cfd","sha1":"3b7e9107ffeb21d0c41bfdeef7118ea9d58be07b","sha256":"b270afc5f9df7bcd9239c22857fb1511bba1398a28b1c3548272d720cb433c62","sha512":"b9630a50fbf1c6db29b47246715f640bdc24ed2d268627305989e615be4999fac0d8cbbef4336c2bae701eef903554954566e8dc23a6d623ddf7cfedffbaa062","ssdeep":"192:04fDU0pA7KQisEplEXQI5AuTYafgbNCz1Rx5NFKtiF:jfDU0pA7KQi3plEXQI5AygpC1RnK8F","tlshash":"c8e11a9c723075790877ada1e5ff3743f233a563a881e0914219dd802dac98f42abddd","first_seen":"2026-01-07T13:13:26.365481Z","last_seen":"2026-06-08T03:09:54.449185Z","times_seen":10261,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/lang_id.json","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/lang_id.json HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: application/json\r\nlast-modified: Mon, 07 Apr 2025 17:18:00 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"67f408c8-4251\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KD4mKlTCwZb6C0D3i94IDh5HyxUaQQVTAjZ9bp487zYX5rR%2FgQ8rhW36otLmUx97OmyR%2Bl4aDVRrZh%2FZEkcPHKEgHOEUrxtW2yvKnxvSCqCSflGbAfLJBSf3cbN8BAY%3D\"}]}\r\ncf-ray: 9e4a544e3d7fb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16977,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4de299be293b748892981ce06b63e71a","sha1":"ab52821c6094ef966d45be34df89ad4c111cc9b7","sha256":"15ef4685c676369e4334e956e64a7729a4d2e72811ad931ccbc1b00f36ed1a49","sha512":"6996770ff852644d6e14a5ae2df7b0ab344b3aa8d4c34c60c71041e8b56121819d62917200d62b8f915d70e09b9bcb32c9e12265ed630ef792d8f04f7f0ba0c6","ssdeep":"384:aGy5oP235E5OdlTfzA9NBZiqGJ4IW8scmgRCQm:+5o+pEIlTsvBAbJXSPZ","tlshash":"27727123c9485ca30ef857e6a8a94e16f88c136f47001a1f3a7c4ffc1ff39656681a25","first_seen":"2025-06-10T18:00:27.08676Z","last_seen":"2026-04-08T01:47:55.552222Z","times_seen":96,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.livechatinc.com/tracking.js","fqdn":"cdn.livechatinc.com","domain":"livechatinc.com","tld":"com"},"ip":{"addr":"95.101.10.202","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"livechat.com","organization":"LIVECHAT, INC."},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 11 Jun 2025 00:00:00 GMT","end":"Thu, 11 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"66:A3:6F:A0:92:9E:A2:01:91:16:68:AA:27:A9:41:28:FC:25:27:68","sha256":"03:FC:5A:F6:F7:06:15:5B:0F:31:DB:6C:4E:D7:E4:1B:69:80:1F:C3:5A:E3:85:5A:FF:8D:22:81:92:ED:25:2F"}}},"request":{"raw":"GET /tracking.js HTTP/1.1\r\nHost: cdn.livechatinc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG3nSGV_Z2_31Ibqjqcp7fLTrUnMjewPNhELzgxf3y-R-kzHlylSI2PqD-0qIOz14jpoosGHLZE\r\nlast-modified: Mon, 30 Mar 2026 10:49:10 GMT\r\nx-goog-generation: 1774867750326177\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 102724\r\nx-goog-hash: crc32c=J5fKxg==, md5=Y3tooCH5amI+YBeS+72nTw==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *\r\nserver: UploadServer\r\ncontent-encoding: br\r\ncontent-length: 33197\r\ncache-control: public, max-age=28800\r\nexpires: Tue, 31 Mar 2026 05:50:21 