{"report_id":"52187621-7941-491e-b8e8-9059d33ac30d","version":6,"status":"done","tags":[],"date":"2026-03-25T21:48:19Z","url":{"schema":"http","addr":"cdxxxx.com/","fqdn":"cdxxxx.com","domain":"cdxxxx.com","tld":"com"},"ip":{"addr":"104.21.7.107","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"title":"禁片天堂","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cdxxxx.com/","fqdn":"cdxxxx.com","domain":"cdxxxx.com","tld":"com"},"ip":{"addr":"104.21.7.107","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T21:48:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T21:47:59Z","timestamp":1774475279,"ip_dst":{"addr":"Client IP","port":36398,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-03-25T21:47:59.934409+0000\",\"flow_id\":666642678783239,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.5\",\"dest_port\":36398,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.iseaskies.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"00:CB:90:D1:73:AF:44:66:54:44:AC:C3:0D:ED:74:B3:9C\",\"fingerprint\":\"db:29:00:ef:41:a1:05:3e:e1:8d:c7:c6:56:5a:2d:1b:ed:11:a5:d8\",\"sni\":\"obseu.iseaskies.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-03-14T00:00:00\",\"notafter\":\"2026-06-12T23:59:59\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1212,\"bytes_toclient\":3912,\"start\":\"2026-03-25T21:47:59.826631+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"xx.haobax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"euob.iseaskies.com","ip":{"addr":"3.167.2.15","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2022-08-01","domain_rank":456269,"first_seen":"2024-06-22T02:11:36Z","last_seen":"2026-03-19T14:35:21.486344Z","alert_count":0,"request_count":1,"received_data":122363,"sent_data":446,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"xx.haobax.com","ip":{"addr":"104.21.20.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-11-04","domain_rank":0,"first_seen":"2025-09-16T08:58:05.770328Z","last_seen":"2025-11-26T23:18:47.584134Z","alert_count":1,"request_count":1,"received_data":1629950,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-03-22T22:31:48.48691Z","alert_count":0,"request_count":2,"received_data":218071,"sent_data":1021,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"obseu.iseaskies.com","ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2022-08-01","domain_rank":396953,"first_seen":"2024-06-11T10:51:44Z","last_seen":"2026-03-19T14:35:21.469174Z","alert_count":0,"request_count":8,"received_data":9698,"sent_data":10068,"comment":"","tags":null,"fingerprints":null},{"fqdn":"images2.imgbox.com","ip":{"addr":"212.63.223.226","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"domain_registered":"2009-02-09","domain_rank":384284,"first_seen":"2017-10-24T18:55:51Z","last_seen":"2026-03-18T19:43:21.323808Z","alert_count":0,"request_count":1,"received_data":1629582,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.14.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"add2.pornhx.shop","ip":{"addr":"104.21.8.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-22T15:49:11.810703Z","last_seen":"2026-03-22T15:49:11.810703Z","alert_count":0,"request_count":1,"received_data":10503,"sent_data":411,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ic-tt-nss.xhpingcdn.com","ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2022-08-25","domain_rank":115151,"first_seen":"2024-12-01T04:04:03.087576Z","last_seen":"2025-11-03T08:38:34.53111Z","alert_count":0,"request_count":1,"received_data":56205,"sent_data":523,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"258451d89367dfb28gg.dpscx6.com","ip":{"addr":"203.107.63.189","port":8005,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"2026-02-26","domain_rank":0,"first_seen":"2026-03-25T11:06:30.675313Z","last_seen":"2026-03-25T11:06:30.675313Z","alert_count":0,"request_count":1,"received_data":15265,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.31","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"ic-tt-nss.xhcdn.com","ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"2011-04-20","domain_rank":169819,"first_seen":"2024-02-12T18:04:20Z","last_seen":"2026-03-25T13:46:11.011893Z","alert_count":0,"request_count":46,"received_data":2878116,"sent_data":23875,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"www.xyjdh.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-08-24","domain_rank":0,"first_seen":"2026-02-16T18:23:44.511955Z","last_seen":"2026-03-22T12:26:06.297323Z","alert_count":0,"request_count":6,"received_data":7011,"sent_data":6412,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r1s6.cdxxxx.live","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":30,"request_count":30,"received_data":1034821,"sent_data":15025,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"cdxxxx.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":102009,"sent_data":479,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/jquery-3.1.0.min.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"05e51b1db558320f1939f9789ccf5c8f","sha1":"c72c1735b4d903d90dd51225ebefb8c74ebbc51f","sha256":"702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb","sha512":"ab3ad9a98fe431508461ebbf8029bc536f34d16cfef8b4c62b8a62b56fe2b30a426e3c3186c994c2578bd585da1c89a9b421c6d2f27053b2f2ed13b0dd9428c3","ssdeep":"1536:3dhEyijTikEJqRdXXe9J578goJsWXdLVhNLKz4DTAjnWotoZqwsRmKKH7UggYiTv:2Qcd5hNLxTwn3t0iUHiTDU8Cu5","tlshash":"4383e6d9b2c670529b7730b850bf450bb17a98dab44c8da0f068c5d47eb4a8d907bf2c","size":86351,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T05:05:13.621395Z","times_seen":9685,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads.xnavxx.com/1/x.php","fqdn":"ads.xnavxx.com","domain":"xnavxx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"e16fd9fad825392a0c4f57627a8a4b43","sha1":"897688573007d95fd0554473de4a0825050f053f","sha256":"37eba7c59ae5e9f0cf88ba8fedc00a4cd31f74e166b852305cc1326e34625b49","sha512":"0f4beb141ed0e66c3da85d6fe370656672304895a1ae6a1e895082fc84c6a869cd563042a74302c30b79d9c40999ce7cbdcaeeb9df88426413ab39574e069137","ssdeep":"","tlshash":"c34187a7d3e56a3b071287e08977eb39f5a5607ede534a42e0fb454a394cde53403841","size":2371,"data":"","first_seen":"2026-02-19T06:36:00.500664Z","last_seen":"2026-03-29T20:25:38.113747Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads.xnavxx.com/1/h.php","fqdn":"ads.xnavxx.com","domain":"xnavxx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"deb8765ab2247eb8e022886a72fe54e9","sha1":"cc8e8c49a7e5335ba11c0e2774c140ae2e0250f5","sha256":"76e7e73a97dbd8ee50ed92f3f86d22b4b075eec9ee774a2faaf6e344ae334d72","sha512":"875146fae12cb82e0a302ff59cbb7808b7c81391c1b4d0234eebf1fca9483e6a02d5a7da223ba193128ba32afc1caeac18c8d589b3a17313df926e301a31b6b4","ssdeep":"","tlshash":"9af0a7a3a3d0da2b072086f08570fdb6e572147fce635603d4ab084f364cefe0545885","size":457,"data":"","first_seen":"2026-02-19T06:36:00.477443Z","last_seen":"2026-03-29T20:25:38.110487Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/main.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca808a9303b04eea0f0acce756ba4418","sha1":"582f7e00bf9876ce3c5d1fafc214d40934aaadbe","sha256":"17e4871e6c987a4ce5e4aecf5d82bf3cc3b59221800bbd12317ec6dfc4be4cf2","sha512":"12fdc627551f9d1d09836e973e3554ebb05a3d0140039ce33c6559fd048bd8853e9ae66e88abe539528a13a02e7045fc9afbb427aeb521cba9d6168f1c910318","ssdeep":"","tlshash":"8f51ca2876b639354627717a3fcf62897231024b7414de063cae46c41fe1e2618a9fe9","size":2447,"data":"","first_seen":"2024-12-27T10:57:19.348459Z","last_seen":"2026-04-03T19:20:50.01893Z","times_seen":105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/trku.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c24e8eded28f1e66bb633491397e6f5","sha1":"7272bad10db468f4305f4a0bea123a56cd949e73","sha256":"0453341e998da6994b3433b46cb6180e21ccf70150462b66ff4e6f01551b04a2","sha512":"accd9dff6836b05714e942a37d6ee5ced05a47b75797d7da461e90a9da04a4260a04d076ef31cf209441408ed8b81e9adc4e86412d137abc545e32f3e525c759","ssdeep":"384:iQJEWV47EFV47EsvV47Esk9bMDlMTdU8L++ueIHQSsxVy3YsyqVmL+n+1wyOys+v:iUEWV47EFV47E0V47E/MqE+uelUIDnaw","tlshash":"5a8292e4fb4d252998bb201d54bf01c5713dd1376a0a8c97bc2ce4780fa4e4d25beb68","size":18159,"data":"","first_seen":"2026-03-25T21:48:31.269051Z","last_seen":"2026-03-25T21:48:31.269051Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/js/main.min.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc0bd39e7bc4f321955d0bf790687586","sha1":"b1d990a9469c123cd72e85b7c81415e64518935e","sha256":"d7a2405d387f18d1f8bc0fa7f482640eee59497932874e3bcf8bd72272cb4b37","sha512":"880d36fa51e741d59fedb539c4dd01bec0971596a35a2ad1faa834441911de4e967fd2011ba971eae2e1e87e166abb4bdf90ae821698188824f8126e7482a4ca","ssdeep":"6144:IPIy6PultluPQ47GK3Dhhv4V4qXlzOeDH:IPIPurlu7DhhgV4Dez","tlshash":"4c142ac872d1747216b730b6006f500bb132597aa90e8850f16ee8f5adbce8d5277f6e","size":207733,"data":"","first_seen":"2024-10-27T00:15:19.551996Z","last_seen":"2026-04-03T19:20:49.970307Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/a.aspx?id=cdxxxx","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-05T05:47:21.73575Z","times_seen":333187,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3b8f4316609389ae272c55012b9f0540","sha1":"235c563e3a83064583867c39551ef1b9c1e0f401","sha256":"673e04615cd39a5c8bf696317ed8a15fb59bb119952fb33d76692e9762c5ca6b","sha512":"01e77f42e66e1d311035358d603d93a1dc7c115bf822c91424b89cbef6808f0936074b70e73b386159b64cbbbf41fc0300319de2f992b05726b4fb58d1dcd5a5","ssdeep":"","tlshash":"9f319e1a69b703700b6b60371f6f650db1b558233488f9053f4e15581f82f611affad1","size":1605,"data":"","first_seen":"2024-12-27T10:57:19.233963Z","last_seen":"2026-04-04T18:59:40.551779Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/a.aspx?id=cdxxxx","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-05T05:47:21.741946Z","times_seen":333087,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/ct?id=95200\u0026url=https%3A%2F%2Fwww.xyjdh.com%2Flink%2Fa.aspx%3Fid%3Dcdxxxx\u0026sf=1\u0026tpi=\u0026ch=Yahoo%20Test\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tsf=0\u0026tsfmi=0\u0026tsfu=\u0026cb=1774475279787\u0026hl=2\u0026op=0\u0026ag=2881387774\u0026rand=23296112626210615762201171021956159076171082711210523696719275822282015071578232127726002550\u0026fs=0x0\u0026fst=0x0\u0026np=win32\u0026nv=\u0026ref=https%3A%2F%2Fr1s6.cdxxxx.live%2F\u0026ss=1280x1024\u0026nc=1\u0026at=\u0026di=W1siZWYiLDYwMjNdLFsiYWJuY2giLDEyXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiXX0iXSxbLTMzLCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2UsZmFsc2UsZmFsc2VdIl0sWy01MCwiLSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy02MSwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMDExMDAxMTExMTAwMDAwMDEwIl0sWy03MiwiRXhVPSJdLFstNzMsIkVoUT0iXSxbLTc0LCItIl0sWy05LCItIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy01OSwiLSJdLFstMzEsImZhbHNlIl0sWy00NSwiNzUyLDAsMCw3MTksMCwwLDc2MSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy0yLCI2LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTU4LCItIl0sWy02MywiLSJdLFstNjQsIi0iXSxbLTY1LCItIl0sWy0xMCwiLSJdLFstMjEsIi0iXSxbLTM0LCItIl0sWy00NiwiMCJdLFstNDksIi0iXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTcwLCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiZG9SZWRpcmVjdFwiLFwiX19jdGNnX2N0Xzk1MjAwX2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy0yOCwiZW4tVVMsZW4iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDAsIjM3Il0sWy01MSwiLSJdLFstMTUsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLDAsMCxcIi1cIixcIi1cIiwwLDAsbnVsbF0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTM1LCJbMTc3NDQ3NTI3OTY0MywwXSJdLFstNTMsIjAwMSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6MTEzLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy00MSwiLSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy02MiwiNTgiXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEwIl0sWy01NSwiMCJdLFstNjYsIi0iXSxbLTEyLCJcIjFcIiJdLFstMTgsIlsxLDAsMCwwXSJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstNjAsIi0iXSxbLTY4LCItIl0sWy02OSwiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbImJuY2giLDIyNF0sWy0xNiwiMCJdLFstMzcsIi0iXSxbLTUyLCItIl0sWy00LCItIl0sWy01LCItIl0sWy02NywiLSJdLFstNzUsIihpbnRlcm1lZGlhdGUgdmFsdWUpLnNvbWVGdW5jIGlzIG5vdCBhIGZ1bmN0aW9uIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTIwLCItIl0sWy0yMywiKyJdLFstMjYsIi0iXSxbLTI3LCItIl0sWy0zMiwiMCJdLFstMzgsImMsLTEsLTEsODI1LDAsMTUsMCw2NiwxMzMsNTcsLTEsMCwsLDE1MDQsMTUwMyJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFVFcGNXRXBTVUZ4S0YxcFdWQlpLUVVrV1VCWU1BUWdPRFFCWUNsb0lYQTRBQ3dzS0RnMWFXQUJiQ2wwTlhWOWZDUTBKRGhkVFNnTUlBdzhQRGcwSkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hVRXBjV0VwU1VGeEtGMXBXVkJaS1FVa1dVQllNQVFnT0RRQllDbG9JWEE0QUN3c0tEZzFhV0FCYkNsME5YVjlmQ1EwSkRoZFRTZ01JQXc4UEFBb09GVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjFCS1hGaEtVbEJjU2hkYVZsUVdTa0ZKRmxBV0RBRUlEZzBBV0FwYUNGd09BQXNMQ2c9PSJdLFsiZGRiIiwiMCw3LDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMywwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDM0LDAsMTUsMSwyLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMSwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDEsMSwyLDUsMCwxMTQsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D\u0026dep=1\u0026pre=0\u0026sdd=\u0026cri=Ph3ADveBA4\u0026pto=1522\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1774475279.JzknKbkwVFKsH5tr\u0026suid=1.1774475279.qBhS2vjDSZ9NQzV1\u0026tuid=1.1774475279.NBWZNtg0GZFSdez4\u0026sid=1.1774475279788.UlgvgxEMpSduN5sR\u0026fbc=-\u0026gtm=-\u0026it=3%2C1178%2C64\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=jx.4.2;\u0026sck=-\u0026io=aGA2Oi15fzZz\u0026xer=%7B%22r%22%3A1%2C%22i%22%3A2%7D","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"introduction_type":"scriptElement","is_inline":false,"md5":"82da20c79ff4a90dd446ad1b26d56773","sha1":"caa171cf9649c092282658dc3b90490de2709e1c","sha256":"92b009800bcaa2b99d9899722093ab92a55d9438585c08375729c8ecf2c3b4a2","sha512":"66b3bea2070279618bddf2ad6806284a339d1a4d7eaa2b7037ec1d8a8df86470b1900b6acfaa0f61685a2f8835570df3b5181deab6dca5de5a922706ff7a5f3e","ssdeep":"","tlshash":"af712b26167e1c75427a0a33eff7a94cd32b29323dc74045d8a6f5d62e3763cd540024","size":3802,"data":"","first_seen":"2026-03-25T21:48:31.307019Z","last_seen":"2026-03-25T21:48:31.307019Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"258451d89367dfb28gg.dpscx6.com:8005/sc/7771?n=zkjddzxz","fqdn":"258451d89367dfb28gg.dpscx6.com","domain":"dpscx6.com","tld":"com"},"ip":{"addr":"203.107.63.189","port":8005,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"28aad47bd50021beaecdf315b3cc9ab7","sha1":"7525b6adf8f2a3255c6d039a12b7813d5e854206","sha256":"47a98d17dd181b46acdfffb579768ccbfccaa3d6b0ad38566e0a8d58d41558a4","sha512":"24262210d69a9807e331b09049214bd1108bb2bd27079786ef248915b26ce0b0d660dc9d0e80f360e0d605ab9a77664728b7d1f122886f6d4f47c8237b1b9003","ssdeep":"384:jZ4+KcF1YhOKV7JvBCw9gD2uuoZnH8GWmlNd5pq4JkvWVy:jZ4PcF1YhvNJvE4gJDZH8GWm1nqVn","tlshash":"9762f929ba91203b03976332bb7be24cf7379c585b010852c1357d913f29e56e69beb4","size":14888,"data":"","first_seen":"2026-03-25T21:48:31.283785Z","last_seen":"2026-03-25T21:48:31.283785Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/dzs.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f978efc0d73bda028c190f720cd40444","sha1":"7fd1218169548e605ffb092bca2e68a3c1ceb8f6","sha256":"b77795c61a2a78287975be0b50e5032fc481ad6e06cdfcaa02ba06954a8df0c3","sha512":"a7d7838ba2308163e10c96d203d9698060d62ddf4958f99fd6f32cb028fd1a132acf49ca54a08997855769a91876c3c9b3086e44d6d87f7565204e55e2b27f50","ssdeep":"","tlshash":"de312850f1b85c2e8deeb4d10d2f266c2d6239456e5c4298348caca7ccf0259d032bae","size":1777,"data":"","first_seen":"2025-11-08T17:53:39.813737Z","last_seen":"2026-03-29T20:25:38.108099Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads.xnavxx.com/1/f.php","fqdn":"ads.xnavxx.com","domain":"xnavxx.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"21557c1c54d0332016a409f9a6ee6b53","sha1":"9440e624847c4472c8b4aed86f6c6b7037aa6989","sha256":"62556a6873138b8e5fb56aaa75d639741c423012862436bcb0ac8c3557363684","sha512":"4a161fda7c489dbcc33d03e9f6571211728d5a4468dafd8e63c6893388c796251a0f2817ec906650b787596b5a5fc152c717bd3fde443da0c1b3a2fe5da76f44","ssdeep":"48:UXSoSUSONMSZSXMSITMSsZSlSgSKwq6TMS7SgSaMSgSjSySaS5U4UvUDt:qZt1NMqqMpMVZ2FRwFMOXlM9qr3aP4Qt","tlshash":"e691ca93e3e5aa3b071287e08973eb39f5e1647ede438682e0fb454a294cef53407840","size":4545,"data":"","first_seen":"2026-02-19T06:36:00.480479Z","last_seen":"2026-03-29T20:25:38.111081Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/js/index.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c05fb131740cf918442acc2bd68cd64","sha1":"014a780801ab18d946f1cb3d21c134a60359ad4e","sha256":"ac1d30a8dab494c9c44b6eb00b45b3f28bec8605fa1b25944ab1a2c2811d67d8","sha512":"762c3f7028cce758e8c6fffb54bb85c830cb2e81274a9217a97cf85c2b7431787d38fff54c4a1e7093c2e6f974fa9059878accd51eba0f7fea3edda4c54f06ec","ssdeep":"192:r07tCCDkubLm2ECLePsNTa8QQUk738tVjlHnmyUA1AeKEhoMtA:HdC2mu9hfu","tlshash":"2c22f21cb4f66695007f357d0aaf99543764c463810acf04badc0ac0af8493c6bbba6d","size":10372,"data":"","first_seen":"2024-12-15T05:48:53.759434Z","last_seen":"2026-03-30T18:35:57.810846Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/js/assets.