GMT\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":102724,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"data","md5":"637b68a021f96a623e601792fbbda74f","sha1":"a72a9e32e24c93532c5bd52ee3f9740f502a948b","sha256":"0bdfbfd7e34c3f5029055680b704b2a065032c4903dca5756bba4a64c3316823","sha512":"a7be4208d8a0427c013879955f19036449721925bd169b78462815d8fec05208cbf0be238eae9c2e9254f9df9f5e5d646de49510f0570c50928b11f0c104fd9e","ssdeep":"1536:E5y/uRri7DJnagIckNmeuR5bydWiBwpDwLCPoRvCRW6Rtt:E4/uRu79aXuRxyk8vCdRf","tlshash":"3ca338d67282b03493f785e7a17f6216b33a291c740d8410f17cec6a396a9879177f2e","first_seen":"2026-03-30T10:48:37.359497Z","last_seen":"2026-04-01T06:11:13.950109Z","times_seen":136,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":34,"dns":10,"connect":1,"send":0,"wait":4,"receive":3,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-4.webp","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-4.webp HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3826\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-ef2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oIkB2SN32q2hmkTkEnLh5ihs9EtCFeHN3aYZgh2T1VYLmpeMRcVcpf4G1AFgwdUdRQHAvaC%2F%2B5jZYuZLrKT2500dAf%2BswoZTZX%2FypmaeYKCWaL2uXd234lEq75T2c8U%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54561e1ab50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3826,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"498b4b050d4a7acb1a314761aa2f1435","sha1":"655cbb7443f67b8ffc14457c354e0b9d495177c5","sha256":"f45cabd11801b96f64f9e3bc9d5ff99f964405e98b079181234bcc57494a921f","sha512":"245f063bed4160886643e890554a70ccaf17a45257b379a59bb109128bffb0e41218c4a080c9ec0e46533ab5e78ae24cda15a988a337d0c2b4eef209f29cb57e","ssdeep":"","tlshash":"1a815b106f4cfaa0fc6b6676bc19b121733a99475893cd90eee9728212f35064500fe9","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.846425Z","times_seen":154,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/work_together-5.webp","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/work_together-5.webp HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3118\r\nlast-modified: Mon, 19 Dec 2022 09:57:46 GMT\r\npriority: u=4,i=?0\r\netag: \"63a0359a-c2e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uZRpYFgBnUaUgFSORe7PaqWHUkczdvaId%2F1v70%2FPNw8jDTedyTrJULJEUCPqLRf8WGPbRTpEZaCR%2FcB%2BhPLoVCif8Ux0gzqqMJL5h7yPUyuXWMQZ90k40KOH3p%2FOZpU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e4a54561e1bb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3118,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"254a5a227d9269f9bff5e88ce8437f63","sha1":"3df161be2ee03eb6afaf651cc820f923d34e30f1","sha256":"83a11ca170096a11e6778e36c880283c3013939c9b352a2d507a6367cb57e177","sha512":"4336f1ccac7e44f9efef566f8a32a98306dc9bba96438e47449e3b62aa3ded4730b0c816a51cfc414628115ccdc2154c2adb988da61c2cfd0abdfb88a30f4ea9","ssdeep":"","tlshash":"29513c97409e73b7f0485e4baa87d82f1a895acdefca4953160b7c9811bcd5c902cd2b","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-06T08:47:49.802038Z","times_seen":172,"resource_available":false,"data":null}},"time_used":734,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":734,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/office/game-oc/game/getNodeInfoList?l=id\u0026parentId=10650039","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /office/game-oc/game/getNodeInfoList?l=id\u0026parentId=10650039 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Access-Token: \r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: https://kpsjitu.live\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 3600\r\naccess-control-allow-headers: Origin,X-Requested-With,Content-Type,Access-Token,Authorization,X-Access-Token\r\naccess-control-allow-credentials: true\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 3\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wSYbG%2BCnugm%2BuUktba4ad8j9M3716FfmPeF73Sqt3y1Rlha1EAmAkyaVeIk7RA2uNHzmAxgwWF1twxc3ast61S%2Fry8EhGyhimigky0tjSO52moFdk9H092zj4C6r400%3D\"}]}\r\ncf-ray: 9e4a54568e2ab50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8413,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"15da45b17f488f24f085c953588330c1","sha1":"473468363fed15a72af197ecb89537340a67999a","sha256":"bff64fdce5aad862cda4158f2b1c3268b2c08ac8628a9ab74762335fd42d2be7","sha512":"56601559e70d6afc1837393b0ca1744afc532a84bbd377457adb305e51b103f54bfcbba7f1ca8dc767467a0bf28b90b7cc6a0b051a06f1a7d0d71f1aeb51fc47","ssdeep":"96:z0tNPNG4GartcW4wntYB47mt6/HxHftaytKfKb8tvwMNUTt7830tDu1tnPSKtZZ:z0tvr0wnF7m6xHEy0g8/Ue3081AKZ","tlshash":"27020090591c5e9326a5ef88225cbe836bec112fcd91ce74a58ccf29d8f66fd1132613","first_seen":"2026-03-30T21:50:52.11127Z","last_seen":"2026-03-30T21:50:52.11127Z","times_seen":1,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s1.kpsjitu.space/slide_banner_pc/KPSJITU_BannerPC_03.webp","fqdn":"s1.kpsjitu.space","domain":"kpsjitu.space","tld":"space"},"ip":{"addr":"167.99.75.0","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s1.kpsjitu.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 06:05:14 GMT","end":"Mon, 22 Jun 2026 06:05:13 GMT"},"fingerprint":{"sha1":"EC:90:16:BA:11:0A:AC:E7:D6:21:1F:09:FF:C5:E1:23:3B:B3:DE:4E","sha256":"BC:34:40:67:31:4E:5F:58:18:2B:4B:3C:D1:10:EF:DD:35:77:30:D8:49:77:B4:6D:77:37:05:26:71:68:C6:61"}}},"request":{"raw":"GET /slide_banner_pc/KPSJITU_BannerPC_03.webp HTTP/1.1\r\nHost: s1.kpsjitu.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 145158\r\nlast-modified: Mon, 18 Aug 2025 18:23:52 GMT\r\netag: \"68a36fb8-23706\"\r\nset-cookie: SITE_TOTAL_ID=95af6310a60eca2b3e7cd0f41690f1b7; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":145158,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b02b5c1fb3162e2a7c07c1cdd7c2d034","sha1":"d3d9b161fb028acf8ecca6b30c81b2123f78858c","sha256":"e407e2e7ce15db583aad7add92fb667bd5df0a5c6c1049d7a29a1a1732cd0880","sha512":"35137e530112533f44313b142601ae3e9a7608c8d0533d0e59eba5de7677d605d63ba8b5ed65b97e028435c6834f9e6e2d948f62fcceb39ee22dfc5c080215e5","ssdeep":"3072:BJJzmcdRnvi7i0U2PHkvdHTfS5XsqXWgmD867Cv0NrkJTsmB/08Tz:FmcdRviGOPiHTfS583D8cCv0rkJJ/083","tlshash":"b1e31228ef118f49e9deb57ccef0bb410e5b626db1056299b5ec362e2751239cd88086","first_seen":"2025-10-14T06:41:13.941814Z","last_seen":"2026-03-30T21:52:41.809874Z","times_seen":5,"resource_available":false,"data":null}},"time_used":691,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":367,"receive":324,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"analytics.ahrefs.com/api/event","fqdn":"analytics.ahrefs.com","domain":"ahrefs.com","tld":"com"},"ip":{"addr":"172.64.148.115","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:19.