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d687d22737ad83d188bb57d53eeebeb3","sha1":"ea17ee86556a9ab3d84444106506ceaf5b7b4a83","sha256":"96d78388dfc4feb6feb0ec0fac27d58e62591bdc89d80775d41989b8c6172e11","sha512":"88e23350b74d27f753c4acbdb2271d992010ed3d00e632ed0fdc687bb4e8a4fc48b76dd24f1c9ce4e4e7e9b62d8fe518c2a57c685cb28dbcabfef43d6f536e94","ssdeep":"6144:oRI5UhJVI6fBFkvgn49jraWIm+T0WBD1p191gIo:rcrId","tlshash":"b32429897211b25112e752d6516d8606a3765419b40b88bcb4bccceb6c7ec6c22fffbc","size":224044,"data":"","first_seen":"2024-02-23T23:26:03Z","last_seen":"2026-04-04T17:53:00.433599Z","times_seen":353,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a6600e4fc251a2826f7beaac947a3a4","sha1":"525ccac501a9a8dbe41e407d09e088b64832ad2f","sha256":"16968f49438bb884295c55166a0e29c72900b35d01ff4e7975ab4ec4e9b06891","sha512":"2079f44ed0ab66d2aaf95a500077486e58ac3a3af7d70de38e668cdd823328ec0aaef1a1bbec8c68b804f4c49283384a0699e6f3b9eb78624d440b50e9264f80","ssdeep":"","tlshash":"59e0260db0ba0311027fb97a3e3f82002b1e386f7a0a8d40398c6cd89f54339b7a2744","size":420,"data":"","first_seen":"2025-10-06T15:18:35.026281Z","last_seen":"2026-03-25T21:48:31.314084Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/a.aspx?id=cdxxxx","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"77af9a96de350a9f77f8a5bd065955ce","sha1":"fadd588aa5f4fffb3e9d6948eb69dea486053a2d","sha256":"c46632fc4181f69e195a44d322f152ffac8cd76f4a46abcdfa14437320b12b48","sha512":"32cfb3f5f2aca172701eb88845213cee8a6259eb72a3835d4abb18fcd04700c45b8f204ee507592970c068fcc3723a58665581c85a4342f43afb789cba1b74db","ssdeep":"","tlshash":"9f51c98da8f150098113a06cbe7bde292332f167b10ecb603d6d52685fd553cee86e5e","size":2915,"data":"","first_seen":"2026-03-25T21:48:31.315919Z","last_seen":"2026-03-25T21:48:31.315919Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.iseaskies.com/sxp/i/581749a3c1e7922374ca9b3d4dff0407.js","fqdn":"euob.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"3.167.2.15","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8e6ce6066cfcc8a1bfd4187946dcf711","sha1":"7ae7973f86b0c3be7f2fda24da22e4dba73162f7","sha256":"7593b4b19ef7912604a0b74bca5807891cd770f09cd8f5b8f06a8d97b3fe41a1","sha512":"5539d6a5244d23cbc9db027a8ec1a0e3dd722ce17879a61275b8d0d3b6a5dbab93568985515772389c86d1b87c49873ea2fc9c2af20901486405abe6925e67ef","ssdeep":"1536:XOuWmlw1et32zEb0wu0RnWuGyVxlicnYtMolHAEh8sqrfje+wUK8LonhdbErReK9:+4lwAIP0RGyARWsqumrRnwl8ke","tlshash":"f1c3d6adb2f27025439335a5147f410ae27b1e543c4b8290d17ae9d4ac7ce8e857bfac","size":121837,"data":"","first_seen":"2026-03-15T13:53:38.580289Z","last_seen":"2026-04-05T05:53:31.655204Z","times_seen":7403,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/add.php","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"92885d518a59d65cc4312e75b153db74","sha1":"13cee154c83b410c330b0dd6bb1528fec2c9d201","sha256":"414ec6d2cc68c1d55e7bebb42c4b9829aeaa5f6bdfaf2faf11a3cb5e4859af71","sha512":"05d56cab07cdb86ae3facae8a2afb2d87dba5aa3f05dbd587762bc3e0ff8bcd3c567cee8c2fd91750c01d1635aac18530157d2c7dee65b4d006d6e275f151a8f","ssdeep":"","tlshash":"4f21447241a210617a5b20d71757674d7a62f02bf802ddc5b28dcb449fd1e9890ff1d5","size":1201,"data":"","first_seen":"2026-03-25T21:48:31.299336Z","last_seen":"2026-03-25T21:48:31.299336Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"bda3cb9889168e7a95c4341534c381bf","sha1":"74e8a8f642a22974007d0f68b991b0e7c7034d55","sha256":"e2cf80679967cd09fccbb3b087cb8e115864b246adf81ed0700a42687bec9d0e","sha512":"952c633abea5d58e43541c30ebce58fb24dc785ee1a8b2ab5d6ce8a724b9d51e3654af98da1b98ed7db9254842b8b47f49e0bbc04bf9c49e1e52df1619bf13c2","ssdeep":"","tlshash":"07e02b2998e70a384cf67a441079da7934fc78a4aaa3d057565cc86dcd39fc54c14eec","size":424,"data":"","first_seen":"2026-03-25T21:48:31.317439Z","last_seen":"2026-03-25T21:48:31.317439Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/a.aspx?id=cdxxxx","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-04-05T05:47:21.739356Z","times_seen":353851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/a.aspx?id=cdxxxx","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-05T05:47:21.73982Z","times_seen":333134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"d3768113639c9369d29a0b87ba9306a8","sha1":"cd1dd0219a0459417b3866a0070ebf5de370b5c2","sha256":"13a760eeb17a4d89886503880b5382b33194fef95cfaa7c615995586ae633048","sha512":"97d5a85de248aca781b629a2626edf9a0ca42ceb1b5ff54d3419cf45d3b822c83ab03410db1030460cfcd47cd0099b1be8bce2003676f82c64c07de1506a0853","ssdeep":"","tlshash":"3dc0809393d56d3f1711cbd244739f14f182645e8e524143d0b54456250ccf56403440","size":169,"data":"","first_seen":"2026-02-19T06:36:00.520606Z","last_seen":"2026-04-03T19:20:50.108403Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b8936e2ab0e824ca2a4c5fb8f7320bd2","sha1":"e223723ad929e2e1d804bca3af0738627714ff77","sha256":"a327704b348d6d2637b2d2578b0818cbac3539f1e82c00972179f5f08bf248a8","sha512":"e39478ba16ab30641c2e610cd1e67d49e85b13ff5c62acba517b283a0675fcdbc39e2da7a0a56a459f60a272c716416c61e7292779fa37bcf74fe94692620622","ssdeep":"","tlshash":"16c08ca393e6893f1b12cbd18833ab28e292646e8ec24183e0b7408a2a0ccb53403840","size":167,"data":"","first_seen":"2026-02-19T06:36:00.545056Z","last_seen":"2026-04-03T19:20:50.135673Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d9eb900ef7d434a360d7d89715eafdb3","sha1":"9f847769ff2e0f78ade10284b3cc4151fe15b084","sha256":"6fa77000098932298f0bae926fc24323f9cde4280ac2008ce81d4b6947fb5687","sha512":"43ecbe18e061f2d49ce7c3131891f8812977313372fb208a6128dbb66efd8efa90e309ed19082aa45269bd3e4413fc8c348039eca2bc95b53a127bc33e83c4c8","ssdeep":"","tlshash":"05c08057d3d54d3f67018bd245379f14d181745ece434543d0b55046390ccfd7403440","size":171,"data":"","first_seen":"2026-02-19T06:36:00.534971Z","last_seen":"2026-04-03T19:20:50.105546Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c5a0e9b5c299ec39a2fb26fa8b1c0dcf","sha1":"7c87180da784cd4b6fa64ebc291716e7c7d3be99","sha256":"dabb19eeacc1a8266455d6af1146aff233d788f9dc824f5145d3ce1315c6d386","sha512":"ef4644b6337b6d296fd9131bfb070895713e1bfe3e29070925441905a75d8f0a512eb0824513b2783163fc68ecbe4b2573727b0c5bf96ce0015599e64ea86567","ssdeep":"","tlshash":"9630000000000000000000000000000000000000000000003000000300000000000000","size":5,"data":"","first_seen":"2023-03-07T12:12:25Z","last_seen":"2026-04-05T05:14:26.927592Z","times_seen":223,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"00ba24702521edb7a2efb643438ac012","sha1":"8fc2ed79c2850c20ab72966ad09d30740b2d3dd7","sha256":"802e35b043cc5e153b7f4856438d3a27d8c56a37471975d0cdfe806d73467672","sha512":"04e36948151e68b31ee47368b98f59da40a3ded8333085ff6134122e086ef9f579019ba3a4019cb5a84581d892253814c72f77fdc3d3d6b164d02961e3fcda03","ssdeep":"","tlshash":"b2c0805797d5493f0b0187d145379b14d181505ece524546d0b54146754ccb53407840","size":165,"data":"","first_seen":"2026-02-19T06:36:00.566094Z","last_seen":"2026-04-03T19:20:50.096187Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"47353819c07b067901ade8e98b87bc17","sha1":"9cf0fb57774904d5e485ae8936d87890e212ade3","sha256":"745522b892b7b761e52cf6d4f007f5c7f73fb88d68a27f2ef899ad52a1fd716e","sha512":"8c30c72d15dd36e3255b2c0871cd8ac316324d31a18fbc23657d3a14385a01b2ad430726e33a0b1fffcf7618615e147f3cdba220519e504100d59be8ae37f52b","ssdeep":"","tlshash":"37c0805793e54d3f5712cfd244739f14d181545e8e534542d0b55456290ccb53403450","size":171,"data":"","first_seen":"2026-02-19T06:36:00.505291Z","last_seen":"2026-04-03T19:20:50.120648Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9cd78ad06d40c05659d3d36c99c835cf","sha1":"64fc01fb1ef546b77a33773c0678b252a95c8110","sha256":"d92d7d15fec77e315418dc25a058d6aa5a35cfc11c262349f7fadefb738f790b","sha512":"9f52f39664e027bce02119da83ccc9666a8fe86d96a8fad582a8a44ed7debb9b86930537760d83d4d420c15aa4b02b3e73a28e92818227e59ded71bab348a1fe","ssdeep":"","tlshash":"76c08053d3d5493f071187d144379f15d192515e8e424542d0b74047354ccb52403440","size":167,"data":"","first_seen":"2026-02-19T06:36:00.569874Z","last_seen":"2026-04-03T19:20:50.118068Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2f492c784ee22dd3d880b1f3fa732355","sha1":"8310cb4af709b599246c8b8bb6927241b73d9cfb","sha256":"afe7fb2770f5186e22ed602e74af2bd26af56da8e0b47103dd89b8a6ad37c269","sha512":"efbc3b36482cf5917823d8ca754d9f507cd1014d64b3932ec9722b9425408b2e96a73eb2b0d585dbdf96523054bd5dac2f91ce265dea008c8e3deadccb26c5a6","ssdeep":"","tlshash":"11c0805793d5493f57518fd38473af14d581685ece534142d0b55457290ccb57403440","size":170,"data":"","first_seen":"2026-02-19T06:36:00.511118Z","last_seen":"2026-04-03T19:20:50.111426Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b2d1bbc32d4e270b461ccbf4b887123d","sha1":"dc6f0e8d4804930d7b8429b578cc1ea38deaeea5","sha256":"ceb10a1673b243e828d50462c74baa8482e019382518b7397c1b3f23d8d68423","sha512":"46df4af490f9f1ff185c2fa981186b190d98b7bcf98966726d26333cef0bbdacee92f55a67ecc268968a24ea818cb3fdd89866c3d52747bf60eefbda78280386","ssdeep":"","tlshash":"78b09b5357d5cd1a574186d08531fd75d112046f4e535543d866154b360cdf94541454","size":120,"data":"","first_seen":"2026-02-19T06:36:00.583516Z","last_seen":"2026-04-03T19:20:50.129892Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"96a0b2327aa8d29bb1d34837089f0053","sha1":"fcc26ee86708880b81f0cafc949ed20dc20e035d","sha256":"89ad1d8bfebf49c7b7619d5b48ecf62def711eb8be8ffb4df197268758ae9537","sha512":"aacc4456958576508dac42bc31d12bd8ccc8db280aa88571b84beb54f5aba91a80e33ad6f872c37008df94418fc04ceadd52c77ed3092fde1d730f61380f82f7","ssdeep":"","tlshash":"abc08053d3d5893f0b119bd144739f14d182545e8e524542d4b54546250ccb52403440","size":169,"data":"","first_seen":"2026-02-19T06:36:00.589554Z","last_seen":"2026-04-03T19:20:50.116765Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"46334afb71d2d9ca874ac84d50fea034","sha1":"06cc58a6ec0c00ca82d55356c2baf636404134ec","sha256":"d0b93a0fee309a623a4accecc7b3f78b6e864cc417f3e921612145e43e2aedfb","sha512":"c2713852532d3521d2f80017ede2f73ff74c9ed5894f368f2a978aaf9d71ee4eb344fb7e2e156ead90df0b89712e6fbfa6be5210d706740d5e78dfe10c0476c3","ssdeep":"","tlshash":"52c0809393d59d3f07118bd284739f14f182645e8e624182d0b55456250ccb56403440","size":168,"data":"","first_seen":"2026-02-19T06:36:00.515055Z","last_seen":"2026-04-03T19:20:50.12722Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4173908d4d311720b392ede3c11bfc8e","sha1":"3dd2fd7f667a9a63b53b9d6ddd4f657e58ea14be","sha256":"68f31e27ad6734c803c83e06ade648cede4112c1e4f3ce0d7580c3cee5acd63e","sha512":"ef84a9c446ac2c4c2fafb1fccbe7a1f7c4588bf65b47c05c57b07910e4c05caad2f6a7425341e26c89592b0b407948f49c9bb8dc3e86f2fdd38402453e2e36d4","ssdeep":"","tlshash":"88c0809793d54d3f6742cbd18433ab24d181545e8e434542d0b55057290ccb53403851","size":169,"data":"","first_seen":"2026-02-19T06:36:00.573907Z","last_seen":"2026-04-03T19:20:50.128615Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0dc778bc53b43bdb5ee62421366b2d9e","sha1":"da7e127c34273fc0fc99e678c5577aabf3216b78","sha256":"764d51999023f55b44d8959ed001617a734b32d9d10f8a6295d067b7cfaf5ce8","sha512":"d646b50ad2049f803fd16838790fd505bf9f235d29f9d86570a0dc0579c1a11c52829ebb62e609c213e3b6abef0e71928b9170abc2e0cbd30dc281e7606a27b7","ssdeep":"","tlshash":"4fc0805793d5493f6701cfd245339f14d581645e8e424142d0b55056294cdbd3403440","size":171,"data":"","first_seen":"2026-02-19T06:36:00.564139Z","last_seen":"2026-04-03T19:20:50.141195Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"face778b317f92b0149f1d477f5692f4","sha1":"e04f2118a9a96e8edd6f5420437ecd9bf1c32efb","sha256":"6adec811cbf4d86026c8077709fd929ae28afd103b467c7899cf569b591bccaa","sha512":"50c930193d8b77fc6c5051dc0596018a61e39a67a9fa2ea0329069d6fe43c4a6577ea3e80447426ec95e156ac4269a7aaeff6867f25f22e60d999519912351a7","ssdeep":"","tlshash":"eac08053d3d58e3b17119bd14c779f14d191545e8e524546d0b94147350cdf52403454","size":167,"data":"","first_seen":"2026-02-19T06:36:00.577891Z","last_seen":"2026-04-03T19:20:50.102608Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"71c113564a8bec7c9b33d3218c72811e","sha1":"9591625c87dea12e445910687d2ee7e3b6c21239","sha256":"de9bd1217a6d4918d1eeac0cca9d9d9f322cf2ce75139d04e838f1b2626c811f","sha512":"f060e1d078120ac28160b575b3a37440a0554c239905f85924b3cdd106c5911fdf76d39734b8fd31197560272e9d839a5bf502fbdd90373e40a8bae3147dc431","ssdeep":"","tlshash":"c2c08ca793e58d3b5b428fd18a33ab39e292986f8f424283e4f5944b6a4ccb53403840","size":167,"data":"","first_seen":"2026-02-19T06:36:00.561725Z","last_seen":"2026-04-03T19:20:50.121865Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cb47a5d017b3d66e34c8296d748c6202","sha1":"b322451187f25d99be4f529d8b6d9e870c6a0ea8","sha256":"8e5f03557ba6dab38e78815b411c70e4c9a71d8fb961cf9a4decc093b5e1cd35","sha512":"b5c90a0b8ca565ec4ef75cd44104a88ca82d1287f7149a693716ce2d534c3f42b6bb1dac79b35856bc0b60127b7c7e82fe37c89bb602b1c254ac348216e049f9","ssdeep":"","tlshash":"1dc08c93d7e6893b0b128bd1883baf28f282646e8e524182e0b5415a360ccb93407840","size":164,"data":"","first_seen":"2026-02-19T06:36:00.507444Z","last_seen":"2026-04-03T19:20:50.107048Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e421c7519ef9bff830e56a570eccb68e","sha1":"1d82eef3cec6095f79ebc78c6015b02338692fa5","sha256":"6d42bd7272705e4742cebc4ce3b6ab11bc34b3c52affae5aca7ef1ad553d56bb","sha512":"dfb3851c463fda40c3e6a4e9f59e8984e45e226bb982847fd3bf8091f43632c9f2ae3da6c380814755dd1426661ae90e15fa321fe32d8d0d44bd3b62dc04528b","ssdeep":"","tlshash":"6ec0805393d5493f1711dbd14d739f14d581645e8e524542d0f54446250ccb52403441","size":169,"data":"","first_seen":"2026-02-19T06:36:00.517922Z","last_seen":"2026-04-03T19:20:50.114207Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"51b51db28743c14163ae435d7459ada4","sha1":"eb0f3b857ca4e1366a416285f63033330f4ceaa5","sha256":"c03e5dc2c8e9de1145578d535aa4e7c970d1216f720eacfa2cc11f6f68f93e17","sha512":"ae8417e36b31b443e73e33d66610b8b66ed305b1234b4cc7a8865f4f5a02aa73de34b59752cf6a9127de3c2965c61eaea7a3096c5355dd624c57e18c56a59640","ssdeep":"","tlshash":"f5c08057d3d5493f5701cfd144739b14d1c1545e8e434142d4b55046294ccb63403540","size":169,"data":"","first_seen":"2026-02-19T06:36:00.542856Z","last_seen":"2026-04-03T19:20:50.139813Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0ef9f9de532e32b62626ed3a4452a9ce","sha1":"cd14fa71c74bc120dd3276a0bb877956d1bdf96a","sha256":"97dfedec60e4278409b5ab8ae4281bfceb9ea8683bf80fcac1f8d6d06e440d6d","sha512":"f467b8e2739a5575fb51b0c88559da4a0da65695777ace8fd3295128b11f9c3f75d59fb4221690afd1acf8244d2ecf20a8215eb375097507a48a6c10f09d120c","ssdeep":"","tlshash":"fac08ca7d3d5893b6b02cbd28837af28f282686e8e524182e8b5514a6a4ccb53803840","size":167,"data":"","first_seen":"2026-02-19T06:36:00.54946Z","last_seen":"2026-04-03T19:20:50.109848Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8ff136fd6b48c5c6268aa99ebfd60ca3","sha1":"e0bc0a8e2c66d405dffb6358800fe17b3628a3c9","sha256":"e7d9cfe2d0152abda088660feacc995f915a18b2dd57d7a9af881d131bb9a15a","sha512":"0284a3318af7112a18cbb0e663377d2232b6f128f09a19c70798eed8bfc678f2711f961dfc84f2cda5d833a29abb782063612977f93b9ccc80913dfc153595a5","ssdeep":"","tlshash":"9fc0805393d58a3f07129bd148779f14d191505ece524542d0b94046250ccb56403440","size":166,"data":"","first_seen":"2026-02-19T06:36:00.58188Z","last_seen":"2026-04-03T19:20:50.142492Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"52a2d6de3410523cb99a2be67edef0eb","sha1":"b73fb426bb2851fe859ef2a98d766face35ae361","sha256":"ebdb9be7538ec4787641c0a78b1ef9c0b3aaa702811453a0b2ffd63743c79f83","sha512":"85812a3969a720728a70713e5b11b01ffca08e9059d337d7daf0a978625f8ddeb080be2bfd7f837445cecb3fcb8e3588a5bfbe70a5ffcaebf0f135c25e88c7aa","ssdeep":"","tlshash":"63b09b656768a46d4405036238555c6155552644f285ce70b9f5516116141d9182591c","size":121,"data":"","first_seen":"2024-08-19T17:47:05.370624Z","last_seen":"2026-04-04T18:59:40.614222Z","times_seen":131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e544265aba97b40b9abed81fceba938f","sha1":"04183ab6866ec81ddb4df8288bba72b962c66d37","sha256":"e93fb3de540934990b2a2fa054d05e18cdaed253d50b46d1f540d2d73ccdcf80","sha512":"3d07e4604619bf96dc8459e362e1261b32efda3b8b7db320b1f5127e4de866a6a7a61686b121fe6e0c2458ae45187f5a99acd9e3f580a77170457d05b0ed28eb","ssdeep":"","tlshash":"b8c0805793d5493f5701cbd144339f24d581545e8f534546d0b55046350ccb53407440","size":169,"data":"","first_seen":"2026-02-19T06:36:00.576062Z","last_seen":"2026-04-03T19:20:50.101037Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d8d8944f53f71f8f7e1de796fba0a122","sha1":"5ce9053d0dc2872fb0410259bfdac839ebf955f4","sha256":"cf557f71e2f4e92709896fdeac1ae600fc1a9bbbce5b918216214e01c7a2512c","sha512":"b7b34f29bfc46bcaa2e4402f7655512623d6eea38e7c10b1857d5beef60f6f2a0a15ef6bdad5d7df4528097f6b52ab2b700ff30ab77011a7c14a7b3e6ba0b05d","ssdeep":"","tlshash":"7fc08c9393e5893f0b128bd18873eb28e282546ece534182e0b6445b2a0ccfa3803940","size":166,"data":"","first_seen":"2026-02-19T06:36:00.579896Z","last_seen":"2026-04-03T19:20:50.138142Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2594bd76fb01e25961c8d6f6d2ee7892","sha1":"ff2545f0de7af50f32997f15a524ab7f124aa510","sha256":"56264b4697fd7c73cee344bd9b25aa7e1c0e4c2b8f2f3c5060dd0fd593e11f04","