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"analytics.ahrefs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 07:42:18 GMT","end":"Sun, 07 Jun 2026 08:42:16 GMT"},"fingerprint":{"sha1":"AB:42:29:51:83:63:61:89:2F:B7:21:11:53:AE:81:BA:58:56:D5:67","sha256":"88:12:1F:4A:F5:98:86:1D:DC:9B:9F:7C:01:E9:39:74:04:FA:E7:56:29:00:EC:59:DA:1B:D5:81:4F:88:3B:6C"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: analytics.ahrefs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain\r\nContent-Length: 213\r\nOrigin: https://kpsjitu.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: application/json\r\ncf-ray: 9e4a544dec02723c-OSL\r\naccess-control-allow-origin: *\r\ntraceparent: 00-bb83e89fd28744489bcf8bcf21aea127-38d94e17e26c4bc5-03\r\nx-request-id: f0de0393-c963-4cfd-8d98-0d292752ee83\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1bdd82600d2859af8d96bbd39fc8a3a1","sha1":"8d876d917ce9efdda1bfc85727d421ab541a7861","sha256":"d42d95676a5fb59c33cf368c1c8fc71930805c1f4111bb007f02ca6bc05ed42a","sha512":"7a500f01a6c98df1379077a6768bd2e2451fc5f05703ce6577162d21869eceed475dbd288e8dfcf9dd6753ef1a15a0ceb121f4e0100e5a6c346b64b86506715d","ssdeep":"","tlshash":"a150000f000000300c000000000000c03c3330c300003cc000c00c0c00030303000330","first_seen":"2024-12-12T05:05:27.500171Z","last_seen":"2026-06-08T03:09:54.451665Z","times_seen":18280,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s1.kpsjitu.space/slide_banner_pc/KPSJITU_BannerPC_04.webp","fqdn":"s1.kpsjitu.space","domain":"kpsjitu.space","tld":"space"},"ip":{"addr":"167.99.75.0","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s1.kpsjitu.space","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Mar 2026 06:05:14 GMT","end":"Mon, 22 Jun 2026 06:05:13 GMT"},"fingerprint":{"sha1":"EC:90:16:BA:11:0A:AC:E7:D6:21:1F:09:FF:C5:E1:23:3B:B3:DE:4E","sha256":"BC:34:40:67:31:4E:5F:58:18:2B:4B:3C:D1:10:EF:DD:35:77:30:D8:49:77:B4:6D:77:37:05:26:71:68:C6:61"}}},"request":{"raw":"GET /slide_banner_pc/KPSJITU_BannerPC_04.webp HTTP/1.1\r\nHost: s1.kpsjitu.space\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/webp\r\ncontent-length: 224130\r\nlast-modified: Tue, 19 Aug 2025 09:34:38 GMT\r\netag: \"68a4452e-36b82\"\r\nset-cookie: SITE_TOTAL_ID=19c0fceaffd699f8b38127798434f05a; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":224130,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cb46cf4cbe7350f322510adcf1823622","sha1":"8a5ba903c230d897e180d49aaef82a3036cff5e6","sha256":"d33cd7caf1bbc8fee7c86809b757893334486011c5fc098b4b080075a27bcdc0","sha512":"ab1117eaf4b550716674c20435367d58291c317bf00ce9444e624bd41b170bc348f8983f9b72778a65fe12c75b68ce63b827db4ad6bb97a698910dc5a7599f4b","ssdeep":"6144:FXduZQkqmQcw+ylE8QOrXa1wOVz6K4tkX+AKO:pd8Q1cw+ye8PjOVz670l","tlshash":"9b24122ede9b59adebb490748fbc9295d5b74b04d6300686340cef060f481bdcfa919a","first_seen":"2025-10-14T06:41:13.908365Z","last_seen":"2026-03-30T21:52:41.767032Z","times_seen":5,"resource_available":false,"data":null}},"time_used":695,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":366,"receive":329,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/assets/PP-Web/vs20olympgate.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /assets/PP-Web/vs20olympgate.