sha512":"a467b132c6980e36709308c87a5a897a292868d541fadc8a31069e785cddb3e1b2d4cedb73a477065d20d111e048a8a35c763af1e81b8ef1a41240504eda3b2d","ssdeep":"","tlshash":"5cc08057d3e58d3f5741cfd18433af14d181585e8e524586d0b55046251ccb53407440","size":168,"data":"","first_seen":"2026-02-19T06:36:00.52796Z","last_seen":"2026-04-03T19:20:50.1128Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"3dde9db71fbcebd89025ed8fe9a9b001","sha1":"0e99e0b2838c806df6d339f30226e46bca559585","sha256":"583405e8f5113b90257b15c5a5ea7a0e56aa32580f868c07dc57083e170e1e78","sha512":"b9b09b206526c05e9ef974163c73e523037fc3d77b6231eba75b7eb91140dfdf3745611e13475dcc658dd0e305056912549f4927f152f53dbaae713ac7ef139b","ssdeep":"","tlshash":"a9c0809793d54d3f0b1187d184739b16d595545ece534646d0b54446270ccb52403440","size":168,"data":"","first_seen":"2026-02-19T06:36:00.587062Z","last_seen":"2026-04-03T19:20:50.124513Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"32a274546d521f8eeefdecfc92daa658","sha1":"c2e47dcf2d67dc364e9a00c602a87f19941aceeb","sha256":"cdf2e4a7b7e7b62b23c7c2acf69ce98e18cbbf7bf70c59f5a8dee031b3479898","sha512":"81d27dce352783a3655fc63eda087ec399e4c426ce44765ddd2d40787f2120ca4d5e5ab51bc51f8ae5833fd15c249ec32eb3f753b4dffd6a00f524b34b8fafb6","ssdeep":"","tlshash":"d4b092a3a7d5da2a5b418ae08534fdb9d21204af4ea39a43e8a5198b360cdfa4542885","size":120,"data":"","first_seen":"2026-02-19T06:36:00.522865Z","last_seen":"2026-04-03T19:20:50.125827Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"85c57f860ba4bbe36f39e4c6e8a4a404","sha1":"3453add212e91118a8d4f640b7993a2c3e60aeb1","sha256":"19c09386d0d9b7eac039c4272e3ae488b4b72eb850ae7071e85514000bbc2ce4","sha512":"dc50fd2d5062ab90defe88b5d28e2a8326e0dae962517d166d207540359a6cdaeb3030ab97a08ae74b4ea7d370a75ddb1b4e12dd73dcb03a88fc4fe320a0193f","ssdeep":"","tlshash":"16c0805793d58a3b17119bd184339b15d1d154de8e524543d0b94447350cdb52403450","size":168,"data":"","first_seen":"2026-02-19T06:36:00.558549Z","last_seen":"2026-04-03T19:20:50.119354Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7776982e0e97a3ce1f7063fe7b7c7c35","sha1":"d9787a3a3d2e6f2ee866a19610bbca682c686ed4","sha256":"02359de1abcbc20a6af9e3eca8f3ed485d0445c3cdb63b72e48824bc6854ffec","sha512":"81996c40400f12eae88f2c53e265c086992234f2d6910f5ef3aa0e34b03e5e7e0bfe510b7fc390d4faaf34e2102318f31fd08fb798a2da7eed47d61f57121841","ssdeep":"","tlshash":"a5c0805393d5493f07118bd14473af14d192545e8e724542d0f55446650ccb52403841","size":168,"data":"","first_seen":"2026-02-19T06:36:00.568048Z","last_seen":"2026-04-03T19:20:50.097889Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"74fcd954b1a0c98570cf6cf0f9ca7a6d","sha1":"a26c2f799c1bed962ae34202761ed04ac9df6276","sha256":"7a7c78da9b7130cbbb6aaeee1e3772202bedcd966d80bd26bbd06c76474e97a8","sha512":"4395ce8cacb04d885efba67eeb0534fbb5c9b923dbae31983da2fadce4f99b1bfb1014b3a6d3b27ec8ec2ea19db8a56f6119fb6235ade5cdf6f5c74aee9b5a2d","ssdeep":"","tlshash":"59c0805bd3d64d3f57028bd14577df14d181645ece424546d0b55156360ccb93403440","size":169,"data":"","first_seen":"2026-02-19T06:36:00.537575Z","last_seen":"2026-04-03T19:20:50.131201Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8d1958b24bd15bdf510c6aa40e39516a","sha1":"4b957657979ab4b12eca704bc6a0cc93f0a76fbf","sha256":"e409020718a2e8b5e510efedeb290211c8bf0070d4de2ba3749b2ceefca63001","sha512":"4abbfdaf5ff806db7a39a252f90f8306c41c73b178b9be335bdd4754e93d767cf7004ec85067ba52be43b55eb2809e52783d39b45fd9fc78548562f58ede80e2","ssdeep":"","tlshash":"eac0805793d5893f1712dbd144379f14d191545ece424142d0b54146250ccb56403440","size":166,"data":"","first_seen":"2026-02-19T06:36:00.53046Z","last_seen":"2026-04-03T19:20:50.115427Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ded3e90a1bd8e6ad20d3feea13558756","sha1":"057938510917baf3fa747e9aacc7fa92015d9e5d","sha256":"2bdb22ef60aa6f1f54c742df36afd46d54455f6a441e6132ceca2fa7f439a0c9","sha512":"5bb2ff842ab409c1bee1aee6bde6b2fbd367b716a6ae6679bea7e3307e7d706652e77b6acf807c13f2b07ca351bba90980ef97026b8918849509a73a7aca0ebf","ssdeep":"","tlshash":"6bc08ca793d9893f5b02cbd28837af29f282546e8e424282e0b6405a2a0ccb57407840","size":167,"data":"","first_seen":"2026-02-19T06:36:00.547303Z","last_seen":"2026-04-03T19:20:50.099441Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d14c6ff57e6790ca27c0df50894447a2","sha1":"2118d4f6665d6ee0be9b20beac4e7953524243c5","sha256":"f95bc5ac8d39b7430884cf23307c9c579af591b731dd81da9c686609644d23e6","sha512":"7242047184a0f1dfe9786cee4c8da4d674857ee3d8ddb11d5c744ec1fcd5aacb2ea5e85b66521bf368a6c26d86bec66e5b4a5acaad9ffbcdd3ce984b5f2dad0b","ssdeep":"","tlshash":"2dc08c97d3d58e3b0b028bd08937af28e282656e8e434682e0b5515a360ccb63407981","size":165,"data":"","first_seen":"2026-02-19T06:36:00.525554Z","last_seen":"2026-04-03T19:20:50.104254Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8c3b154a72920b8d9b8dac1b4a917bac","sha1":"59aa15c193e42c526dc9d326ea536928103915b5","sha256":"7314eaeca6714c714b81f7eb8a0abc32b172f52e0718d323caf3d11502839019","sha512":"c7dc6ca6ef309d44f7655db8409d1aae466a99fafb655ad834f0ce7d205004e44fe35ecfe335f203e1f529be1069177d28673c418a2e163f732bd30415d8a7f9","ssdeep":"","tlshash":"4ac0805793e5493b57018bd18433db14d5c1545e8e4341c2d4b55056290cdf53403954","size":166,"data":"","first_seen":"2026-02-19T06:36:00.585385Z","last_seen":"2026-04-03T19:20:50.123196Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"57a9160df9f03a3653f5c33b1905dbb9","sha1":"223c5c592936bf1adf0c4b99d2557b1a16a88cb7","sha256":"5cec8b244dcf654d252e860ac5058525ab853050ff47e6685254d790a83cace6","sha512":"2f6e79dac3cb864c42f9e5e2c5701627705195b6dff8a691198e15fc5cf9b1a32b5b092f0d1dbdc64a98cb24203c9025282eb88955b140ef29be224b9b658cda","ssdeep":"","tlshash":"c5c08c93a3d58e3b1b12dbd28833ab28e292546e9e624287e4f5605a260ccb52403880","size":167,"data":"","first_seen":"2026-02-19T06:36:00.532749Z","last_seen":"2026-04-03T19:20:50.13685Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"de647ba68d050b81de7f179099eda01d","sha1":"c5a5a59a15fdd4fecf4e273f1e7ff00bdc338240","sha256":"121ce9d70f36edf2f992a611fc6a4ae4ccdce920ee6d12f3cb48c48aaa94fda7","sha512":"365db3b30f96bbd531b988dbd5bb5b4d5f15b58eb61d41069054c64ac7f1fb79aa27abca731782cdaf822faa980b6fec9a33a7c471a562b368a99633fcd96cef","ssdeep":"","tlshash":"17b092a3a7d5ca2e5b51cae08530fdb9d21204af4ea39a43e8a5198b360cdfa4542984","size":120,"data":"","first_seen":"2026-02-19T06:36:00.552104Z","last_seen":"2026-04-03T19:20:50.144911Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c031b335c16ded946d5e78c20c5837cf","sha1":"1733d2ec38e8d3f26e3d70e04fdf9cb17f5d73f7","sha256":"fbf66624a1fefc979932c7541314b8f05bce85c55d71b2c2c1b00da21804d50b","sha512":"0357b28cedefc08b72c3996ac9d7de104033eb76ad4da2b68c57552da4a43b3b48245130f5390a0959420da858d742d556d2032511cb6f6a68d5b8fec98d6fb5","ssdeep":"","tlshash":"53c08c97d3d5893f0b428bd18837af29e282a0ae8e824682e0b5415a760ccb52403841","size":165,"data":"","first_seen":"2026-02-19T06:36:00.571869Z","last_seen":"2026-04-03T19:20:50.132462Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"244bacf124c18c26c534bf6cdfda9a4f","sha1":"befe106f5a1a04e88033b0ffdf7f7a4b97a76d3f","sha256":"77ac7d76b5865cce4c872beb7c4812fcad6140d1d55746dfaa9d6cdf55d59258","sha512":"868604616844415e1a3b213f3f19efe969950b81acd4aebdcbd0753d445b4e00ab45ad34636a9fc8a3cb294c1792c92c3f15bb92919ccb8478ad331340e96dfe","ssdeep":"","tlshash":"c4c0805393d5593f07118fd18c779f14e181546e8e524542d0b7444b390ccf52403840","size":169,"data":"","first_seen":"2026-02-19T06:36:00.540079Z","last_seen":"2026-04-03T19:20:50.134558Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NDMwNGYwYzA1YWVhMGJhMTcyYjRhNmQ3YWYzNjQ1NmQ/s(w:640,h:360)/tag/000/000/004/d5bc721e.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NDMwNGYwYzA1YWVhMGJhMTcyYjRhNmQ3YWYzNjQ1NmQ/s(w:640,h:360)/tag/000/000/004/d5bc721e.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 85856\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:52:52 GMT\r\nx-envoy-upstream-service-time: 4\r\ntiming-allow-origin: *\r\nx-77-nzt: kpQQXxE60QELtFflf+Iefs9AN+TjXqXHuOky0CGo9TYXoQHZrHI5KbU\r\nx-77-nzt-ray: 56376635299b48f10c58c46960e46238\r\nx-77-cache: HIT\r\nx-77-age: 215703\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":85856,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=16, height=480, bps=206, manufacturer=FUJIFILM, model=X-A7, orientation=upper-left, width=960], baseline, precision 8, 720x360, components 3","md5":"be5d8629065c3e120a5b6b22ef29d954","sha1":"8cd3533c6be66c267daf7f948515221b0f7029e7","sha256":"bab2f926771010e9ac787e72bdb45bb415287b536991ec865c6e4308205e9fbf","sha512":"49198a717b8555dda2b602548826098439fe5052fa3b3770b8dc22c1ee3abdc8fdf38d0d8b6d28ab9c8b09a6736f419763488b8bc10273de01ed17ad168b2084","ssdeep":"1536:7e2Wjl3ZNhNd2mkPAKL/J5l9QR43jEJ/0mQLBVgVy0ee+T0U1Pgu:C73ZN8mkIKL/QWziQLne+TJ15","tlshash":"f983f17ade91dd90e0a819b3def1df0332b61bc6aa9e944bb4df4c51879227094607c3","first_seen":"2026-03-22T15:49:21.224438Z","last_seen":"2026-03-25T21:48:31.17215Z","times_seen":2,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NjJiZWY5MGJhNzBkMWUwNjY3MGJhMDJkZDgyMDE1NTc/s(w:640,h:360)/tag/000/425/485/33c7d6e9.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NjJiZWY5MGJhNzBkMWUwNjY3MGJhMDJkZDgyMDE1NTc/s(w:640,h:360)/tag/000/425/485/33c7d6e9.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 68440\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:48 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kvjHM+UDgbC5vixd73T0SeB2tb0lIZZgEDxo9gb5XL/qshc8lXfi8Cs\r\nx-77-nzt-ray: 56376635299b48f10c58c46917de6d38\r\nx-77-cache: HIT\r\nx-77-age: 117998\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":68440,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"9882f5c0a483270c90937b7eef2013f8","sha1":"5b6841c455a70798bfbf1c674154ed41550430a1","sha256":"da9f67673a15cb7ee5b627134254ea508cbf5364d6f1e69d0117849f6b89749f","sha512":"b83f8c945428403245fa07cd156b7cc6978c844029e1993edfd15e7393b33acd923c160d122f31ccb315a44ab5a1e8c0bf1e0c95d137d183cf5e2d63537dcc7a","ssdeep":"1536:rS2I/7SazuJt7SYDbS+wUgMZGCX4kxvIyzBKtjSYjtg9E2J2G:rS20+azWTDbuMZGLUB6SY5e2G","tlshash":"eb63023faf199106c93c2e3814238724c4d84f972f68850996f99f2eb7f85693b4203b","first_seen":"2026-03-25T21:48:31.175593Z","last_seen":"2026-03-25T21:48:31.175593Z","times_seen":1,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/search/tsc.php?ses=ogcndRgH4afEr7-DF47ZvzdP944j621IykPDVjuGiNO1lkE8BWW7vl1N7BW6MlpJTdbQmuowsb9q06GFTOB-PjWwd7DH3Nwi3YfO1GVqvOIasbPHHC2goY0azEEKEei5Geu1T1gnNN_lDkac-MFeurR1LMRPUQC-3LKqZB1uNYgbeqKwSdAyREkNL4bvsUKtu1Sx0S-mm_YCLxHCEh-qDq2tSXOQ6tnH9vuLtopOg1shVnx9FCx1kd1NTBD8AfmmITxRdxtnnT4iIelS95Kso0-IqX6FHUrnkPmtF5JmPKfnVRvoVqC5ye9nEIYGEFqXnbihxMfgumVq2pHjXFq6sOwmQ6g3WRNpHdfcUq7vfnjVgTYyZvH9zARikViOg\u0026cv=2","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:00.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xyjdh.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:DD:55:CD:E7:92:D0:DD:93:4E:8C:54:70:94:7F:3B:C7:9F:0C:CC","sha256":"7E:CB:49:6F:68:5D:36:37:F4:CB:DF:98:DE:A2:79:78:ED:16:CD:22:67:DE:D7:C1:E3:00:F4:2F:AB:9C:3A:37"}}},"request":{"raw":"GET /search/tsc.php?ses=ogcndRgH4afEr7-DF47ZvzdP944j621IykPDVjuGiNO1lkE8BWW7vl1N7BW6MlpJTdbQmuowsb9q06GFTOB-PjWwd7DH3Nwi3YfO1GVqvOIasbPHHC2goY0azEEKEei5Geu1T1gnNN_lDkac-MFeurR1LMRPUQC-3LKqZB1uNYgbeqKwSdAyREkNL4bvsUKtu1Sx0S-mm_YCLxHCEh-qDq2tSXOQ6tnH9vuLtopOg1shVnx9FCx1kd1NTBD8AfmmITxRdxtnnT4iIelS95Kso0-IqX6FHUrnkPmtF5JmPKfnVRvoVqC5ye9nEIYGEFqXnbihxMfgumVq2pHjXFq6sOwmQ6g3WRNpHdfcUq7vfnjVgTYyZvH9zARikViOg\u0026cv=2 HTTP/1.1\r\nHost: www.xyjdh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/link/a.aspx?id=cdxxxx\r\nCookie: _cq_duid=1.1774475279.JzknKbkwVFKsH5tr; _cq_suid=1.1774475279.qBhS2vjDSZ9NQzV1; _cq_session=1.1774475279788.UlgvgxEMpSduN5sR.1774475279788\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/ru.gif","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/ru.gif HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 361\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-169\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=grNAOM9S7ns%2Bx%2BJ3rmu5d4Y9pJsSXNqye7yK0TizSe3LtwkJoVhlHnzXjyje4CzM9kQQFq7hRGhIRPvoaNlLBlY%2BVfMFECgwb8g%2FuU2%2FhSLHUrMkN%2FxNNhMdC3qREalRoEnt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03daca618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":361,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 11","md5":"addac471b8ddc26a9f1f2fa235330d80","sha1":"09e5692e18a8b2cff59e4a7b3cf2478878136ce6","sha256":"4306ff8241d011fc96dd02789600623ce20f7a2f4d412735fd1217e34e6b36ce","sha512":"7a448460efa9805cbe2a339629969b049c80ba49c93ec421a010a9999263691905d0d43ce3bcc0509e0257ab0e4a2c2ff5ece3bf41d70a5369e803ccce6a5590","ssdeep":"","tlshash":"5ae060cfc1007816bc882c32bb7fc181010c20009b21b864af6f6088406b71cb22945f","first_seen":"2023-04-07T11:50:34Z","last_seen":"2026-04-04T17:53:00.443126Z","times_seen":1081,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YzU4MzY2NzVjYTg1NWU1NTc3MDI5Y2JiMTllZWVkYTQ/s(w:640,h:360)/tag/000/425/456/b4f9b383.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YzU4MzY2NzVjYTg1NWU1NTc3MDI5Y2JiMTllZWVkYTQ/s(w:640,h:360)/tag/000/425/456/b4f9b383.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 50852\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:14 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kg1K0ZiBZIejlFvO625v2dFDA+AQRS6/Q2xXSCoDG0gN+UDTM1Axbq4\r\nx-77-nzt-ray: 56376635299b48f10c58c469ff822739\r\nx-77-cache: HIT\r\nx-77-age: 118103\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":50852,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"c99fafac09e0cfbf496329768e92fbe7","sha1":"fe2789fa168e3ac1f73e8e62dba40d0786ed0530","sha256":"29fbd44929464a033d79dda069027a063b778544df1bb534be9f04ba70b98fa7","sha512":"6bab9220957556130a8b9a41f7ea157b87e5f8f48220cacd8b6a005f4311d1dd880cd16c6509127eec97e0870fc6e86b49ec3fedc91bbbdb9a518047e0ec7e83","ssdeep":"1536:rBySzZ596SRc0raUU4wYNwUyoaRklJ7Y4sv:roSzZL6S2VKN5yelJM44","tlshash":"b133f147379a0645f5a32ab48f836f148eaff93556b0e47052d9990cf581bc358ef22c","first_seen":"2026-03-25T21:48:31.181593Z","last_seen":"2026-03-25T21:48:31.181593Z","times_seen":1,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/gg.php","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /gg.php HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://www.xyjdh.com/link/a.aspx?id=cdxxxx\r\nserver: cloudflare\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BEPHEo1Ydnf%2Fs8I5UC3RgYCdyU7BkVXAZUk5oaKeaCXt4x0jnZEun0AR0t8JRZnWqal%2FmeOPHuPAKuRg4AwITTWszdnXMEarOU%2FluRkPZguYjR21kBe5BarvmXgQRK5Wgrmw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df95e57a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4156,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":184,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/mon","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:10.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1865\r\nOrigin: https://www.xyjdh.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1865,"data":"e=37dfbd8ee84e00126deac332ef45829d9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57148f6d2717071a10acf9f29f673dfbe0f875504a6fe37a7251853b8a64c4073803219204085e360358c2ea694634a031b737884fa1c629ec4036ec1f276818db4de546e093d5c13cb42c15e36c85eb002fdf53641d355693c47f3bbf2bf3ba87fc4851bd5997d060b675852c8740fb6130af2d1bf91f566375954f2aadcff4f263e46daf40d612f04a6f73a0c7402c6821069a67899c19f00535f983c77b0f2f7489ce31218884421e385863455ee69c26722e04acff4a2a88a3f17bc6e25d77492aa3a2a7c5cd76bddbde09e85ec8586f31dff488eba3269adfeb6a953612c3bc8b700a1ce5392becd0576ef1c7bc33c818b70fe8d040dc1c94926098616bcd8676c634d392a0fcd6bbee4a7ebe67fef3e8354360e9c16991a850f11017428803488fd1d19a91a6cb70c96a88de99a538a03c7b74dc2865d483920e7f86a633bb06e3945d8670bf3d1a0b5eda20ad1c848ae36feb966c8b1de195c6c17dc2574f79fa13541d3e487487f4238f46dec18a66939974ebd0629a8eeaea768ab3f1546b72c8b11e489bf9495f01d5e2e933fa7ee3be4ee5f233a060b267c720884d82f678be4e35eebc8f74232d225f38013716aae18e64ce06ab58474328f8a852d698190de2a5d6babd6edef0edfc87fbb3ec424f3dff5b9bbf596f865f7812d7625b6d71ff7bae7105dfeac36b967dd42d8cb731cebe0985660923201e61149dc1f8c63b7a5186054395d2b4a7a29e165ccaa2b76f97d1727cdfd6163b6cfb96d0485bfd7cdb24cd41a459ed6998b016bcf820fe89cb97c11370e5f23a7d8371a189b4ac139e6b3d0844e6302052f7f92bec861db4f8d1ae55df9b95774b6e13ac37b904b454b5866d9235462346336301933de4ff7702b918aad196618c85499e6861ed512a3e9583bc1648ac35ac9c1ada1b23541bf86a50ddfc862c920860f8d044f88083ed8a40c64f017757e07d24529c920440a87cbaafd3278ecffe4e0029e0782a0904cf1558fa8bae4553826871cf85d8029a85a8c5583ea86ff8543f14de44227fd5d20c5d9989a085a0a019e126b4378370d38503d8ffa96825e58340c19ebaaed6b19294725086b86009c7238052ce4cebf62fa0dd80\u0026cri=Ph3ADveBA4\u0026sf=1\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tb=1\u0026ich=0\u0026ws=0x0\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10013\u0026mo=0\u0026pn=11847\u0026spn=1834\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.xyjdh.com\r\ncontent-type: application/json\r\ndate: Wed, 25 Mar 2026 21:48:10 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/logo.png","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/logo.png HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-f66\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PnRs32G%2Fj82ViUSJFqANyn9ndcZB5wsnhAZ5sxaFghPiQYOf5FzejP7kYx31f8KANzdB3%2FUOg4Uuvo7EsnMqEB7hzKeiHT3epFF1W1dGMu49%2FZt%2Bes26zUoMMVVvnpAA64WG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03da7a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3942,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 181 x 38, 8-bit/color RGBA, non-interlaced","md5":"fc4cb40e45ca4f08ce45ec75391a4d01","sha1":"d147177f1e7643f842eace96071232819f34c4d9","sha256":"8f12d2b7a853a482a88fd165a70e13335ed7108139dad27c95bbb39f884c6799","sha512":"a3c7dfaf6dad751ca45548c9d75242177c52f7e450870244df9e86d74cb2fda20943fcae0d664781b1896dd624b7666fe00ad31f8d5214461e81fe20ce8e5bce","ssdeep":"","tlshash":"5d811b59ce26ed20459dbec4b9e19362993b5bd05a835011bccecd5330316badc68dc7","first_seen":"2026-03-25T21:48:31.184404Z","last_seen":"2026-03-25T21:48:31.184404Z","times_seen":1,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/css/jquery.fancybox-metal.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/css/jquery.fancybox-metal.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-13ca\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WXE%2Bc8qn0f%2Fc08sihVrD%2F5NbS1NBkYcQDFBp%2BmjLDRbM40dMJ1saQRtkUiQxbWAh0Dg8nQpUSYh73ntXk2IM0zfMeuQKzXGw%2FNakk%2FzoiddvXYTVYVEJjQjK7WMn36B5YuGz\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df02d90a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5066,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"97a209f35b21d12e305f0c3aec749a3a","sha1":"6f1145ceb7406cf502c5611497e0dcca4e7ccd70","sha256":"0fc205452e19fc29011de9d5bb41679194fb203bc5d1833dbf6adb875fcc55ae","sha512":"8b9305220c1c77a1ebcc43d1ebe00523829b18a2adca2a6c9d387afee5bc8190d28c3691cc2434035584baad6d313c5ec98a6a674a7a606322a7336974742453","ssdeep":"96:GKXaSjfTkZQFRKLIRdrHLeN9ko0Oy8Ai4cSj2W4ZeKLHgKLf6O:GKp3FyI7rrgf3ZBjyO","tlshash":"6da1fe6b69503904643edd54df6f9a59c63f2492aa1a4eff611cf82883d87e041f39cc","first_seen":"2026-03-25T21:48:31.187041Z","last_seen":"2026-03-25T21:48:31.187041Z","times_seen":1,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/tr.gif","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/tr.gif HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 371\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-173\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=di0di2wpBVu%2F8GA2gnNVYqtUTbK6ejamNuijVp80lkBbzMi0SaUpmj45NeOk9uG0iA%2FA1K%2BlB3BQFGu98ycE1YIXg3Zgt%2FfkiLK%2BOiPhzp4y36l6rcvT7%2Fjw7195hJ7n6oIx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03db0a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":371,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 11","md5":"3c7e51066bea641449722616fdce2d21","sha1":"96c9ae75bc64902679dcb756aa1126ad9a8d095a","sha256":"37568999704bda52ec7256508fd86ffc90aa578466014cb9854e12252bde0670","sha512":"57f347cd0fcaf7918ac2e9fdfd5ca6954aa42b6180193a9ee752d288762bb48aeb286b9b9a0c176347c3ca9eac6f9f0a4ea633cc74b28206fecff5062da530fa","ssdeep":"","tlshash":"2ee068a6c684dac3e7adba3640a14f6a3a4069221b9a273289c6b04c7d142186a30413","first_seen":"2023-05-05T23:36:19Z","last_seen":"2026-04-04T17:53:00.447539Z","times_seen":717,"resource_available":false,"data":null}},"time_used":512,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":512,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZTdhZmMwYzI4ZjkzYzdmYzdhZWIzNDkwMTM4NjUwMTE/s(w:640,h:360)/tag/000/000/264/56bd5ac9.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZTdhZmMwYzI4ZjkzYzdmYzdhZWIzNDkwMTM4NjUwMTE/s(w:640,h:360)/tag/000/000/264/56bd5ac9.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 45220\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:05 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kmFxuvAAh829IoLuOVv5J0jIztSKLyzOUXzCJamlH8qSTdPouJRk+W8\r\nx-77-nzt-ray: 56376635299b48f10c58c469acde2a38\r\nx-77-cache: HIT\r\nx-77-age: 118123\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":45220,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"80e725308470ebd412a666b979509915","sha1":"64c38a5536e697af19fce0c8f36d461e295394c3","sha256":"be008e9e3fbbcb53ea044eca274966d42467a6d6a3082c0285938e0cc198d863","sha512":"feac506cee3bb827ba1410d56ee30c009e7c073f5d93e2aa03d6d75dd2612d5ebbe7c482b8aabf9bbff07f6e6a610a9baf8694c6d24e5fd6e62e8b6a26a23da1","ssdeep":"768:/ztN+GxwrsEwa8KdXymO8XkaIBBNXS6K8zmSVWoON9jP2cMFSrfdJ:/ztN+OwsEZdCmPfIBBFvTm+kN9M0D7","tlshash":"d11301034dd94ac6f7846bbce3700d9be3dc61f52133d2df50a164a12d469629e8612f","first_seen":"2026-03-25T21:48:31.190585Z","last_seen":"2026-03-25T21:48:31.190585Z","times_seen":1,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":24,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/N2M5MGYyMGE5ZWFjN2I5ZjM2YjZhMWJiNGUzZWYyODU/s(w:640,h:360)/tag/000/423/661/90b57e4f.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/N2M5MGYyMGE5ZWFjN2I5ZjM2YjZhMWJiNGUzZWYyODU/s(w:640,h:360)/tag/000/423/661/90b57e4f.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59945\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:54:40 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kuypX0bfxOQhyhBbK6TkoHOdF1IvNquZFk1qQGvUbe2lyNFPzuQ+Gns\r\nx-77-nzt-ray: 56376635299b48f10c58c4697cac4e39\r\nx-77-cache: HIT\r\nx-77-age: 215595\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":59945,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"43db2c03ce58916abfe010d7f7a241ce","sha1":"7a9c36d99f5121055387f17853253869f8249692","sha256":"6efefbcb5bff11a8cc0400d877ac48da836e008ccbc067cdf6db74540cb7d37f","sha512":"196f4fc75f5ef1ae416a130728490e750d23bf4caabdb62a3d18b9e2928ef2610a452feed300b8acaa49b06faa630e1ec631954aa51a523eaa2b8b24c598f708","ssdeep":"1536:rRKZYCiW/VxL4RkqSW7RXCdghRuvn41grpEMN2o97vP:r0YIdq84ygh8P4gpR9j","tlshash":"97430228873704e1f3e9493df01f5e4463e2b4b26412e8e719f66e0e0bb8549a69e43d","first_seen":"2026-03-25T21:48:31.192754Z","last_seen":"2026-03-25T21:48:31.192754Z","times_seen":1,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":41,"dns":0,"connect":0,"send":0,"wait":16,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NDc1NGVhZWIzMzhmOWVmNzE3NzNkZDljMzZmYzBhMTE/s(w:640,h:360)/tag/000/000/265/8a64246e.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NDc1NGVhZWIzMzhmOWVmNzE3NzNkZDljMzZmYzBhMTE/s(w:640,h:360)/tag/000/000/265/8a64246e.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 60184\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Sun, 29 Mar 2026 11:44:17 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: klnbpmIDdRebcZc6ZiSV2LK8ICBXqdVS7Umb1v79ZGXBuV5xtcpz1lQ\r\nx-77-nzt-ray: 56376635299b48f10c58c46977258b38\r\nx-77-cache: HIT\r\nx-77-age: 295415\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":60184,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"536c0546c15868e7bc1c95e14a3e0e6d","sha1":"5f0dc6977f88ad7edf909bbae990cd3c59e6df2f","sha256":"cfd83e163fc1fbe8304b94dc70c369e8c4f57008abb3e4250f1a6a01f56b5193","sha512":"e38b66ac46cc255fbf0043a7bbd92d3f0c25fcefd58a1bd48399aea1307b1ec4c8a96551d0a259e0d655191b21208a405ae051d31728de6187a4418e2c0f5872","ssdeep":"1536:3t5ov6V5lqaUZ9sezDXtchLB0mJD5saiOfKqXv:3t5s67l6vXmPJ9saiIf","tlshash":"7043f2c34089062bfb85aafc539b5f2235daa8bceec0511777dcf2c56e44a8a50bcd50","first_seen":"2026-03-25T21:48:31.195026Z","last_seen":"2026-03-25T21:48:31.195026Z","times_seen":1,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/OWMzODQ2ZmNlZTFmOWUyZDQ4ZGY4ODFjNmIwNDJhOWU/s(w:640,h:360)/tag/000/000/522/7584952f.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/OWMzODQ2ZmNlZTFmOWUyZDQ4ZGY4ODFjNmIwNDJhOWU/s(w:640,h:360)/tag/000/000/522/7584952f.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 74214\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:46 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kikzi6UqOQpG0ntfzE2Kj05knxevkJ/XuybMUwelsAyQ/LyTdqFiIGs\r\nx-77-nzt-ray: 56376635299b48f10c58c46963ecef38\r\nx-77-cache: HIT\r\nx-77-age: 117998\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":74214,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"45f4bc526ff8f9e157b9e82c820e0b1f","sha1":"cb2bd11b7c8b1e9eb5b8a990251c5d89925b570a","sha256":"14f18fe4b1c85e537f3e8ef476127041fda3f6eff22e5928d355a83e962cebfb","sha512":"b5ec01efd4f67cfcec0d7fe7e67b0d3a58a7ebf913e039f8e24b854c411a807f249358546e1c8b917ba380d733d8d43a9f9d5e9c6b7783862e4c015dfb22497e","ssdeep":"1536:rlA3V8m8S/BVea2CxWikyZ8Ylku4Trn3r68Bfa0YTOP4:rKGR2Zkuenb60ut","tlshash":"a5730208f18cbfc5fce8e5ba32104fde6a975d05fdb09d0d1205646b67628ba1e175c8","first_seen":"2026-03-22T15:49:21.188367Z","last_seen":"2026-03-25T21:48:31.197045Z","times_seen":2,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/M2E2MTJhNGUyN2ZjNWJkYmI3ODc1MzY3YTcxOTVmMzQ/s(w:640,h:360)/tag/000/000/642/f707edf3.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/M2E2MTJhNGUyN2ZjNWJkYmI3ODc1MzY3YTcxOTVmMzQ/s(w:640,h:360)/tag/000/000/642/f707edf3.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 68072\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:04 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: krraS25QOSTU+flmVaoVhGkcrZrziKwFyDVDIkCNYnd3uhOyV6+dw0Y\r\nx-77-nzt-ray: 56376635299b48f10c58c4692344f538\r\nx-77-cache: HIT\r\nx-77-age: 118099\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":68072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"59d2a8ab2e5b5b26d40153a172fcfd0d","sha1":"cafc016216515f795756d3f3c96147d8c415e761","sha256":"e307526927e56b4abfad5a045f518d0cb0df5f0bd6090744e2a916b12bcd3df5","sha512":"9656d7010e7e8432b45299b464446fa3695c1e21dabd69c0b70655559c7b2462fdeda6f44a5a05ab1dec5cde49c7bf93daf197318fed7a29020e8597bbb010d3","ssdeep":"1536:T0ZXJESTMM/os0bUsM6UOrFquxQpfu7ekepxZ03U4rX8+s:T8JVTPhWM6vrFquxQpUApX4I","tlshash":"32630173cef169b4f4e7daf9a1006f16ea943e23ab4341c052d01710dae991037f6b5a","first_seen":"2026-03-22T15:49:21.211796Z","last_seen":"2026-03-25T21:48:31.199338Z","times_seen":2,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/css/xv.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /css/xv.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-840b\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iHj2SjWk57XLwtFnr1kr8GELH5w9dr019%2Fxxies2RIUqzlLOws1ppQ50gKA9leW%2BroGHYidUkl%2Frz8mo6mMP0gOQr661z%2BzB%2FwVBh3gghmXywEBJqzRjUtisu0eIDzsY8ueI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03da6a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33803,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"304f8e74eff042072aaffa722f3f36be","sha1":"e761812dd0e950715581a72a09908d0e08044853","sha256":"8277798ea2f43cdb7b39a51d1b94043d822a008f9c48878eae5760302e5eae01","sha512":"180a698862bcedca9b6f516e8c19482cc85108c9d70fdf473f18bc2e0f7b5cb8d1841cbdb01c622b44348e6cd8af83a2c60b8f4a3acd403b6c76befeecb5aedc","ssdeep":"192:ulw7Y3ZxAY0sw9zSZhIWcBQfO2sYXX1iDeDzDcgM6dQ0d1iDs7WVskjaUNu4Ffyl:z8w/IiDEq1QnXaqhHF","tlshash":"d7e2f4240a92399dba4fd22066b457d80b3e3444fc2f0eecb66b3da827d38d55527f91","first_seen":"2026-03-25T21:48:31.201051Z","last_seen":"2026-03-25T21:48:31.201051Z","times_seen":1,"resource_available":false,"data":null}},"time_used":589,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":589,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/jp.gif","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/jp.gif HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 366\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-16e\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I422OKlDvgw4jC0MFuMt9fDyvcxZVN7mF1BAjFqHk26yUuHBoFmRdLxcpps7hRVecgsbdmmdEvFfCKrPOZ20Vk0SaUDC%2F1dKGxoNzXlGpbkVLcBe1iY89tnc9ftm4BXr7o3I\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03daaa618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":366,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 11","md5":"b6fa87814a6e40fcdf41d79c5e06c406","sha1":"25279fa4404230b55fcf478978926942c028a676","sha256":"64a274cb62bddf71a34e757f17bb64796c79e85b7bb93bf0f29f510dd8b75c2f","sha512":"a4a04ac8e427574b0bd6c7a99dbe1ff1f515a2e4ee9ccb2cfe24f909550a9ca33220b165651b8686adab03afc3f17f8fd14e7baa120dbe70ff5515afc577a0a1","ssdeep":"","tlshash":"63e06153525c5773727c34355967280014445e410f3657994b8dacc5524662051f3492","first_seen":"2023-05-05T23:36:20Z","last_seen":"2026-04-04T17:53:00.446839Z","times_seen":802,"resource_available":false,"data":null}},"time_used":519,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":519,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/main.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-98f\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eWZYgIfgP%2BjgsXRX1bHxenSP605QNqxINLWKUbC9Ckmf9H9Y%2FieeKFNU854aECZprQdrj92GCOn8QgeO7izRLh%2FlMYrkva94nKwXU9YOYgmLrWFJyEWnAIWHxRRcmfvqK58h\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df09deda618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2447,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"ca808a9303b04eea0f0acce756ba4418","sha1":"582f7e00bf9876ce3c5d1fafc214d40934aaadbe","sha256":"17e4871e6c987a4ce5e4aecf5d82bf3cc3b59221800bbd12317ec6dfc4be4cf2","sha512":"12fdc627551f9d1d09836e973e3554ebb05a3d0140039ce33c6559fd048bd8853e9ae66e88abe539528a13a02e7045fc9afbb427aeb521cba9d6168f1c910318","ssdeep":"","tlshash":"8f51ca2876b639354627717a3fcf62897231024b7414de063cae46c41fe1e2618a9fe9","first_seen":"2024-12-27T10:57:19.348459Z","last_seen":"2026-04-03T19:20:50.01893Z","times_seen":105,"resource_available":true,"data":null}},"time_used":613,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":613,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/mon","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:03.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1862\r\nOrigin: https://www.xyjdh.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.xyjdh.com\r\ncontent-type: application/json\r\ndate: Wed, 25 Mar 2026 21:48:03 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/Zjk2M2Q1OTRjMGM5MTQzN2FjMjcyOTBlMTg2ZWJhZmU/s(w:640,h:360)/tag/000/000/256/68026d75.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/Zjk2M2Q1OTRjMGM5MTQzN2FjMjcyOTBlMTg2ZWJhZmU/s(w:640,h:360)/tag/000/000/256/68026d75.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 72764\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:25 GMT\r\nx-envoy-upstream-service-time: 3\r\ntiming-allow-origin: *\r\nx-77-nzt: kggwifNghMNI5YRN2npcnHEmRXPyotrSKb6AHo9xnWep/6YAzrl4Nlk\r\nx-77-nzt-ray: 56376635299b48f10c58c469c839883a\r\nx-77-cache: HIT\r\nx-77-age: 118087\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":72764,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"9e695c6f8595ba59d49ebf107ae32432","sha1":"0f335c6caba63b046e281fe8b55887c9c917fe30","sha256":"a38459992af92037524aee3718f6cd5020c786df4753495961ef47ffdc723b59","sha512":"9ca3a0bd3b9761cc06c07054a72510dae094c774555417586c8057964fa39aa20f5ecf5a72b50f8b0de7e01982f976c8869181454dd80906c6349d27606051fa","ssdeep":"1536:Xs/jQnm20PtSZVX1nfMFNZIvloBh79nDFgi5afAnGPxWFG4o/+TY45cYkZ+:X22mpkzdMDOeRii5PGAq/+TY2uI","tlshash":"2f6312b13844ddede577ecf692b09e2225e5b501053ee679a5c331a3538ce42492df13","first_seen":"2026-03-25T21:48:31.204909Z","last_seen":"2026-03-25T21:48:31.204909Z","times_seen":1,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":59,"dns":42,"connect":10,"send":0,"wait":12,"receive":67,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NDQ3N2M2MGU2MWQ4ZjI1MjYzOGVhN2EyOWM3MDFjYTU/s(w:640,h:360)/tag/000/423/677/9c6d47a9.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NDQ3N2M2MGU2MWQ4ZjI1MjYzOGVhN2EyOWM3MDFjYTU/s(w:640,h:360)/tag/000/423/677/9c6d47a9.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 62085\r\nx-rsic-processor: 20018\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 07:49:33 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kktgVEV2pSrOO9P78OsR4erS79mKc2iD4CQk4xdEMG2sJ+PnkCzHdvI\r\nx-77-nzt-ray: 56376635299b48f10c58c469c1965738\r\nx-77-cache: HIT\r\nx-77-age: 482300\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":62085,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"27eb0580660e4794eb6be6cba2d11daa","sha1":"9ea04eaa3ae5e5660e8048b7c4a7b6982d3a277f","sha256":"c78084e15a5380fe1276e59a5c906dcdae2e18116dffa45050b703647ec4f2c6","sha512":"400c10a531a29f7ffb86cc18662018e80ce07c013dd4e2352bd0e24f15d217759023089192e2db472926f68517b8528b26ab0bc627cc9860f547f1a2d219667e","ssdeep":"1536:rO89M59KR3D0TXnc+LKnzp/5Tcl9u7zQqJzE0DgcsK0Xsu4IWaA:rO4M59KR3eunzp/KzszQKzpgEMIIhA","tlshash":"c253026651412cc0f479b4ba1e7b1ea0c9f63e499cdfeca2448bc605ecd8de841d51a9","first_seen":"2026-03-25T21:48:31.20711Z","last_seen":"2026-03-25T21:48:31.20711Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":11,"dns":0,"connect":0,"send":0,"wait":24,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NTJhYWJlOWRiMDdmZDkzNDE2YjMxMzEzZDJmMDUyYmU/s(w:640,h:360)/tag/000/425/481/0ea433f6.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NTJhYWJlOWRiMDdmZDkzNDE2YjMxMzEzZDJmMDUyYmU/s(w:640,h:360)/tag/000/425/481/0ea433f6.