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 23088\r\nlast-modified: Thu, 21 Nov 2024 01:28:26 GMT\r\netag: \"673e8cba-5a30\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23088,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"d8f2dc58ff113b9cdf83ff2bc04e5692","sha1":"35459f380e367c5a4569f2c336c351253378bcec","sha256":"df5a2d8e64e3ef3af17e99b8d99ff8a5e332ba801fc2ca91f4f6032d70414562","sha512":"c656ea90c09d7051b2906a1359063d545226e2c6ee0f0f63cb975b67c08508b15e93bcbc13c9b121bb70718dc18d55985a6d048ba99da9bb0efe3d5ca34d569a","ssdeep":"384:2CrAmVxLdaFju/ZBsfRZ2CDHzDdPxEipjfoVCR4yVzVSKtZZRvVvVpOouMkJGlW5:vrh07fOCjzNWipIM22Z3VtkMgJ5","tlshash":"36a2e0b7e5c284ec0a3b73afc2741b1b1cdc7422489c07611668e2e282a66e7cd431da","first_seen":"2023-05-24T19:19:39Z","last_seen":"2026-06-04T11:33:09.085271Z","times_seen":55,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":289,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"jestercloud.net/uploads/mj-3-scatter-hitam-20250930-053551-7600.gif","fqdn":"jestercloud.net","domain":"jestercloud.net","tld":"net"},"ip":{"addr":"172.67.183.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jestercloud.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Mar 2026 18:19:07 GMT","end":"Sun, 31 May 2026 19:17:32 GMT"},"fingerprint":{"sha1":"A0:FD:C4:87:34:E5:4A:82:F2:77:62:84:14:3B:1C:90:DA:B6:C6:98","sha256":"98:B1:A3:D9:2B:D1:DA:8F:6B:5E:BF:9E:C1:32:1B:AA:82:72:B6:32:98:94:A2:AF:79:A0:2B:AE:9E:4A:15:73"}}},"request":{"raw":"GET /uploads/mj-3-scatter-hitam-20250930-053551-7600.gif HTTP/1.1\r\nHost: jestercloud.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 30 Mar 2026 21:50:22 GMT\r\ncontent-type: image/gif\r\ncontent-length: 6209798\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 06 Apr 2026 21:50:22 GMT\r\nlast-modified: Tue, 30 Sep 2025 05:35:51 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v4MT8W4W%2BPPp5kZu%2F2VhAhVXaDEhRncuo7YKSIRH2vj38OaEL%2Bcx9CRBa7zEOrZ40lyrKTKd1o9N3i8erEJO20JzneXLqu2Srgg5hTPJJ8V%2Fmay4hs1nEgO8iywiddJagcc%3D\"}]}\r\ncf-ray: 9e4a545aecceb50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":6209798,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 400 x 400","md5":"dab8c55385bbd441de3de973409d19ad","sha1":"38be4cb4c1af4e87299350b02556d6409b817312","sha256":"227030b9b3588c685d9352c93b952cdf422734825aa1a7fa0b49afb67f961a5e","sha512":"ee4252675fac9c0bd8eabbba2d6556db2dd7df9425f982eb35eb2a0cd12b5deab1930c7caf105ce9dcf3ea30521ca767d507631f141c2c368434cf7b507acca2","ssdeep":"24576:gS1/1MCeqKMsEuieuaoBZ8484Q25qR8nILJ1Yj:gSfduE7eucGtgUILJ+","tlshash":"e225337ccd759ca8c5f078559c9a3ceb986a2d1db2e4e1331e90eb93300a3fd2794925","first_seen":"2025-10-14T06:41:13.631995Z","last_seen":"2026-03-30T21:52:41.818064Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2321,"timings":{"blocked":77,"dns":21,"connect":1,"send":0,"wait":721,"receive":1443,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-30","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"jestercloud.net/uploads/mj-3-scatter-hitam-20250930-053551-7600.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/m.style.css?v=2023090801","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:18.