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 49901\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 17:48:17 GMT\r\nx-envoy-upstream-service-time: 3\r\ntiming-allow-origin: *\r\nx-77-nzt: kj8TDmuAtos3qoj4Pm4KNOQovFl3DmZj583Q1quzvXmoI2i68jD+puA\r\nx-77-nzt-ray: 56376635299b48f10c58c469154c3939\r\nx-77-cache: HIT\r\nx-77-age: 100767\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":49901,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"f4254cd8dd14473a20bd3f2ea1effc4b","sha1":"ee03424371265dea787dd084bf8e13a8aef1f1b0","sha256":"6d325f28fa2e9185875bb720a6c3023952c2e74be45c78c47d2573a80beadd21","sha512":"8a290b5b0efc87fe68ebd0a361e437659ae3860a6d7401e571c64c79a98679c360599bb46d2f46cf9f50a0b0bc1253e5cde7eec7b97607a736a5ee86c6d9e417","ssdeep":"1536:r/oLOe8JqQrKtMXj/ZD2ouK3s03yhSaNn:rALO9A2XjRzucsDQq","tlshash":"3323f218a7bcc5e1fdb3dfb058924f51c6cb79cb9249586b50e5207a82dfba0ba04117","first_seen":"2026-03-25T21:48:31.208874Z","last_seen":"2026-03-25T21:48:31.208874Z","times_seen":1,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":57,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"images2.imgbox.com/34/53/JpbP5LK9_o.gif","fqdn":"images2.imgbox.com","domain":"imgbox.com","tld":"com"},"ip":{"addr":"212.63.223.226","port":443,"asn":50827,"as":"SpaceDump IT AB","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:59.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imgbox.com","organization":""},"issuer":{"commonName":"GoGetSSL RSA DV SSL CA 2","organization":"GoGetSSL"},"validity":{"start":"Mon, 03 Nov 2025 00:00:00 GMT","end":"Thu, 03 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:40:C4:66:DF:6A:53:69:91:C0:6E:E4:30:08:6A:AE:7C:D9:E0:F4","sha256":"5B:6C:CE:B6:08:A1:0E:CB:E3:DE:59:62:F8:8A:62:B0:EB:CC:60:FA:D1:4E:D3:0D:56:1D:55:32:E5:36:BA:4C"}}},"request":{"raw":"GET /34/53/JpbP5LK9_o.gif HTTP/1.1\r\nHost: images2.imgbox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r1s6.cdxxxx.live/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nserver: nginx/1.14.2\r\ndate: Wed, 25 Mar 2026 21:47:59 GMT\r\ncontent-type: image/gif\r\ncontent-length: 1629308\r\nvary: x-s-token\r\nlast-modified: Thu, 07 Aug 2025 06:24:01 GMT\r\netag: \"18dc7c-63bc080cde240\"\r\nx-cache: HIT\r\nx-whom: srv1535\r\naccept-ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.14.2","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1629308,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 428 x 240","md5":"5920ca1805f6511d555b787833917ea5","sha1":"74230cf986031c564239194fd6a4c0e6c5ad511c","sha256":"61baae0fde695631430d39dc739b12436107c7b59a7337c2e25e065cc57c7f63","sha512":"3480cfbc0655088fdb0297c1e68eddb60f1c3b416dbc0f042841bcd573e21a8de293dd53ca0ef5c12a91f220a2e9dfb50b56daedb3ceeceb2a7fbc5fc21c9e2a","ssdeep":"24576:EAWARRJsZfI6N/bY3nQYsMGR9HUio3aRF0fgeTochOV2S181M:emsRx/bY3WNRF0XbOV2S61M","tlshash":"ec25337304272a28c4882573887fad4da1e2cd455cdba72ec5ae1b1dfa707f0df415aa","first_seen":"2026-03-25T21:48:31.210697Z","last_seen":"2026-03-25T21:48:31.210697Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1000,"timings":{"blocked":123,"dns":22,"connect":25,"send":0,"wait":36,"receive":714,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/search/tsc.php?ses=ogcndRgH4afEr7-DF47ZvzdP944j621IykPDVjuGiNO1lkE8BWW7vl1N7BW6MlpJTdbQmuowsb9q06GFTOB-PjWwd7DH3Nwi3YfO1GVqvOIasbPHHC2goY0azEEKEei5Geu1T1gnNN_lDkac-MFeurR1LMRPUQC-3LKqZB1uNYgbeqKwSdAyREkNL4bvsUKtu1Sx0S-mm_YCLxHCEh-qDq2tSXOQ6tnH9vuLtopOg1shVnx9FCx1kd1NTBD8AfmmITxRdxtnnT4iIelS95Kso0-IqX6FHUrnkPmtF5JmPKfnVRvoVqC5ye9nEIYGEFqXnbihxMfgumVq2pHjXFq6sOwmQ6g3WRNpHdfcUq7vfnjVgTYyZvH9zARikViOg\u0026cv=2","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:47:59.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xyjdh.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:DD:55:CD:E7:92:D0:DD:93:4E:8C:54:70:94:7F:3B:C7:9F:0C:CC","sha256":"7E:CB:49:6F:68:5D:36:37:F4:CB:DF:98:DE:A2:79:78:ED:16:CD:22:67:DE:D7:C1:E3:00:F4:2F:AB:9C:3A:37"}}},"request":{"raw":"GET /search/tsc.php?ses=ogcndRgH4afEr7-DF47ZvzdP944j621IykPDVjuGiNO1lkE8BWW7vl1N7BW6MlpJTdbQmuowsb9q06GFTOB-PjWwd7DH3Nwi3YfO1GVqvOIasbPHHC2goY0azEEKEei5Geu1T1gnNN_lDkac-MFeurR1LMRPUQC-3LKqZB1uNYgbeqKwSdAyREkNL4bvsUKtu1Sx0S-mm_YCLxHCEh-qDq2tSXOQ6tnH9vuLtopOg1shVnx9FCx1kd1NTBD8AfmmITxRdxtnnT4iIelS95Kso0-IqX6FHUrnkPmtF5JmPKfnVRvoVqC5ye9nEIYGEFqXnbihxMfgumVq2pHjXFq6sOwmQ6g3WRNpHdfcUq7vfnjVgTYyZvH9zARikViOg\u0026cv=2 HTTP/1.1\r\nHost: www.xyjdh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/link/a.aspx?id=cdxxxx\r\nCookie: _cq_duid=1.1774475279.JzknKbkwVFKsH5tr; _cq_suid=1.1774475279.qBhS2vjDSZ9NQzV1; _cq_session=1.1774475279788.UlgvgxEMpSduN5sR.1774475279788\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 25 Mar 2026 21:47:59 GMT\r\nserver: Parking/1.0\r\nx-cache-miss-from: parking-79cf8c95dd-gx7wl\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/dzs.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /js/dzs.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-6f1\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hRpClJGpTwiWILplAsf46rc6lZKbgFIy5kSGqXzGnrMio6%2FpMf22jstMr5guqpM5biOd4wFBcrJCBUgq0raRw%2FaIRawRxyV3WuMeKfQmEtNcsGskLXP7ceYHtY2DvtB8IU5a\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df09deaa618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1777,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"f978efc0d73bda028c190f720cd40444","sha1":"7fd1218169548e605ffb092bca2e68a3c1ceb8f6","sha256":"b77795c61a2a78287975be0b50e5032fc481ad6e06cdfcaa02ba06954a8df0c3","sha512":"a7d7838ba2308163e10c96d203d9698060d62ddf4958f99fd6f32cb028fd1a132acf49ca54a08997855769a91876c3c9b3086e44d6d87f7565204e55e2b27f50","ssdeep":"","tlshash":"de312850f1b85c2e8deeb4d10d2f266c2d6239456e5c4298348caca7ccf0259d032bae","first_seen":"2025-11-08T17:53:39.813737Z","last_seen":"2026-03-29T20:25:38.108099Z","times_seen":15,"resource_available":true,"data":null}},"time_used":541,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":541,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/mon","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:15.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1865\r\nOrigin: https://www.xyjdh.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1865,"data":"e=37dfbd8ee84e00126deac332ef45829d9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57148f6d2717071a10acf9f29f673dfbe0f875504a6fe37a7251853b8a64c4073803219204085e360358c2ea694634a031b737884fa1c629ec4036ec1f276818db4de546e093d5c13cb42c15e36c85eb002fdf53641d355693c47f3bbf2bf3ba87fc4851bd5997d060b675852c8740fb6130af2d1bf91f566375954f2aadcff4f263e46daf40d612f04a6f73a0c7402c6821069a67899c19f00535f983c77b0f2f7489ce31218884421e385863455ee69c26722e04acff4a2a88a3f17bc6e25d77492aa3a2a7c5cd76bddbde09e85ec8586f31dff488eba3269adfeb6a953612c3bc8b700a1ce5392becd0576ef1c7bc33c818b70fe8d040dc1c94926098616bcd8676c634d392a0fcd6bbee4a7ebe67fef3e8354360e9c16991a850f11017428803488fd1d19a91a6cb70c96a88de99a538a03c7b74dc2865d483920e7f86a633bb06e3945d8670bf3d1a0b5eda20ad1c848ae36feb966c8b1de195c6c17dc2574f79fa13541d3e487487f4238f46dec18a66939974ebd0629a8eeaea768ab3f1546b72c8b11e489bf9495f01d5e2e933fa7ee3be4ee5f233a060b267c720884d82f678be4e35eebc8f74232d225f38013716aae18e64ce06ab58474328f8a852d698190de2a5d6babd6edef0edfc87fbb3ec424f3dff5b9bbf596f865f7812d7625b6d71ff7bae7105dfeac36b967dd42d8cb731cebe0985660923201e61149dc1f8c63b7a5186054395d2b4a7a29e165ccaa2b76f97d1727cdfd6163b6cfb96d0485bfd7cdb24cd41a459ed6998b016bcf820fe89cb97c11370e5f23a7d8371a189b4ac139e6b3d0844e6302052f7f92bec861db4f8d1ae55df9b95774b6e13ac37b904b454b5866d9235462346336301933de4ff7702b918aad196618c85499e6861ed512a3e9583bc1648ac35ac9c1ada1b23541bf86a50ddfc862c920860f8d044f88083ed8a40c64f017757e07d24529c920440a87cbaafd3278ecffe4e0029e0782a0904cf1558fa8bae4553826871cf85d8029a85a8c5583ea86ff8543f14de44227fd5d20c5d9989a085a0a019e126b4378370d38503d8ffa96825e58340c19ebaaed6b19294725086b86009c7238052ce4cebf62fa0dd80\u0026cri=Ph3ADveBA4\u0026sf=1\u0026dc=\u0026cp=15\u0026gtm=-\u0026gac=-\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tb=1\u0026ich=0\u0026ws=0x0\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=15020\u0026mo=0\u0026pn=16854\u0026spn=1834\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.xyjdh.com\r\ncontent-type: application/json\r\ndate: Wed, 25 Mar 2026 21:48:15 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdxxxx.com/","fqdn":"cdxxxx.com","domain":"cdxxxx.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T21:47:55.237Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 04 Mar 2026 00:50:03 GMT","end":"Tue, 02 Jun 2026 01:47:48 GMT"},"fingerprint":{"sha1":"A8:97:FD:B6:5E:E3:B1:39:ED:87:B9:B2:34:2C:C6:74:68:7E:11:8B","sha256":"2A:68:1D:73:5D:3A:09:D0:F3:A6:DC:2D:5F:75:58:EF:B3:46:C0:71:EF:39:07:56:87:9B:0C:4F:35:37:AF:26"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdxxxx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":102009,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":622,"timings":{"blocked":55,"dns":21,"connect":8,"send":0,"wait":512,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T21:47:55.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: text/html;charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GHnzlnq%2FRAm4F3lkGFa8SrKGnA18%2FRPZAsULrWQMt89TtQE7mS3R%2FHN%2F8h6pNWac1F%2FoNJAKwvZgd7yLP88SGkjA6JK0Ie5VsMeHogE03d6clqNIL4xyOJ0bwGBmRq2eG%2BX7\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e211dea3d515210-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":102009,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (668)","md5":"159c25ba6ba85fdc7798513a6f5ee369","sha1":"036ecd7801f2c1fa5290dc8b67fa30bc7cc46848","sha256":"8c1f81dc44576deb11b54ba942d5022f4b167a804ce2ed92c8f3eb5cdaacc6ab","sha512":"94e2f57de493a332859292269f42be9545b3991b044e5db6d78142634f78e0d4e81e482b69e63a6ef3748257c57d685c81aa5179ee8c2b18ea73f1676d15a5ca","ssdeep":"1536:tY456US75eeQiDmWF6UDm83koFwFN1UmppJAqEL95zIzum5pkgT4SA0BuovY914D:tY456US7/BgG6zxre0sj8","tlshash":"3aa3b7f28be1d0561187d290efa66e5eba43a06bced1984433ac5ac2dfd3ed6cd03544","first_seen":"2026-03-25T21:48:31.213457Z","last_seen":"2026-03-25T21:48:31.213457Z","times_seen":1,"resource_available":true,"data":null}},"time_used":811,"timings":{"blocked":61,"dns":30,"connect":8,"send":0,"wait":689,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/OTRiOGE5YzA0NmQ2ZTlmZGQ2NGU4NjQ3YzZkMmZmYTY/s(w:640,h:360)/tag/000/000/635/0684ec63.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/OTRiOGE5YzA0NmQ2ZTlmZGQ2NGU4NjQ3YzZkMmZmYTY/s(w:640,h:360)/tag/000/000/635/0684ec63.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 63933\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Thu, 26 Mar 2026 11:31:52 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kpMM60Wmy3ievk6QMD4TrxjiQ5M9ZlPNEHaqqZrx97nbSOfi+Udbxes\r\nx-77-nzt-ray: 56376635299b48f10c58c4696aa18838\r\nx-77-cache: HIT\r\nx-77-age: 555322\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":63933,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"6bc2bfec9baa6aef8796e525ff5dcf40","sha1":"494e3d1b0755adf03e13680fa7298b16b375a4f7","sha256":"7714de228899733b36ed950b9f5caaf3e309513b86fdfa01f00f9883602a0e1f","sha512":"7170cad0cb17125208c69572db84058f740babf331a49337218e1bc56db2f262adc750b2ae5a69807851ae68b5f4469395d628b55e44246ded3e4f1d4b9778bc","ssdeep":"1536:TMbdzQJUzwo19rpdS2WOx7mWFNj0FuSoNQ5nE:TSzvzwo19WWNm6NwFMQZE","tlshash":"68530216528283b4f94b8f30a3514f87d33465bbc9c434c6aee4688f74d25e5b2e539a","first_seen":"2026-03-25T21:48:31.21528Z","last_seen":"2026-03-25T21:48:31.21528Z","times_seen":1,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NDk0OWIzMWQ2OGMxYzI0MmYyOTFkYjYzZWU2MjcxMWM/s(w:640,h:360)/tag/000/004/583/560c43fa.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NDk0OWIzMWQ2OGMxYzI0MmYyOTFkYjYzZWU2MjcxMWM/s(w:640,h:360)/tag/000/004/583/560c43fa.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 45602\r\nx-rsic-processor: 20018\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:20:30 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kqU2+1h1gUnUuCrdWb17mweHFS6HpEal5AXc1aeWaw8dbw1O7arQlj4\r\nx-77-nzt-ray: 56376635299b48f10c58c469abbc2c39\r\nx-77-cache: HIT\r\nx-77-age: 217644\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":45602,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"6b978203d840d70001af6dd6ba2f812c","sha1":"d898180d0526d35414d9947ff4d81eda01dd3c59","sha256":"0b5ee1209c1b946f26a798722c10adbcf9095e069c5ffbb77103856b011b86b0","sha512":"218f61d07d90b724bcca920de607907f56bbb1f40d282c5281129a3284f053cf7bb37f0c539c90ec9ec9bd56b54ca25f658baf58111fa789117d15711ea93ba6","ssdeep":"768:7QklatzaxVcO3vjb9YPMIGZqBeK1uD5q9yXV3OLApZ0GAlX8WINaXCBH8f18JXo:7PlGcx3vjb9MQZqEHSCdOL6Z0bv0FBHa","tlshash":"0a23025f5b78ffcaf5d4b2fd676a1f92d7eb38b2ba7364060642529c068c100c69c650","first_seen":"2026-03-25T21:48:31.21745Z","last_seen":"2026-03-25T21:48:31.21745Z","times_seen":1,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:59.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/static/css/css2.css\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40128\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-9cc0\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rhyv4MJX1a0v6veDOsN7ySCYEmt%2B4aNTtkXFT9661UlzmiVc6K6Fjvk85ttkCwWtoaV%2BMC7Fu4BgNSZbKyNJQy6d%2BsoRxOQIzKu8BL4dwiXmVYR0atfetCR%2FmyzAvfG3G8MP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211dfc38daa618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T05:46:26.363175Z","times_seen":716017,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":326,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/css/swiper-bundle.min.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/css/swiper-bundle.min.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-45f7\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xfiziUB3NYCyhSe4Qdn%2F04xwZ5kS7AdeAEuihugxMRdN2ZIEDuUGfOC%2FunamR%2FRAmq6jFP4fzrh3dVVlxl0evkc6CxUCWVwXyIQ3aGcDqyd0%2BwyJOFEUepWfdprLXhEfNQO%2F\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211defed39a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17911,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17654)","md5":"3679b8ae11720ff4e844e7d83743333d","sha1":"3bd9174f94f41bb866ae35ddf71e44ae9f81ec0f","sha256":"ffb04d00f13ab0394a456a3203d1dac747df01e9746a2eaf36da79d4e5071400","sha512":"bd1b5570696f0629461978372c36f28fddfeca66030253f5b58dfe37b8d771943aab2ffa480d7953da715a69220eb668564571794bd4352939e6db37b56e2b04","ssdeep":"192:EvmUJbiKne0JlXZHZ+SMS4nxep/a2GZb0Q5nfufKlAYfg5fyeesedOJ9A5Pz+c3y:EOUbe0JdZHZ+1nZ24tlWfF4XYz","tlshash":"308244a86300282753274f364b71cbb9dd7444d20f9389ae91c0ee48d7f6db9136f6a9","first_seen":"2023-05-26T10:19:56Z","last_seen":"2026-04-04T17:53:00.445482Z","times_seen":409,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NDE5ZGQ4MzA1MGVkOTgxNGU3ZDMyZjBjMWYxZTU5YWM/s(w:640,h:360)/tag/000/000/223/1bb02440.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NDE5ZGQ4MzA1MGVkOTgxNGU3ZDMyZjBjMWYxZTU5YWM/s(w:640,h:360)/tag/000/000/223/1bb02440.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 80395\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:48 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kh2IsbD7+5IGDWFOxitJb33lsEHLKO2+CwOjNlyebuphe4vmCSZTKZI\r\nx-77-nzt-ray: 56376635299b48f10c58c469b8fbdf38\r\nx-77-cache: HIT\r\nx-77-age: 117998\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":80395,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"205390af5c4760e47a7aacc97c1d9dba","sha1":"ece1761114f6157d3101e6b93392cc1629b22c50","sha256":"7e21b5eba61186a1c95e3cab7e5f482cbf829451b67f93d131b6e7bb467ec8e9","sha512":"6a70b177aeab1260aae18f3908483ffc037c761516d2ad58917368ad684b36fe84f6704576f96ffd698a790e702a5b0d2159ce97352ef7a1bcd0d80eda10a0da","ssdeep":"1536:Xo04C+TDACr6WnTYHeJ/bF/CGGw6l78O6QABzJjuD:Xo04fTrTWeJzFL6hzABzu","tlshash":"287301269b404fc4f821f0bd99d7be64b3c595a5c9640ef404eeb3b02e5314bc6e5ae2","first_seen":"2026-03-22T15:49:21.20307Z","last_seen":"2026-03-25T21:48:31.221114Z","times_seen":2,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/img.sedoparking.com/images/js_preloader.gif","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:47:59.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xyjdh.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:DD:55:CD:E7:92:D0:DD:93:4E:8C:54:70:94:7F:3B:C7:9F:0C:CC","sha256":"7E:CB:49:6F:68:5D:36:37:F4:CB:DF:98:DE:A2:79:78:ED:16:CD:22:67:DE:D7:C1:E3:00:F4:2F:AB:9C:3A:37"}}},"request":{"raw":"GET /link/img.sedoparking.com/images/js_preloader.gif HTTP/1.1\r\nHost: www.xyjdh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/link/a.aspx?id=cdxxxx\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 441 No Reason Phrase\r\ndate: Wed, 25 Mar 2026 21:47:59 GMT\r\nserver: Parking/1.0\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"441","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YTBhODUxZGMzOThmMmVjNzliNTE0MjFkNDQ5MjUyNzY/s(w:640,h:360)/tag/000/000/267/9d03493b.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YTBhODUxZGMzOThmMmVjNzliNTE0MjFkNDQ5MjUyNzY/s(w:640,h:360)/tag/000/000/267/9d03493b.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 61176\r\nx-rsic-processor: 20020\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 11:01:26 GMT\r\nx-envoy-upstream-service-time: 77\r\ntiming-allow-origin: *\r\nx-77-nzt: klF+8e18z9I83ziMHAQWpPQdxCHmIStYGImY/aBixU0zN+myiPB9rw0\r\nx-77-nzt-ray: 56376635299b48f10c58c469783e5a38\r\nx-77-cache: HIT\r\nx-77-age: 470780\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":61176,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"022a881114ad664bc8f34c03ba7fd38f","sha1":"84ad2134ac16a63e3fe6b8029356170aecab9c3e","sha256":"1f7ca2f955f0448c1e53b2112f7c3f08538183cf103511c95c02c0abd54f2adb","sha512":"668c8622738ef7649079514d59a9b8c9d404020c299825f54a6c29a00052f5323428eff6175bab379c57736e28a1fc0a0b170b42b8eb536eac9fa7eb7cf30adb","ssdeep":"1536:3VRcmh41Xlw+3LdfhOHUg7r8JwaOPhVTw:3VRcmKVw+3LTCXowaOZFw","tlshash":"45530226565e0b88c89351f8f3392f4dcfe1daac50327a6b46a5c7326310ef38871467","first_seen":"2026-03-22T15:49:21.217745Z","last_seen":"2026-03-25T21:48:31.222927Z","times_seen":2,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":24,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/pt.gif","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/pt.gif HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 369\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-171\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=53WzuKlvJS7w1a6nGYptmo4t5JNVPVMKq4l%2BcUj7CeItGs53dMDir5klM3802TyzEx8bg7L3u0LBu4ALrIds%2Be3VJPk4R9k0YHC1IflYM0%2FZul%2BgBVdXajtqAt7yNAbERvDf\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03daba618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":369,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 11","md5":"b68938af019e2c74377327abbe3d4b5e","sha1":"91f218e9f762f10d302521200df014ea275f2ed8","sha256":"73036dde7c521c1ec570474b3254826496ab475f3851cac75e5c5de7827b0fca","sha512":"4adc645333006bb727d2851dab71f99771b28724a00085029b8d01f8cb1dd14bc930c2695438b982427c367ce30c369b711566575a11ace170792d6779062d09","ssdeep":"","tlshash":"19e0c01354bc96d5e5f060f86066bc0faded261242e660a72a6041047e515a19a411c0","first_seen":"2023-05-05T23:36:20Z","last_seen":"2026-04-04T17:53:00.432872Z","times_seen":879,"resource_available":false,"data":null}},"time_used":544,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":544,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ODYyZTdlYzZjODdkY2QyZTNiOWYzMDcxOGI1NmU4MjQ/s(w:640,h:360)/tag/000/425/449/809f429d.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ODYyZTdlYzZjODdkY2QyZTNiOWYzMDcxOGI1NmU4MjQ/s(w:640,h:360)/tag/000/425/449/809f429d.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 60942\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:10 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kmEUhtypRLMRu+4Hobn7WyUZZ+wtaL4YffUnS9+xMf8e2kX6++ZidFg\r\nx-77-nzt-ray: 56376635299b48f10c58c469037d2638\r\nx-77-cache: HIT\r\nx-77-age: 118123\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":60942,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"6173ccad47f7c03e0ef744d75b069d04","sha1":"734ccd6f173b8261d96678fbd307e6271859dc15","sha256":"83a27bb4b964bf0ced7b1e928d813acf8531eb5ed275f0d2df84018e5435fe07","sha512":"cf9229edca437eda7a7ba63fed1f6b7f1c9225022a09dd91d179f4ac1fc1cf0be8ee242402a3e0dbe8f8b3e9e1ef5a875c7a73b72b140c6bd94a47c55c5675df","ssdeep":"1536:rKk/rvDgYyvDLpdoUw4O1NbRf13Zl9h7GGTTW:r//B0XoAObF1L9LK","tlshash":"9a5302a85eb87995fc0844f870e53fc45bf7e21b6a328542cfd741ea24c5a29235ce63","first_seen":"2026-03-25T21:48:31.225531Z","last_seen":"2026-03-25T21:48:31.225531Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":23,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NWZhNDRkOTRmNDdiZjg0M2VkY2Y3MTUyNDc4NWZmZTA/s(w:640,h:360)/tag/000/000/258/f6010703.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NWZhNDRkOTRmNDdiZjg0M2VkY2Y3MTUyNDc4NWZmZTA/s(w:640,h:360)/tag/000/000/258/f6010703.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 70757\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 07:32:39 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kjnS8cfHPxsHdaZ7gCBIv9q480mrcfRVGobaxzaAi8ltHkrjrSrFBSM\r\nx-77-nzt-ray: 56376635299b48f10c58c469533e2338\r\nx-77-cache: HIT\r\nx-77-age: 224110\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":70757,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"cabf15c8c2aa152663e056eef0787127","sha1":"e34eabca260e1ae87758122cc25d7807b55a24fd","sha256":"7aadb6ef84391a7434a916b1b57272705181564ea46aa4ced09b88d2ef454bf0","sha512":"7ddecfc4325bc1d19474552e550aeede8f46370356d29cf7b0de7c069ce9ca31a0cf80d001decff447b06cb0e463dafbe93885042e7fcdd6cac46c5946f80d66","ssdeep":"1536:jUqU4Of7VW5y11+tlQMn2fYoH8tpMUePmGJYR0XsbJIDVgtIKGd2EL:jFO8y11+wM2g7MUeOD0XDet+2K","tlshash":"6b631254ad2e17cff0206abaf3584e1772e6382eebc12a4d77c3541dc0d6a218795cb9","first_seen":"2026-03-25T21:48:31.227139Z","last_seen":"2026-03-25T21:48:31.227139Z","times_seen":1,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":15,"connect":10,"send":0,"wait":11,"receive":20,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NGJjMDc3ZTgwMWMyY2NiMWQ5M2E2ODE1Y2M2MzhiZDA/s(w:640,h:360)/tag/000/000/063/db20ef16.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NGJjMDc3ZTgwMWMyY2NiMWQ5M2E2ODE1Y2M2MzhiZDA/s(w:640,h:360)/tag/000/000/063/db20ef16.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 107498\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Thu, 26 Mar 2026 09:40:41 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: klgl4UInVSS+dXJXkvY2N/3grjUS5amoEf8RY11biEjgjZ4qJyo5U3A\r\nx-77-nzt-ray: 56376635299b48f10c58c4694e042938\r\nx-77-cache: HIT\r\nx-77-age: 562034\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":107498,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"c58f8d66ad6393f8bab86fc4c8c86bff","sha1":"953f979d3e7ada7cd8e28e8f3abb08b7236dc4e4","sha256":"a7798f32f6a3fe8dcb5516a01157f4b0f1546f3ce83ff8575f19c577d601c6ad","sha512":"6b3c78320610a71ee0a8d4e3737b79831de33ce9dd8ec93f747ef400038c724c755f9ce19ae93bbf4a8ac33896edfbe5c12602b8d5fe70a0b1600eb31584514d","ssdeep":"3072:roNDGJoD82Qmc9v9E0riAzFboz7Ud+pbVCf:rocoXQmcpi0usFbozk+pU","tlshash":"87b312b795931160f783b17da980af1ecba15bb44d4aeedf91e1651bc12c0cd701328e","first_seen":"2026-03-25T21:48:31.228861Z","last_seen":"2026-03-25T21:48:31.228861Z","times_seen":1,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":23,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZWE0MzAwYWY1ODg4NjI5MWVhOTUyY2U0OGJiZTQyMWI/s(w:640,h:360)/tag/000/424/496/3c8707a2.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZWE0MzAwYWY1ODg4NjI5MWVhOTUyY2U0OGJiZTQyMWI/s(w:640,h:360)/tag/000/424/496/3c8707a2.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 67677\r\nx-rsic-processor: 20020\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 07:32:07 GMT\r\nx-envoy-upstream-service-time: 58\r\ntiming-allow-origin: *\r\nx-77-nzt: kgGgVC9aN2omc+1emPDp5m7puTXiU1ujMdExKpHKSQlCVUrG5f77Oac\r\nx-77-nzt-ray: 56376635299b48f10c58c469deb56738\r\nx-77-cache: HIT\r\nx-77-age: 224147\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":67677,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"4992fd7469991588fa2a5a8d3a2708d3","sha1":"5426c9b2a2d4236ef72cca4fa7588f6d0319d15b","sha256":"4ff4f424d7e581cc1b65247011bcf3ffb8caa649119a079da870818755769f73","sha512":"ffa39133a1e29bf8b516a77498b6ec576dedbf1cc6f2d1aacc926dc35872492d76686135a1e66a2c7acbda41a73f5b882f08096865d14fa4cd9db35d51d27df9","ssdeep":"1536:jTTGcBL9AnF/Xw48yt5zJWWEmhYkYdjLbaGDJ3/79MI+twVeUC6GvPo:jTT3d9AW48E5zJRZWZjqGDJwtwVeU3SA","tlshash":"6a6302398d8eb8ecf08ae673216fbd567a7af25528c2a79c338f0557f2c0871558e411","first_seen":"2026-03-25T21:48:31.230562Z","last_seen":"2026-03-25T21:48:31.230562Z","times_seen":1,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"add2.pornhx.shop/bt.js","fqdn":"add2.pornhx.shop","domain":"pornhx.shop","tld":"shop"},"ip":{"addr":"104.21.8.151","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pornhx.shop","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 07:58:48 GMT","end":"Tue, 16 Jun 2026 07:58:47 GMT"},"fingerprint":{"sha1":"97:3F:CA:B2:89:69:32:C4:6B:F8:8F:DC:BC:EE:EC:3B:10:06:2C:69","sha256":"34:35:9B:58:8B:48:2A:76:E3:E2:69:1F:C6:EF:E4:9F:B6:A6:E9:9C:36:50:FB:1A:1D:84:5D:EE:7E:E7:E2:63"}}},"request":{"raw":"GET /bt.js HTTP/1.1\r\nHost: add2.pornhx.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Mon, 23 Mar 2026 05:30:34 GMT\r\nvary: Accept-Encoding\r\netag: \"69c0cffa-2603\"\r\nexpires: Thu, 26 Mar 2026 06:23:27 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nage: 12269\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g8LRcJ4c4BrDAk7czVji5aYe6ObNlVa50L8RRm9fJKhBSybWIiZOdzysiGQzN2TIvwmCMyZriItdx9bEKXI4Ybil1hLDGE5XJLKDmS6g561IUeNwFv4txWZ2ufcxriEXAieo\"}]}\r\ncf-ray: 9e211df05dcc56f6-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9731,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4824)","md5":"3f3327df4a8e8efbdc7910ff0ae9fcad","sha1":"98e765acf67268debfe9c6ee349b5522713aac8b","sha256":"4f47361ad8384b9d268b80e66fc43c9740e06bdfcee54dd7c3067d63ba79cd9d","sha512":"f47c2ba18235bb30210a6f4247e73deaaf239913e6178d977e90fee6608d78e0b2f79492f400596568507608cca9ee420485df3e8507b03f80f458b3044a15d9","ssdeep":"192:XjlhU5YtvxG1eKVStC8APvI0r4Bz5AhoUFtvR1exWStC+WAPvI0r4Bz5Ahx1:XjLU58xG1eKwn2hoUDR1exzM2hD","tlshash":"47121a580bef53be7ea3e560659622e588de73347293d8ac5b1715a280c1dcda0c7c74","first_seen":"2026-03-25T11:06:41.033845Z","last_seen":"2026-04-03T19:20:49.98782Z","times_seen":13,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":42,"connect":8,"send":0,"wait":15,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MWE5YzMyYzMwNTkyYjVhNzMyZGNmYThhMjhlZTM2YWU/s(w:640,h:360)/tag/000/425/467/f77cb26c.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MWE5YzMyYzMwNTkyYjVhNzMyZGNmYThhMjhlZTM2YWU/s(w:640,h:360)/tag/000/425/467/f77cb26c.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 48823\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:56:34 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kmQ6TOhnUt/EBxFMZ/4gk1eAaE2W9Pxsl3OBftgvbdEAVedXETwvEXk\r\nx-77-nzt-ray: 56376635299b48f10c58c4695df72e38\r\nx-77-cache: HIT\r\nx-77-age: 215481\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":48823,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"faabf99805e82039fe8d475d25aed06f","sha1":"26f0eabcfa02077977e43dbaf4301dd2e1a82f9f","sha256":"a681c19eb63c6a8b02075d0d8233a3d8b566dcd14da33906ed122adb0c82e6c3","sha512":"ab027ced1b78fe44e68117fdddda2fed6a567964f9675ccdfea8cfbf956f28aeacc3ed9b0e3cf43263462d10c7711fb731417e80b1067dfe7bd12656cf3573d9","ssdeep":"768:r5lFT2BUp1DkjBpRowpLGH378SrUlvC61s9E62wLTsKsoAN3XN2zQAorSzG74f4X:r5l0mpKVA3ASrU4FuwLO7NNncGc4D+0","tlshash":"d32301c9e285b397e4f90e3d09994f6489e99034bad674dc618b10481dccb33fd307a5","first_seen":"2026-03-25T21:48:31.234282Z","last_seen":"2026-03-25T21:48:31.234282Z","times_seen":1,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":16,"dns":0,"connect":0,"send":0,"wait":24,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZmEwMmI5ZTUyMzkwZDczOGFhODgyY2EyZWJlNGM5MDc/s(w:640,h:360)/tag/000/424/518/c1f3ea9d.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZmEwMmI5ZTUyMzkwZDczOGFhODgyY2EyZWJlNGM5MDc/s(w:640,h:360)/tag/000/424/518/c1f3ea9d.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59589\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Wed, 01 Apr 2026 08:03:09 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kuAPWvaDno40r3aefY3oMbAZdgbwjSKf8U2FcXRJ1/3M2bB3hdAlFcc\r\nx-77-nzt-ray: 56376635299b48f10c58c46947313138\r\nx-77-cache: HIT\r\nx-77-age: 49477\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":59589,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"bc0371c4f3ad45221cdb55a1319ef263","sha1":"5ca65862720cd3ba441ef38075b1fbf4e24df66f","sha256":"5483f0900b79b23978bd9880177f1068b4fa4d4280d69259ebeb002397894abc","sha512":"8ddf6c50d074355065e45da78dd49d6605dbd90c8c8022b7934f853af959cfe1b32f9892fb9a3175a1d5b9ccd1265fe9bbca9aa55b33d8336766b82da3b1b002","ssdeep":"1536:r9rQb9HA2vkcFjk0RaLoPUWwWenbqaIH0/9/5Im9EehFYyT:rGb9HA2vj1k0goUWEneaIK9BWi","tlshash":"3f4301c89438e592f0c951b92c189fd40dd8e0d459e8d42b79cc885ee63bb329ae780e","first_seen":"2026-03-25T21:48:31.236022Z","last_seen":"2026-03-25T21:48:31.236022Z","times_seen":1,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":24,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/M2FmOTY0ZmNjOTA2N2FiNWMxMGY4ZGYyZDk5OTFlNGI/s(w:640,h:360)/tag/000/424/538/4f2c0e43.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/M2FmOTY0ZmNjOTA2N2FiNWMxMGY4ZGYyZDk5OTFlNGI/s(w:640,h:360)/tag/000/424/538/4f2c0e43.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 69193\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:21:16 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: korc2WQ34tdyzSj9gRKI5FsVHcXjkYlvr/a5BjVs8TzgPEEQfI3CT3k\r\nx-77-nzt-ray: 56376635299b48f10c58c46973bf7638\r\nx-77-cache: HIT\r\nx-77-age: 217556\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":69193,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"b4683bd28cb54c2cb66c859637457f88","sha1":"d9d4998171e0b1fd3bf77221cd2fb079560c17cc","sha256":"a084239a63f5e1d325346947d8aafdae706f485ddc1dbe1677580ea16e7ecf86","sha512":"38480eb04323c51df76201729d2ddb64eb52d357b172637b75c1307f7ba966667448ea27789b29c68c9acc14604504bfee5e63c80e935a625342f6c92923009d","ssdeep":"1536:rKzqDABG36LwhqpL/E/rg+OD+xPvE1fMSAcAV3I0KiKBqn:r4Q6LWqpw/r7OaNvm0vINEn","tlshash":"576302e6b278bfacf05a15b52fcf1b048ad259043b9b8396b6110c1bcf913e115785cb","first_seen":"2026-03-25T21:48:31.237588Z","last_seen":"2026-03-25T21:48:31.237588Z","times_seen":1,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YzM0NDY1Zjk0MzViNTU5OGViNWExODk5YWFjOTBlYWQ/s(w:640,h:360)/tag/000/000/084/67da1d89.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YzM0NDY1Zjk0MzViNTU5OGViNWExODk5YWFjOTBlYWQ/s(w:640,h:360)/tag/000/000/084/67da1d89.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 54642\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Sun, 29 Mar 2026 11:43:22 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kvVc8W3NFqcL7hRiMe32KqXFJ+vqCmSz8DHrXCes9xK6I49u9koWoho\r\nx-77-nzt-ray: 56376635299b48f10c58c469f2eefb38\r\nx-77-cache: HIT\r\nx-77-age: 295447\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":54642,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"b86d348a9efd5eaf9cb47e42ea5203ff","sha1":"3fd080edfe3440b790316cc039ab985c30995119","sha256":"5fbbc93ac2cfa48e4fd8a90c41ebbb084a9fb7452629512bccbc003b9c3623cb","sha512":"8205221c5f25c2ac6eac9b7bf5160884a6bb7fcc192ab16a8d4380513045d1d67a36859c5181e6eb000856756511b153247b70ad87089e69d4e229a58a28f2ee","ssdeep":"1536:rUsOFJQHaNSz45BBwQP0h1ADSL9bwMHG9w:rdSQ7+zPMh19Lm9w","tlshash":"153302f20e913ac5f143b5309d971a29eef2187780b93da547c8732c3b36a8919ec613","first_seen":"2026-03-25T21:48:31.239239Z","last_seen":"2026-03-25T21:48:31.239239Z","times_seen":1,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/css/dh.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /css/dh.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ytRvPS2CnjDZ5aRVw6ABakt5SvRs8Wq3v9B8nxbdWWtQzdK2zweH6aRq5QW0YCNAFkXmCSHlDFG4xBXxD8ZCBh5R0sGyrtgNHlM8zOwrtjvgBwBrleAk9lwvQM3wQ1aaK2W7\"}]}\r\netag: W/\"697fc41b-2b5\"\r\ncontent-encoding: br\r\ncf-ray: 9e211df02d93a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":693,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"dc5e6db39409d2b7939ff16a603b1ef8","sha1":"026233b3ff84950cdddc7e042e454e22412d3e57","sha256":"e934ee37396e088274863f619d195a48b74572bf46fb2dbd7566b94413d2fe9c","sha512":"23504bdfcef35ccc561e463dc79113299fcd5836e08387e75a01e185ef20e6ce0b0d93c9456740c34a98bd20f71e8dd940f3d9c654e41e660264fe56ee6497dc","ssdeep":"","tlshash":"ce01fe61da1f00087c0b75158f6aa284d249e673b70fc725fe919104ef8a19861e33c8","first_seen":"2026-03-25T21:48:31.240723Z","last_seen":"2026-03-25T21:48:31.240723Z","times_seen":1,"resource_available":false,"data":null}},"time_used":551,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":551,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MjE5ODM5YWZlYjUzODMxMmMxYmU4MTNjYjVmMzAwZWM/s(w:640,h:360)/tag/000/425/497/4902ce92.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MjE5ODM5YWZlYjUzODMxMmMxYmU4MTNjYjVmMzAwZWM/s(w:640,h:360)/tag/000/425/497/4902ce92.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 60960\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 07:32:21 GMT\r\nx-envoy-upstream-service-time: 347\r\ntiming-allow-origin: *\r\nx-77-nzt: kvN966aW61oNZWDffOoVY+0N8qaKCbR/M6T2blJ8qQIi06YZ2eKWRAY\r\nx-77-nzt-ray: 56376635299b48f10c58c469df06cd38\r\nx-77-cache: HIT\r\nx-77-age: 224129\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":60960,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"edcfb9c7af386befe23df27848b95a6f","sha1":"59b64286ea36efad7dea4700d46f1ccf41a3c465","sha256":"4991ee846f3e7387e14daa3ecb9b6cb5b63cc0fca07e285e48810f830b735cb2","sha512":"f2721903711b3b5ae6cedce126449d38cee2a8d35d4e6a704598bf3c26cf79e016d0d53a6b8cab197582f3640cd5a450e609666274e477c1adc93be9627298c6","ssdeep":"1536:rFzkMp87igo5VuNvtY+CIwgXukPn4uNxn0SVbkT:rFz02gsM3okP5Nx00i","tlshash":"fa530286130592f6fcb386f6ac957f3045afedddc8c0868413d91ca952869708a9dbd3","first_seen":"2026-03-25T21:48:31.242229Z","last_seen":"2026-03-25T21:48:31.242229Z","times_seen":1,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3iUBGEe.woff2 HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/static/css/css2.css\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 22796\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-590c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TNxsDlKj0X4QVlcaBOzfAq5MUewAs9l59roiN5O3oZZzXoN9msJKIQXFbzBXE29iwLhPGR2S66vEBoIpDmWi8ukloU9q6Q8amM3T9joCty2GnA0HKUIk96vAogXLc4eGOU5K\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df96e6ba618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22796,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22796, version 1.0","md5":"40ee6416c01f7a00cb9e1c3cef551f68","sha1":"dff6282f80563c09ed0d584f15fdc0fc0078731f","sha256":"c06ca3fcbc5f7c37ebb7c86a69502009911ecd8183811bae02f9b1fbb0541ddb","sha512":"6293ab4181cce6ae2140852417a8d81131e5a52d93637d994bb17e9f4d93452b17da6da06617c92e490c35ebd6b3b6f14489d09573a7ff9e7c07731c92710c82","ssdeep":"384:hY6ouPRl620of01sAAPBVW+5W9WS/wt6uOYGTervhySpK07Iu0TDR:hY6ouLJMAPBVFDS/M6renpv7Itx","tlshash":"aca2e0a9894cd4c3d12bcbb416518e9112ae5b8149510e276dd4e5ce9ceefebe0fc80b","first_seen":"2025-01-09T02:03:52.091649Z","last_seen":"2026-04-05T03:08:54.48041Z","times_seen":18067,"resource_available":false,"data":null}},"time_used":706,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":534,"receive":172,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZjAxZTlmZWNkZmNkZGYwM2NlOGE5MmUwZTQxZDRmMGE/s(w:640,h:360)/tag/000/424/551/ef4eff31.