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/m.style.css?v=2023090801 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 18 Dec 2024 11:35:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6762b36a-1c304\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NVwJ2LRcGyMzsppJ%2B0L1YtNMo5tRaq7TwfYo%2Frx86p8dD7kXg1uDWsAlH9EhnQdAFY4Yh%2FfbVxggOgum5K%2BRuchGAZ0gtxvhiE%2Ful6DZSn%2B10OiwY3eeORw2Jy9ZJPc%3D\"}]}\r\ncf-ray: 9e4a54489d58b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":115460,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b172cb9b47014f8ec79168e470aef36b","sha1":"0f92b0fef77735b9e75913e038a15a8c9911748f","sha256":"532b7468f901eff09871179f63914b158d5853502322776bc3bf60a6a37f336d","sha512":"13814c0f4a2469706484a8d2d9283ab95acaf374d968cf74d84d0a28ead8d722b4e00a350ac629c40818eb1dcc243f9fa58c00226858932fe4b36456a8ff166a","ssdeep":"1536:2tTxHIY7QYGbfsEZtmCBDXgq4a221Az8QkClZB0kiR8:0IFtmCBDXgq4a221Az8Qkp9R8","tlshash":"8db3b32a2e95122df6bbf53779e077cd4228c005da13175dba07ee7ac5cf25221a3b09","first_seen":"2025-04-28T01:39:35.743153Z","last_seen":"2026-05-30T20:41:14.493223Z","times_seen":27,"resource_available":false,"data":null}},"time_used":732,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":730,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/m.common.css?v=2023083101","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:18.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/m.common.css?v=2023083101 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 21 Aug 2023 11:06:28 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"64e34534-3f22\"\r\nexpires: Tue, 31 Mar 2026 09:50:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6LbhkkQKOOcE721ib123kRFv8366tEBidH6%2BAI376O8C0Atas%2BKs0Yt5z7FxDV91VZdBWKnyJw6yiXD%2FcWhcDEx87Cu7JOgsZ8K8RYuN8h9tqJwyrE28cJsH2GVJe8M%3D\"}]}\r\ncf-ray: 9e4a54489d57b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16162,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16162), with no line terminators","md5":"081b06908b7d406c15227f40274602e0","sha1":"9f96375ae919de306e9609581ea5467245550e62","sha256":"e992620adf0da0c7eb49d8ccfba0ddcf864682ac415d297746edbd2e49b6fab8","sha512":"a0151da14083f44d47ce3cbb2ba414745bfe65f67dbfdfa118269bb7a1af7d86226489bc1a2c88bb05cf164263d520c894296d5960a2e7d2fe4e3acc3bd8c2a6","ssdeep":"192:2gaQSsneDzmGvgWyw0sQPTcOLBZNCO6YVlyPcNlNCvYTolvxaZFb0r5lkh9QsA9S:2ga4eDzmG73Q7cOJdLBo5QZlq3SA9S","tlshash":"6672543b6d912a1db92bd9257de047dd4229c011e3130b5ea71b6ebacacf34505b3b48","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-06-04T11:33:09.115792Z","times_seen":141,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":726,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/resources/images/icon-bookmark.svg","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /resources/images/icon-bookmark.svg HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sun, 26 Mar 2023 18:04:14 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6420891e-426\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pBUCRG0F08QY5zP9n0n5X71pPnOBOpXtxOhxg5D8knceIr533QC2q4NyuWKP9Usc07b3eFo69iAa7d7WQbmSsj6mxNPVdLl4EWg7EMqOS%2FTldEFHbuBoHo2qjmDinh8%3D\"}]}\r\ncf-ray: 9e4a5450dd9db50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1062,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"63caf2cdecd8a16de06c62067f2ee0ce","sha1":"c0fb077d97368667a61fca03b319ffe5e3a00310","sha256":"934e8f9260ea89de213e19b31736c6e247ae1c8ae72431ae6cbce86a1e12e256","sha512":"7e6124d784199670d4f68e17070e76037d8461b83ddf504c195cf739f5f230d1d724d24c04a97596182566df8bddf79f1663c503a4d70fd361fa8b010e849d4e","ssdeep":"","tlshash":"2f118b54cd6cb67eb10c9314ef7cd645477e1096b1826e4accbc66e1c2c58c0ad429af","first_seen":"2024-01-01T02:54:45Z","last_seen":"2026-06-06T08:47:49.771339Z","times_seen":123,"resource_available":false,"data":null}},"time_used":722,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":722,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kpsjitu.live/office/game-oc/game/getNodeInfoList?l=id\u0026parentId=10653213","fqdn":"kpsjitu.live","domain":"kpsjitu.live","tld":"live"},"ip":{"addr":"104.21.18.