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZjAxZTlmZWNkZmNkZGYwM2NlOGE5MmUwZTQxZDRmMGE/s(w:640,h:360)/tag/000/424/551/ef4eff31.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 46644\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Sun, 29 Mar 2026 11:43:49 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: ktXCfrVgPB8tXApO9xmG86GiU4VO4FMoTc+FvXRjATBqaFBBh97WCHE\r\nx-77-nzt-ray: 56376635299b48f10c58c4699c9edd3a\r\nx-77-cache: HIT\r\nx-77-age: 295443\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":46644,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"a227b46831dd2897d20fae8b1384e978","sha1":"f952b609bc0ea44e09edb4b06fb32b2248bb0c74","sha256":"6365bb071177c4db8b10da4b466268928d9bf55387206a07646781b9f8725695","sha512":"ac64f4611e54d7ca9dbfe456c53a9cb124f3cfed283173f37a4d478dac69466870506d57a95a6451ff850ab9d9860aef04dec3c74eee1da438448827d720aff4","ssdeep":"768:TcL72xGKbU9GuWjVMZIHnNd7Nay+7VKDQVj9Q9rXHUzb9MAw6Z0AU:TgCxGBGTjVmInL7YyI4DQg9rkzb9M3l","tlshash":"c623f1a31b42ceacf2414fb742fddd6a03e97c32374f09b95b58ea6a46411f5e04a41e","first_seen":"2026-03-25T21:48:31.24495Z","last_seen":"2026-03-25T21:48:31.24495Z","times_seen":1,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":64,"dns":42,"connect":11,"send":0,"wait":8,"receive":44,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhpingcdn.com/a/YjA3ZjIyMTllZmY5M2ZmZTMyZDFiNDgyOWQwNGUyMDc/s(w:640,h:360)/tag/000/424/491/cc5f8f79.jpg","fqdn":"ic-tt-nss.xhpingcdn.com","domain":"xhpingcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YjA3ZjIyMTllZmY5M2ZmZTMyZDFiNDgyOWQwNGUyMDc/s(w:640,h:360)/tag/000/424/491/cc5f8f79.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhpingcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55669\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:55:12 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: klU+LM6aGH2VI+feemWB0+gjj9S/sF39UVQ/G3H41sHfZ7priQ\r\nx-77-nzt-ray: 56376635298e49f10c58c469f84a1b38\r\nx-77-cache: HIT\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nx-77-age: 215564\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":55669,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"6464b69f49183bf3e323c4de697012c7","sha1":"49d4efcfc78094b064cb3f86e0f423a04eb779a7","sha256":"77fe9beb210988fc0fdb2e5f2eb5ef649eb83cbb452945465ead7ddee8cb6b07","sha512":"eaee1a175fd2edf88f22d741abf685025db38a32713842984dff089c2a61db48bb5a275a47b027d02fec262980ce927e867042e1b4d9891433f4f7572ae7bda3","ssdeep":"1536:j486YTVA44CVO+WcOFGODZous9Vpb9nFJjzOAe:jhPwPXFGODW/fbj4","tlshash":"9843f1a715e1cab5f6470dbaf41aef78db57b448a2bee1933f98130898c21704d78841","first_seen":"2026-03-25T21:48:31.246557Z","last_seen":"2026-03-25T21:48:31.246557Z","times_seen":1,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":18,"connect":10,"send":0,"wait":11,"receive":13,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/mon","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:01.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2618\r\nOrigin: https://www.xyjdh.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2618,"data":"e=37dfbd8ee84e00126deac332ef45829d9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57148f6d2717071a10acf9f29f673dfbe0f875504a6fe37a7251853b8a64c4073803219204085e360358c2ea694634a031b737884fa1c629ec4036ec1f276818db4de546e093d5c13cb42c15e36c85eb002fdf53641d355693c47f3bbf2bf3ba87fc4851bd5997d060b675852c8740fb6130af2d1bf91f566375954f2aadcff4f263e46daf40d612f04a6f73a0c7402c6821069a67899c19f00535f983c77b0f2f7489ce31218884421e385863455ee69c26722e04acff4a2a88a3f17bc6e25d77492aa3a2a7c5cd76bddbde09e85ec8586f31dff488eba3269adfeb6a953612c3bc8b700a1ce5392becd0576ef1c7bc33c818b70fe8d040dc1c94926098616bcd8676c634d392a0fcd6bbee4a7ebe67fef3e8354360e9c16991a850f11017428803488fd1d19a91a6cb70c96a88de99a538a03c7b74dc2865d483920e7f86a633bb06e3945d8670bf3d1a0b5eda20ad1c848ae36feb966c8b1de195c6c17dc2574f79fa13541d3e487487f4238f46dec18a66939974ebd0629a8eeaea768ab3f1546b72c8b11e489bf9495f01d5e2e933fa7ee3be4ee5f233a060b267c720884d82f678be4e35eebc8f74232d225f38013716aae18e64ce06ab58474328f8a852d698190de2a5d6babd6edef0edfc87fbb3ec424f3dff5b9bbf596f865f7812d7625b6d71ff7bae7105dfeac36b967dd42d8cb731cebe0985660923201e61149dc1f8c63b7a5186054395d2b4a7a29e165ccaa2b76f97d1727cdfd6163b6cfb96d0485bfd7cdb24cd41a459ed6998b016bcf820fe89cb97c11370e5f23a7d8371a189b4ac139e6b3d0844e6302052f7f92bec861db4f8d1ae55df9b95774b6e13ac37b904b454b5866d9235462346336301933de4ff7702b918aad196618c85499e6861ed512a3e9583bc1648ac35ac9c1ada1b23541bf86a50ddfc862c920860f8d044f88083ed8a40c64f017757e07d24529c920440a87cbaafd3278ecffe4e0029e0782a0904cf1558fa8bae4553826871cf85d8029a85a8c5583ea86ff8543f14de44227fd5d20c5d9989a085a0a019e126b4378370d38503d8ffa96825e58340c19ebaaed6b19294725086b86009c7238052ce4cebf62fa0dd80\u0026cri=Ph3ADveBA4\u0026sf=1\u0026dc=IysvNydQNyAgNyAgNyBRfGd%2BfjcgUSAgJDcgUSI3IFEiNyBRIjcgUSI3IFEiNyBRIycgITcgUSI3IFE3ICA%2FNyAgNyBRIjcgUSMlJis3J1Y0ISMvNyVQNyAgZTcgIDchUyMlIDcgUTcgIHo3ICA3IVMmIDcgUTcgIHBNNyAgNyFTJzclVjQlIy83JVA3ICBhNyAgNyFTIjcgUTcgIH83ICA3IVMiNyBRNyAgZTcgIDchUyI3IFE3ICBwTTcgIDchUyMiNyVWNCMmIy83JVA3ICBhNyAgNyFTIzcgUTcgIHBNNyAgNyFTIjclVjQjJysvNyVQNyAgdyI3ICA3IVM3ICBkPHV3ZlBzZmZ3YGs3ICJ7YTcgInx9ZjcgInM3ICJ0Z3xxZnt9fDcgIDcgUTcgIHBNNyAgNyFTIjclVjQhICQvNydQNyVQNyAgcDcgIDchUyI3IFE3ICBhNyAgNyFTNyAgIjcgIDclVjcgUTclUDcgIHA3ICA3IVMiNyBRNyAgYTcgIDchUzcgICI3ICA3JVY3J1Y0JyAiLzclUDcgIGI3ICA3IVM3ICBFe3whIDcgIDcgUTcgIH43ICA3IVM3J1A3ICB3fD9HQTcgIDcgUTcgIHd8NyAgNydWNyBRNyAgenE3ICA3IVMmKjcgUTcgIGV1ZDcgIDchUzcgIF93YXM3ICA3IFE3ICBldWA3ICA3IVM3ICB%2BfmR%2FYntidzcgIDcgUTcgIHBNNyAgNyFTISc3JVY%3D\u0026cp=1\u0026gtm=-\u0026gac=-\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tb=1\u0026ich=1\u0026ws=0x0\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1001\u0026mo=0\u0026pn=2835\u0026spn=1834"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.xyjdh.com\r\ncontent-type: application/json\r\ndate: Wed, 25 Mar 2026 21:48:01 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/css/clicked.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /css/clicked.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DNKggWe%2FXIXSPyUtPtpr6yvFhoi8ksvX6JkK6vmfGkOB5rEPPFa1xlFHbxBY4mQqYMup5PWIylyyUQSWWdn%2Bp3s4UWWjZ3LtlzI3tNexONCjeGlbExmABcqENQ60Tsjpqe80\"}]}\r\netag: W/\"697fc41b-23d\"\r\ncontent-encoding: br\r\ncf-ray: 9e211df02d97a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":573,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"591e7b940459593b772c5eb594e6eba9","sha1":"66602a29c1cf8ab493fb6c7975776cefd1dda987","sha256":"b8ecc1f2408bb7ff34176477720bb1f53db2dd33cf50e693cc3105614a8c7a23","sha512":"aab86b5fa8eb94335276cc87b2b0433bfd37a283a22a173bee6e20b613c1e8f2e0bc0770f5f7ce3e250f098f0e205935272b7f9b7bc2c58fb77e4c4bd8babf52","ssdeep":"","tlshash":"bcf02482d9123d036213e1681ee0d69f637a44871d86cbe93c4e60548f4f695bd61be6","first_seen":"2026-03-25T21:48:31.247941Z","last_seen":"2026-03-25T21:48:31.247941Z","times_seen":1,"resource_available":false,"data":null}},"time_used":611,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":611,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/cn.gif","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/cn.gif HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 366\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-16e\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LC0F27YcNzQW%2BOx4PFzAuTckiJRwxgc8drRucVpunVXZCusfzO51ASe1tipYVJMlzyOgYnNs4vDdwDD33QS27X%2FYtKPccO%2BAxRXoUUB3qN%2BwrFnxRL2e6lPZyrP48elv0MdS\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03da8a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":366,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 11","md5":"b04190e287f32d56867cd6ac53fdedcb","sha1":"1279108c36134e560713eed538bcc0128c2b5cc1","sha256":"c2652b280087b6479b7703779da4be80b4c621edbf465e34f5e5314d8835a84c","sha512":"e7a9410af1799e53f0dacaeaeb31e234169d7d0a974d9d176bc93c20f38978ed9fd7369b5e3c7d7169c261db9fb055c71a36441b13a6177c0a2caff43c9b05e3","ssdeep":"","tlshash":"ade0c053c909ad25f91eb671ca192a0ef48527e102991192ba5a053fe0c363d6f07a63","first_seen":"2023-05-08T14:18:10Z","last_seen":"2026-04-04T17:53:00.451447Z","times_seen":764,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/picture/de.gif","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/picture/de.gif HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: image/gif\r\ncontent-length: 362\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-16a\"\r\nexpires: Fri, 24 Apr 2026 21:47:57 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cR%2FKopd8ebXCRhUI%2FedjdpbPNjQT54Mg3t8lim9MTaldrneRVCIXJheyP1N1XHaTsFOYbIGDl%2Fsva8xhVK2JRknFqmbFzYny%2F4gl09HseJeRXbsdDDcfhKDD%2FXRgUVWwDqib\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03da9a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":362,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 16 x 11","md5":"b0dbdccf1c4e4a267a5cd2bf7ea4cb69","sha1":"d2b74fbbeb420a6be350e4554233e6db3685f970","sha256":"4ac4ccd6f0702c91e9251cb2b4bcbfd5854f6cb1d274dd2623f42e38ef7532d5","sha512":"210551c69eb2a70e4a25f821e4a138a6862bb5c9e67b9f7d046dedb342a939b22ae72385aa8ffb27bcd2b019b41c4d837c8d15de14f4d2326f252105e86336ac","ssdeep":"","tlshash":"cce06072a93c4940f6300c3cb0bc116abe31604c2cb42fd573020abaaa30623040ec3c","first_seen":"2023-05-05T23:36:20Z","last_seen":"2026-04-04T20:15:41.759168Z","times_seen":1280,"resource_available":false,"data":null}},"time_used":520,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":520,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"euob.iseaskies.com/sxp/i/581749a3c1e7922374ca9b3d4dff0407.js","fqdn":"euob.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"3.167.2.15","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:47:59.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Tue, 20 May 2025 00:00:00 GMT","end":"Thu, 18 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7B:90:59:C5:25:A5:54:35:8D:34:EF:76:00:0F:68:DE:EE:D1:D0:3A","sha256":"91:50:8B:21:77:9D:F2:A8:6B:CB:4F:7C:49:E6:C1:33:29:D3:E9:D0:6A:75:60:70:6A:B6:05:9D:06:68:3A:E2"}}},"request":{"raw":"GET /sxp/i/581749a3c1e7922374ca9b3d4dff0407.js HTTP/1.1\r\nHost: euob.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 45174\r\ncontent-encoding: gzip\r\nserver: Caddy\r\ndate: Wed, 25 Mar 2026 11:48:09 GMT\r\ncache-control: max-age=43200\r\nexpires: Wed, 25 Mar 2026 23:48:09 GMT\r\netag: \"1dbed-eueXP4aww75/L9ok2iLk26cxYvc\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 53019ee090f087ca6c6fa860098bcd80.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: zK6SbL2QoA6XO13pQSwSldrsV2sH-a7hs2u9xNIyxDZWH7EG2pDmow==\r\nage: 35990\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":121837,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"8e6ce6066cfcc8a1bfd4187946dcf711","sha1":"7ae7973f86b0c3be7f2fda24da22e4dba73162f7","sha256":"7593b4b19ef7912604a0b74bca5807891cd770f09cd8f5b8f06a8d97b3fe41a1","sha512":"5539d6a5244d23cbc9db027a8ec1a0e3dd722ce17879a61275b8d0d3b6a5dbab93568985515772389c86d1b87c49873ea2fc9c2af20901486405abe6925e67ef","ssdeep":"1536:XOuWmlw1et32zEb0wu0RnWuGyVxlicnYtMolHAEh8sqrfje+wUK8LonhdbErReK9:+4lwAIP0RGyARWsqumrRnwl8ke","tlshash":"f1c3d6adb2f27025439335a5147f410ae27b1e543c4b8290d17ae9d4ac7ce8e857bfac","first_seen":"2026-03-15T13:53:38.580289Z","last_seen":"2026-04-05T05:53:31.655204Z","times_seen":7403,"resource_available":true,"data":null}},"time_used":109,"timings":{"blocked":50,"dns":40,"connect":2,"send":0,"wait":4,"receive":3,"ssl":7},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZjYwYWUzYTk2MzQwMDUxMDQxMjdmZDc5OTVmN2ViOTA/s(w:640,h:360)/tag/000/000/424/ebf16c24.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZjYwYWUzYTk2MzQwMDUxMDQxMjdmZDc5OTVmN2ViOTA/s(w:640,h:360)/tag/000/000/424/ebf16c24.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 60642\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:19 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: khWkt3rkS2GHf4BkOXFV38mbTVF6wKOxgdGrTWkG02ArzGZj6hAa6gg\r\nx-77-nzt-ray: 56376635299b48f10c58c46978615338\r\nx-77-cache: HIT\r\nx-77-age: 118103\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":60642,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"9abe4af69902e0ecb18ddaae0992264a","sha1":"08346a7663ca4aaec5a48458910f6663fe7889b4","sha256":"650b864f6191322866891c36dcbd08f32c87d75915205ba8ee7d9d33385284f2","sha512":"53723f6405d8879eff8be3b95d640f5de0cb956a8389b5cc97c7354bb3fe4e18762546859f5a41ec7c0a9817cfaba5e0ea1d58f841150114a865028ec4db443d","ssdeep":"1536:7bhGfcsdSIa5Pt5AFxJrGGLrsmYHeN0f9jHftD+/KlEM6w8:79GfcsAIaFUFDGGfuB/8/WLa","tlshash":"bf43e1a863d583c8f306117d4a7c7eb30356cac614c469b766de7c4c254bbb01aa76ec","first_seen":"2026-03-25T21:48:31.255426Z","last_seen":"2026-03-25T21:48:31.255426Z","times_seen":1,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":12,"dns":0,"connect":0,"send":0,"wait":24,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/js/main.min.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/js/main.min.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-32b78\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f7ZU3QSB6d2EPEdJ2JHyv7WSUbeRCe6JsSC8jnsw9k6PkPpK4ySVUEtTamKCbAtcj%2BchU1YcV4pKHylDM99890MisD7KLkMQqfDAeFq1WhoT9lpk9bJYVnoxoSh%2B9HLGTFz3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df09defa618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":207736,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"fc0bd39e7bc4f321955d0bf790687586","sha1":"b1d990a9469c123cd72e85b7c81415e64518935e","sha256":"d7a2405d387f18d1f8bc0fa7f482640eee59497932874e3bcf8bd72272cb4b37","sha512":"880d36fa51e741d59fedb539c4dd01bec0971596a35a2ad1faa834441911de4e967fd2011ba971eae2e1e87e166abb4bdf90ae821698188824f8126e7482a4ca","ssdeep":"6144:IPIy6PultluPQ47GK3Dhhv4V4qXlzOeDH:IPIPurlu7DhhgV4Dez","tlshash":"4c142ac872d1747216b730b6006f500bb132597aa90e8850f16ee8f5adbce8d5277f6e","first_seen":"2024-10-27T00:15:19.551996Z","last_seen":"2026-04-03T19:20:49.970307Z","times_seen":201,"resource_available":true,"data":null}},"time_used":846,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":674,"receive":172,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/search/redirect.php?f=http%3A%2F%2Fexploreonlineresults.com%3Fdn%3Dxyjdh.com%26sksubid%3D35961519%26_slsen%3D0\u0026v=ogcym18EOR0meUH9qXSRvKXkSQ6OKpaRd0AcE7LJ_4lRx12RdUoRZrLBvj18EfMo80elWwMil6TzGpRZmv6ADBWG8ovABfo78HGqUNdx1BQqGLYaQPtOQ9bKea46Mxh6x01XySdA5YAPOlbuykDuktrXLeUZlwRuOziIEZe0pLqQUMVXeVuANwQeOJezwzX3Cdt\u0026l=ogcjJDDfF1lLNKzhVVCKyQG56YN63ruWnvFwc0B8rYJ1rsYSjW2u7u26I9eicThPfVNrF-jjodv-oyXiISt2F-cRsDLuZvlc4WfagxwuWmMHrXpCG545bVle48w0ceNpRrL4njVAzmIxz4cyaZA-8t0a9mrGsuMI5E7ran66Ex8I3FkRd9X4x-MQYtNIgzY7F5lBB6LtVd9DhF39YWbSJFRdVZT5YMBlHy44gYp3w34LGCBkPr5G9G296a3t7DhLsguBzcbTmfH9Kg0sHIRKgkDlhXrp0UNt4O0Ha50NOP45mliHppm_WjUd-Cm6fwErAltTV7hz34dBOOXydhBmPUdBhgSRM_XGrsbc8JFXylYdKv4QijxKWO_6GWRihOFVwNxkshHXu-1wgNbvQCRUfVrFmTY01jI_h8lEvYFYPt443rl-u4933Yn3nLQRLhhroWtqK-hSWGJkrSdtfbribrCy5icCuBKVsmVaVoEEWkBeUMvng00xL-M_MVbkR9dbvsTm442-03h-UYpi125HqS8Mbi3eihTzIQZH_d_46cxbtTweHy4XnDRvsLvNhq4lWatuG40ds7210sBTx-zLTIiqaufc7-5ewQwv1xm6wNR3ttS92Eh6l29VYdf3A24-Yl-rr6adxleOuPFX07DzGa9GPp5StRM6yk2quzPNn7ZMWXQdqfRpxpY0o0s00cje8LCKlK9QFwlrMvZbpVL37KQ","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:48:00.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xyjdh.