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kpsjitu.live","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:52:47 GMT","end":"Mon, 25 May 2026 05:52:46 GMT"},"fingerprint":{"sha1":"09:F9:60:24:9A:D6:F0:12:D3:FC:F5:12:16:F9:6E:55:13:F4:EC:07","sha256":"D5:0D:92:5E:6C:F5:6C:D7:89:45:BC:CA:79:62:72:0C:A0:6B:D2:29:EB:EE:B5:F8:9E:57:F3:3B:F2:4B:1C:63"}}},"request":{"raw":"GET /office/game-oc/game/getNodeInfoList?l=id\u0026parentId=10653213 HTTP/1.1\r\nHost: kpsjitu.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nCookie: _ga_6QVTNVEL3J=GS2.1.s1774907419$o1$g0$t1774907419$j60$l0$h0; _ga=GA1.1.1088219089.1774907420\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: https://kpsjitu.live\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 3600\r\naccess-control-allow-headers: Origin,X-Requested-With,Content-Type,Access-Token,Authorization,X-Access-Token\r\naccess-control-allow-credentials: true\r\nvary: accept-encoding\r\ncontent-encoding: gzip\r\nx-envoy-upstream-service-time: 11\r\nstrict-transport-security: max-age=31536000\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nTgod2io7Gof4uCtQSOSiVdCoi3qLnXz3LQ4wDtkg%2FgF%2F6fq4p1cn5sZIHJeN2DRCF%2F92xl3figC3FfDI3zXnTXPS5o94FRwHFKUd12OEFWQG4p6X5h7xAUugr%2F0wrw%3D\"}]}\r\ncf-ray: 9e4a5458ce47b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16608,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3951655ed07bebb99dfafa7b34793f37","sha1":"e92e1e1ecc58937807b19563ec9f456441eb2691","sha256":"6266aa3a4017fe880a8d5823d3b4a084bd1661902f97d91fa03d97e5d2987e41","sha512":"6102b023684ced5bd829622dcd6acb2dcb68b12dfed507c06d5923edede95612f80405cd7b390a6eee60734b10d64024f076bdf26709b280742bbf10613b1180","ssdeep":"384:p5OBZrxLXGyAiufoua8QGxJuhTExT/LOUWivSXMp8dTt4xx+dxmDb5c:psblDzBGoX7G3ugjqGppx9Zc","tlshash":"5c723491aa1c4ed61665efc8229c7ec36aed112fc9d0ceb0a49ccf35dcf62f61121522","first_seen":"2026-03-30T21:50:52.119069Z","last_seen":"2026-03-30T21:50:52.119069Z","times_seen":1,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-30","alert":"Sinkholed","trigger":"kpsjitu.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com//assets/PG-Web/cardList/65/app_icon_small@3x.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET //assets/PG-Web/cardList/65/app_icon_small@3x.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kpsjitu.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 17215\r\nlast-modified: Thu, 21 Nov 2024 01:28:22 GMT\r\netag: \"673e8cb6-433f\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17215,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 186 x 186, 8-bit colormap, non-interlaced","md5":"c3d05f804602102836104d2854cf8b96","sha1":"2014dac24db70db92cf74a11d3c55e81ea26b837","sha256":"e744cada1250b6c4696f36113a29632b80c1fb52ce9ef0692f78df762b7dc7ed","sha512":"38510f232c6059988e2d34f7dcc1980cb21b0ef89b4c651ac70f0de6f92870a0369d9c598f7fbb28bd68496d11fc34615a55a4a31011853561f96bac751d7fa5","ssdeep":"384:vsBnPEFW0b1NJy2ovt2V3NXQ0m7c5MuGQQgX/vfx+1eSC1j:OP9uN47ZTgX/nx+MSIj","tlshash":"2372cf41915d726b6699652bcee844fc9581e67a006cff8b523fc1c30daeda8cd9e180","first_seen":"2024-12-10T08:50:07.153965Z","last_seen":"2026-06-04T11:33:09.094304Z","times_seen":85,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnMenu.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:20.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnMenu.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 1244\r\nlast-modified: Thu, 03 Apr 2025 09:57:25 GMT\r\netag: \"67ee5b85-4dc\"\r\nexpires: Wed, 29 Apr 2026 21:50:20 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1244,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 46 x 46, 8-bit/color RGBA, non-interlaced","md5":"dba26a27c74e3ace0b39f6435ededc47","sha1":"8e5f07c1ade45f2dd6d4254e8c2b4c9cd919f9d5","sha256":"223cf0620480d5c851e959a51a02b81da185196b93d666d0bbaad2852cff0840","sha512":"ac6e6bcb70d64f6b4eed6298b730081ad5e6f46d652de95a555b9aead073f5e0272b414d94c1e543b3fb8614b30b38439196e2871caa50b125911d8020d7bb7d","ssdeep":"","tlshash":"2021842eb6805c00415dc5c310fb4613c62249c1d7e2eb69beceea1b5e351b5dca68cb","first_seen":"2025-06-10T18:00:27.069919Z","last_seen":"2026-06-06T08:47:49.764616Z","times_seen":102,"resource_available":false,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"png-res.png999.com/resources/images/theme/black-gold/btnSelect.png","fqdn":"png-res.png999.com","domain":"png999.com","tld":"com"},"ip":{"addr":"3.33.225.116","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kpsjitu.live/#/index?category=hot","date":"2026-03-30T21:50:21.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"png-res.png999.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 14 Feb 2026 23:12:07 GMT","end":"Fri, 15 May 2026 23:12:06 GMT"},"fingerprint":{"sha1":"FE:07:9A:47:22:30:24:0A:B6:F6:7E:2E:4D:04:8B:7C:00:AD:21:95","sha256":"B3:BA:70:4C:3F:CB:36:0E:1B:00:9C:E9:16:53:83:3E:7B:73:47:2D:C5:B7:08:A0:A3:7E:EE:29:A6:6C:3E:C3"}}},"request":{"raw":"GET /resources/images/theme/black-gold/btnSelect.png HTTP/1.1\r\nHost: png-res.png999.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://png-res.png999.com/resources/theme.css?v=2023070401\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 30 Mar 2026 21:50:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 16792\r\nlast-modified: Thu, 21 Nov 2024 03:26:15 GMT\r\netag: \"673ea857-4198\"\r\nexpires: Wed, 29 Apr 2026 21:50:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16792,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 153 x 154, 8-bit/color RGBA, non-interlaced","md5":"39c8158c0f87ca6ff7a7fd3c5ce40bb0","sha1":"0ec67ee95771d2cef1a341aa18227fc3fe4662b2","sha256":"10aa3f7ea866b99791950284f7b8302ab60c83b8d7126ab4b8bca2c87b768faa","sha512":"46685a7a3fff27f02035a9b0d07dee5347c06de93eda0502e335aa68e1c8bc43ce9195020e8c0ec531da22e5c849e156c924e7fbfcf65c32c1f334676aaa43a4","ssdeep":"384:Y9I+aKrECLk4HRFjqDcfYnY2wBZJ/i8F/T/KfkXlofiZqA90IaAy:Y93jrvwieIGcba8RzKfSZ2Gy","tlshash":"9c72d0fcadb8193d23ac7acbad1732d4d4f065893b2b11650c012627acef32d04ae591","first_seen":"2023-10-27T00:09:29Z","last_seen":"2026-05-30T21:03:18.057937Z","times_seen":36,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}