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:DD:55:CD:E7:92:D0:DD:93:4E:8C:54:70:94:7F:3B:C7:9F:0C:CC","sha256":"7E:CB:49:6F:68:5D:36:37:F4:CB:DF:98:DE:A2:79:78:ED:16:CD:22:67:DE:D7:C1:E3:00:F4:2F:AB:9C:3A:37"}}},"request":{"raw":"GET /search/redirect.php?f=http%3A%2F%2Fexploreonlineresults.com%3Fdn%3Dxyjdh.com%26sksubid%3D35961519%26_slsen%3D0\u0026v=ogcym18EOR0meUH9qXSRvKXkSQ6OKpaRd0AcE7LJ_4lRx12RdUoRZrLBvj18EfMo80elWwMil6TzGpRZmv6ADBWG8ovABfo78HGqUNdx1BQqGLYaQPtOQ9bKea46Mxh6x01XySdA5YAPOlbuykDuktrXLeUZlwRuOziIEZe0pLqQUMVXeVuANwQeOJezwzX3Cdt\u0026l=ogcjJDDfF1lLNKzhVVCKyQG56YN63ruWnvFwc0B8rYJ1rsYSjW2u7u26I9eicThPfVNrF-jjodv-oyXiISt2F-cRsDLuZvlc4WfagxwuWmMHrXpCG545bVle48w0ceNpRrL4njVAzmIxz4cyaZA-8t0a9mrGsuMI5E7ran66Ex8I3FkRd9X4x-MQYtNIgzY7F5lBB6LtVd9DhF39YWbSJFRdVZT5YMBlHy44gYp3w34LGCBkPr5G9G296a3t7DhLsguBzcbTmfH9Kg0sHIRKgkDlhXrp0UNt4O0Ha50NOP45mliHppm_WjUd-Cm6fwErAltTV7hz34dBOOXydhBmPUdBhgSRM_XGrsbc8JFXylYdKv4QijxKWO_6GWRihOFVwNxkshHXu-1wgNbvQCRUfVrFmTY01jI_h8lEvYFYPt443rl-u4933Yn3nLQRLhhroWtqK-hSWGJkrSdtfbribrCy5icCuBKVsmVaVoEEWkBeUMvng00xL-M_MVbkR9dbvsTm442-03h-UYpi125HqS8Mbi3eihTzIQZH_d_46cxbtTweHy4XnDRvsLvNhq4lWatuG40ds7210sBTx-zLTIiqaufc7-5ewQwv1xm6wNR3ttS92Eh6l29VYdf3A24-Yl-rr6adxleOuPFX07DzGa9GPp5StRM6yk2quzPNn7ZMWXQdqfRpxpY0o0s00cje8LCKlK9QFwlrMvZbpVL37KQ HTTP/1.1\r\nHost: www.xyjdh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/link/a.aspx?id=cdxxxx\r\nCookie: _cq_duid=1.1774475279.JzknKbkwVFKsH5tr; _cq_suid=1.1774475279.qBhS2vjDSZ9NQzV1; _cq_session=1.1774475279788.UlgvgxEMpSduN5sR.1774475279788\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 25 Mar 2026 21:48:00 GMT\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Wed, 25 Mar 2026 21:48:00 GMT\r\nlocation: /search/tcerider.php?f=http%3A%2F%2Fexploreonlineresults.com%3Fdn%3Dxyjdh.com%26sksubid%3D35961519%26_slsen%3D0\u0026v=ogcym18EOR0meUH9qXSRvKXkSQ6OKpaRd0AcE7LJ_4lRx12RdUoRZrLBvj18EfMo80elWwMil6TzGpRZmv6ADBWG8ovABfo78HGqUNdx1BQqGLYaQPtOQ9bKea46Mxh6x01XySdA5YAPOlbuykDuktrXLeUZlwRuOziIEZe0pLqQUMVXeVuANwQeOJezwzX3Cdt\u0026l=ogcjJDDfF1lLNKzhVVCKyQG56YN63ruWnvFwc0B8rYJ1rsYSjW2u7u26I9eicThPfVNrF-jjodv-oyXiISt2F-cRsDLuZvlc4WfagxwuWmMHrXpCG545bVle48w0ceNpRrL4njVAzmIxz4cyaZA-8t0a9mrGsuMI5E7ran66Ex8I3FkRd9X4x-MQYtNIgzY7F5lBB6LtVd9DhF39YWbSJFRdVZT5YMBlHy44gYp3w34LGCBkPr5G9G296a3t7DhLsguBzcbTmfH9Kg0sHIRKgkDlhXrp0UNt4O0Ha50NOP45mliHppm_WjUd-Cm6fwErAltTV7hz34dBOOXydhBmPUdBhgSRM_XGrsbc8JFXylYdKv4QijxKWO_6GWRihOFVwNxkshHXu-1wgNbvQCRUfVrFmTY01jI_h8lEvYFYPt443rl-u4933Yn3nLQRLhhroWtqK-hSWGJkrSdtfbribrCy5icCuBKVsmVaVoEEWkBeUMvng00xL-M_MVbkR9dbvsTm442-03h-UYpi125HqS8Mbi3eihTzIQZH_d_46cxbtTweHy4XnDRvsLvNhq4lWatuG40ds7210sBTx-zLTIiqaufc7-5ewQwv1xm6wNR3ttS92Eh6l29VYdf3A24-Yl-rr6adxleOuPFX07DzGa9GPp5StRM6yk2quzPNn7ZMWXQdqfRpxpY0o0s00cje8LCKlK9QFwlrMvZbpVL37KQ\r\npragma: no-cache\r\nserver: Parking/1.0\r\nx-cache-miss-from: parking-79cf8c95dd-mrldr\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MTQ5MDlmMDRhOGEzZDcyZGFiMDdjNmU1OWE2ZGQzOTY/s(w:640,h:360)/tag/000/074/540/cde6e284.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MTQ5MDlmMDRhOGEzZDcyZGFiMDdjNmU1OWE2ZGQzOTY/s(w:640,h:360)/tag/000/074/540/cde6e284.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 48740\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:05 GMT\r\nx-envoy-upstream-service-time: 3\r\ntiming-allow-origin: *\r\nx-77-nzt: khyoRQYNvF6KdqoGFAoAFFgrY3ZE7mNDC3V5na036UfEb0bp8Tk/h84\r\nx-77-nzt-ray: 56376635299b48f10c58c469777f4c38\r\nx-77-cache: HIT\r\nx-77-age: 118127\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":48740,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"f7abf7d43ceba3b19e90077b8dcf11d5","sha1":"54c70ba8b0164a1a72a5c8c2cffdadf9c5b0ad3c","sha256":"39aa85ac750543a32960acbe6b6cf7f04760b0acb59573951b24539ebff9944f","sha512":"af33bcf2c60aca678f1f6fc38ec29113cae88ab49dae41c6f8b00b3e80911a441a7e7448ca09be6238b99a6c7a5e749ec1707c9add61fbfdc780b9750d36db73","ssdeep":"768:7EUe08/zwIxMlUlVvHmOpFm2uT6iA/k3T9wTCxsCZ5+a/R6x5e+Hdu5mJSF:7EUe0ucI+SQ+FmjT6iAM35Q+ZF/Ag5a8","tlshash":"5b23f210f9b20deafe716a765c45fe2e65eb907d201de73751cc3ac8ac29040bb5594c","first_seen":"2026-03-25T21:48:31.257753Z","last_seen":"2026-03-25T21:48:31.257753Z","times_seen":1,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":24,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MDEzMTg2Nzk5NThiNDY4MDc0OTYyZjdjYWQ0YzU1ZjQ/s(w:640,h:360)/tag/000/000/664/46ecba05.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MDEzMTg2Nzk5NThiNDY4MDc0OTYyZjdjYWQ0YzU1ZjQ/s(w:640,h:360)/tag/000/000/664/46ecba05.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65333\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:35 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kvpX59yo5Mr/aN2fob0e5c2UUHAkijmnR6eW5OW9BE6TsNaS9CzumME\r\nx-77-nzt-ray: 56376635299b48f10c58c469337f6538\r\nx-77-cache: HIT\r\nx-77-age: 117998\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":65333,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"c0ec2c49615fabdb6ab32534080e6a61","sha1":"e76cbb9f8927eef0734801fd2f632497a15201f1","sha256":"7c420ef2f2703ae9ffd793a0b666a10a542b89ac8b0f0bd30d797c5e65fdef84","sha512":"06e81d4fafe65f91c60b9ce2900a05c18be0f4082ab2209951a18b4eef64079318259657db8ccfe5d2ada18f94519b4f9b3b21a4ef41c97bab57aabbbafb18ee","ssdeep":"1536:7pYaldrIy03yefhQ8RlkrJ4hZOhRAFS2LnCK1Lb0ShnYNP:7pYawnCq5ArJ4h3SmCK1LDnYNP","tlshash":"ea53026705894381f40a6232f2debfe8eeca6545eb824398ffd7d02d1c5c6f9e459184","first_seen":"2026-03-25T21:48:31.258917Z","last_seen":"2026-03-25T21:48:31.258917Z","times_seen":1,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YTVkNGJiZjEyZGVkNTc4OTdkN2E4MTk1MDUxZjhlMWU/s(w:640,h:360)/tag/000/000/230/cf54c95b.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YTVkNGJiZjEyZGVkNTc4OTdkN2E4MTk1MDUxZjhlMWU/s(w:640,h:360)/tag/000/000/230/cf54c95b.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 51900\r\nx-rsic-processor: 20018\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 11:01:19 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kqsADDjF2ei2/kIwUjeW+WA+hyFUv5v+RZY7X9b4tUW0ZZaJLge2Nr0\r\nx-77-nzt-ray: 56376635299b48f10c58c469a1527338\r\nx-77-cache: HIT\r\nx-77-age: 470780\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":51900,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"ad371fbf0bc9dd36565c7e5703db06f3","sha1":"e6fa066e3aa1d304d720d7d676010ef3dc12ff45","sha256":"a59d40f3ef875ca6a876b553383aad17d7bece3fa67b20eea37bdae09a7c9990","sha512":"9e14eb928de82e1563e774cc600a3b87fb2988c545aa521fecc9899ffdb010c4e4d9f2f7b904c2143740ce6ea04e9cbf49e96beca9d7ff97e4a52f14ab831538","ssdeep":"1536:7hRUtLQAru+XtIy8fGYNV0sbz5gd/yBAf5j6m0:7hiLnyyU02udPfl70","tlshash":"963302bda0f136eaf973277bd4402a38c5771ea387053853d5c148a663b72f9060ba21","first_seen":"2026-03-25T21:48:31.260159Z","last_seen":"2026-03-25T21:48:31.260159Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/link/a.aspx?id=cdxxxx","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:59.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xyjdh.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:DD:55:CD:E7:92:D0:DD:93:4E:8C:54:70:94:7F:3B:C7:9F:0C:CC","sha256":"7E:CB:49:6F:68:5D:36:37:F4:CB:DF:98:DE:A2:79:78:ED:16:CD:22:67:DE:D7:C1:E3:00:F4:2F:AB:9C:3A:37"}}},"request":{"raw":"GET /link/a.aspx?id=cdxxxx HTTP/1.1\r\nHost: www.xyjdh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://r1s6.cdxxxx.live/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 25 Mar 2026 21:47:59 GMT\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Wed, 25 Mar 2026 21:47:59 GMT\r\npragma: no-cache\r\nserver: Parking/1.0\r\nvary: Accept-Encoding\r\nx-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_BCf3/V8mi5UmiEWKLhfHKupUG60oN4TnmDP4rpy3K+yLU0uA94h9l9aKlIMnIi/gP58hL6P4hIG0RNEUClMXIg==\r\nx-cache-miss-from: parking-79cf8c95dd-4p8kz\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4156,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1250)","md5":"776043b6e444c30b65e06026264c09ff","sha1":"e73ee04a996842ab5972fd9e0ba5e94e2def00f5","sha256":"cb754edb9b20dfa7987a595aacbbb74e379190c7be8603447c44b1d6d099df57","sha512":"ce1bdb4024acaf31788a255a385165a2583f72addf059c5169f90c7bda7fb353083f6a246e43cc0cf5da303ceadb8fc8ad90ab36cb5acd89455460ea1a84e32b","ssdeep":"96:5iE5tluBFAHigDk9isEblaSdH0v3UIkEwMyWSsIA:5i4OAhkUsEbla+jIkEwMyXrA","tlshash":"f581ea89a8e1901d8113a0acfdb7ed2d0232f167f509ca947c9c51685fc5a3cef93a9d","first_seen":"2026-03-25T21:48:31.261343Z","last_seen":"2026-03-25T21:48:31.261343Z","times_seen":1,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":82,"dns":0,"connect":30,"send":0,"wait":57,"receive":-1,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/mon","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:05.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1862\r\nOrigin: https://www.xyjdh.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1862,"data":"e=37dfbd8ee84e00126deac332ef45829d9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57148f6d2717071a10acf9f29f673dfbe0f875504a6fe37a7251853b8a64c4073803219204085e360358c2ea694634a031b737884fa1c629ec4036ec1f276818db4de546e093d5c13cb42c15e36c85eb002fdf53641d355693c47f3bbf2bf3ba87fc4851bd5997d060b675852c8740fb6130af2d1bf91f566375954f2aadcff4f263e46daf40d612f04a6f73a0c7402c6821069a67899c19f00535f983c77b0f2f7489ce31218884421e385863455ee69c26722e04acff4a2a88a3f17bc6e25d77492aa3a2a7c5cd76bddbde09e85ec8586f31dff488eba3269adfeb6a953612c3bc8b700a1ce5392becd0576ef1c7bc33c818b70fe8d040dc1c94926098616bcd8676c634d392a0fcd6bbee4a7ebe67fef3e8354360e9c16991a850f11017428803488fd1d19a91a6cb70c96a88de99a538a03c7b74dc2865d483920e7f86a633bb06e3945d8670bf3d1a0b5eda20ad1c848ae36feb966c8b1de195c6c17dc2574f79fa13541d3e487487f4238f46dec18a66939974ebd0629a8eeaea768ab3f1546b72c8b11e489bf9495f01d5e2e933fa7ee3be4ee5f233a060b267c720884d82f678be4e35eebc8f74232d225f38013716aae18e64ce06ab58474328f8a852d698190de2a5d6babd6edef0edfc87fbb3ec424f3dff5b9bbf596f865f7812d7625b6d71ff7bae7105dfeac36b967dd42d8cb731cebe0985660923201e61149dc1f8c63b7a5186054395d2b4a7a29e165ccaa2b76f97d1727cdfd6163b6cfb96d0485bfd7cdb24cd41a459ed6998b016bcf820fe89cb97c11370e5f23a7d8371a189b4ac139e6b3d0844e6302052f7f92bec861db4f8d1ae55df9b95774b6e13ac37b904b454b5866d9235462346336301933de4ff7702b918aad196618c85499e6861ed512a3e9583bc1648ac35ac9c1ada1b23541bf86a50ddfc862c920860f8d044f88083ed8a40c64f017757e07d24529c920440a87cbaafd3278ecffe4e0029e0782a0904cf1558fa8bae4553826871cf85d8029a85a8c5583ea86ff8543f14de44227fd5d20c5d9989a085a0a019e126b4378370d38503d8ffa96825e58340c19ebaaed6b19294725086b86009c7238052ce4cebf62fa0dd80\u0026cri=Ph3ADveBA4\u0026sf=1\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tb=1\u0026ich=0\u0026ws=0x0\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5007\u0026mo=0\u0026pn=6841\u0026spn=1834\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.xyjdh.com\r\ncontent-type: application/json\r\ndate: Wed, 25 Mar 2026 21:48:05 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xx.haobax.com/addimg.php","fqdn":"xx.haobax.com","domain":"haobax.com","tld":"com"},"ip":{"addr":"104.21.20.166","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"haobax.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Feb 2026 09:38:36 GMT","end":"Wed, 20 May 2026 10:37:25 GMT"},"fingerprint":{"sha1":"CF:EB:0F:0E:72:E2:EF:06:B7:03:00:9A:ED:D6:9D:D1:F7:CE:F8:D7","sha256":"50:B8:83:FA:E5:3F:FE:03:35:1A:A5:49:2F:4B:51:61:7A:D0:EC:FC:F3:F6:D7:A9:28:B0:49:B0:F8:24:C8:BF"}}},"request":{"raw":"GET /addimg.php HTTP/1.1\r\nHost: xx.haobax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://images2.imgbox.com/34/53/JpbP5LK9_o.gif\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f3wr51g2FaJ%2Bc1jABUaYf42TOGlO7B8%2BfYWwEg7MiwRbOnfT6HlonWqAhCl1aG1ueVWZ9zkhKP2IjY5I9b0vW9m6MnbydzCRXLJ9r5ip6ugc1W4WajPkgUp2FWrnMrwa\"}]}\r\ncf-ray: 9e211dfb1aa25621-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1629308,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":622,"timings":{"blocked":117,"dns":31,"connect":8,"send":0,"wait":374,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"xx.haobax.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/css/black_orange.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/css/black_orange.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-1f64e\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cKpaBWUS37dEzF04JwuuMe%2FlvT3AffdDltxkbCq3itXteX7H8on14%2Bk%2BUKJmsjar4islLcNo7sIg6H32KXsaGpZzO9eqBVAji8XsYB%2BdGIGKOn7CpjiuyPsmqwvKWKfWevl4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df02d8ea618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":128590,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"38dcacc1f07e7d415983e9aa7f197f4c","sha1":"4b2074ee1807ba90ffe87fcebdaceb631f6eb5ba","sha256":"f434dff875c7e65c312fca9f6b7f9aa69668a2a23848d6e28893749032d57c26","sha512":"81633e194a4a68090a12574e939556ff02084c250c9e2dacd8dcc006f5ae6d96c62e2bad19c0e4dbfc03047c4ec7ab069bf6f0ea83d3f390cc147f2f241c03f9","ssdeep":"1536:GlBC47nGE27f+gxs5IVkaDugkqLd20U7pgCr4mw4gsmdxY+S3KZudT:Gm/xs5IVkaDzk2djOpgCr4mw4dm5OT","tlshash":"99c366a695610608381fa8141bda5b297378d013a54fdef97ed32048cfcaac995f3bcd","first_seen":"2026-03-25T21:48:31.262644Z","last_seen":"2026-03-25T21:48:31.262644Z","times_seen":1,"resource_available":false,"data":null}},"time_used":697,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":689,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/OGZhMjc5YzIzN2NmNmRhMWY3OWY1MmRhMWI2YTg4ZWQ/s(w:640,h:360)/tag/000/000/268/4678f405.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/OGZhMjc5YzIzN2NmNmRhMWY3OWY1MmRhMWI2YTg4ZWQ/s(w:640,h:360)/tag/000/000/268/4678f405.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 65492\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 17:48:39 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kiTyaZtfOYUNYJ6cghTP0Yuu4Q4N1e+yIDsSdhpKwLd6FeXQpPKnebs\r\nx-77-nzt-ray: 56376635299b48f10c58c469a27a7038\r\nx-77-cache: HIT\r\nx-77-age: 100724\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":65492,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"d25e5e6da1e9cf567717072920183e1e","sha1":"12f172fa536b463ef90a67bc5933cf2adfef2aec","sha256":"82b82192158405b94db1358c661868f3adf984223e891676e34a16ab923029fc","sha512":"dca413d32a885bd9a01c7ac54082aaccd5d964bb6457454b661d6f9864936c5ddb51e14a168f63c6c86586f9c4895c3e799884a34ae89406a992ad9aca046815","ssdeep":"1536:3XMy+4Wn7l65SGRPg21aQH28h9oFOzPAcYlt5I:3k17l65p5LaQR7oUEcuY","tlshash":"d0530278017247c5f4590a723ced96123def93910aa7099beda308b892b9353317d3ee","first_seen":"2026-03-25T21:48:31.264083Z","last_seen":"2026-03-25T21:48:31.264083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":25,"dns":0,"connect":0,"send":0,"wait":25,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZmJkODczYWI0MmMxYjg0MTY4OGY4YWRiZmM1ZWM1NWQ/s(w:640,h:360)/tag/000/425/661/04c280c9.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZmJkODczYWI0MmMxYjg0MTY4OGY4YWRiZmM1ZWM1NWQ/s(w:640,h:360)/tag/000/425/661/04c280c9.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 50912\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 13:25:39 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: ktyUkVl2YBjoIfG+w0UlKvIb2EpUl6nyVxw52iLlvr/UxlHIkVWn8BI\r\nx-77-nzt-ray: 56376635299b48f10c58c469a3e35f38\r\nx-77-cache: HIT\r\nx-77-age: 116536\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":50912,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"a55b33d417315c0de86f4de43f7c706a","sha1":"7309542377da34ae8bdcc116816ebe40ce0ea27d","sha256":"e69ffff51999bf80ac4d1dc592a806240aa69637e2ef8de62814b15634eb50ec","sha512":"3991fedc3386458e80f4c99b18ce6d5db2b9ba15ffa6b6a7963437a5bf7d45140bb7b7981dff16a310d012351fbb8ace020c1923d955c678bba69b4cdd5c9381","ssdeep":"1536:rbIGQWerYmTNfczD7FsS3Y5rMPkYm9my1ZHVF+4:rbJQWe5N0DauYa8vjZHVM4","tlshash":"48330229a74b5e0df085273144921ff372ed54dfd3adf62ba3c8605901a4ac90f1aa8b","first_seen":"2026-03-25T21:48:31.265759Z","last_seen":"2026-03-25T21:48:31.265759Z","times_seen":1,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/js/index.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/js/index.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-2887\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5ROg6nYNixHHTNsJo%2BmBVT8TDZkQ7meYnLrqVAmwtG%2B3c0kjFJzo8gw9R982RGXCy61PbQIJQ6uCsUj1MEvLWNZkS40YnLiJkjWbDRzgxQXVKkWTG9WkBqONbvkwMDTFSgO3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df0adfca618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10375,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"7c05fb131740cf918442acc2bd68cd64","sha1":"014a780801ab18d946f1cb3d21c134a60359ad4e","sha256":"ac1d30a8dab494c9c44b6eb00b45b3f28bec8605fa1b25944ab1a2c2811d67d8","sha512":"762c3f7028cce758e8c6fffb54bb85c830cb2e81274a9217a97cf85c2b7431787d38fff54c4a1e7093c2e6f974fa9059878accd51eba0f7fea3edda4c54f06ec","ssdeep":"192:r07tCCDkubLm2ECLePsNTa8QQUk738tVjlHnmyUA1AeKEhoMtA:HdC2mu9hfu","tlshash":"2c22f21cb4f66695007f357d0aaf99543764c463810acf04badc0ac0af8493c6bbba6d","first_seen":"2024-12-15T05:48:53.759434Z","last_seen":"2026-03-30T18:35:57.810846Z","times_seen":59,"resource_available":true,"data":null}},"time_used":527,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":527,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 15248\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"620188b3-3b90\"\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 322316\r\nexpires: Mon, 15 Mar 2027 21:47:56 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ypGhBo0uiP0Wxi3HRHMIjT79bG3DKpNWs0mOJm%2Fa9sCuVac8WOGGvXksKBuWuvXj8rMnnpHXkGc4CqV5sx4FISo3Xaci3H6pr1GvU5RSMNv5SZiqn8WEBosDFGvgQ8uh%2B59U2PZz\"}]}\r\ncf-ray: 9e211df05e27b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89220,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65317)","md5":"dfb8fc36e102730fddf78b5494eb0035","sha1":"b513d9a39af2ee145f12c1ba03f9982960c47029","sha256":"8d321d88cb97fdedc3189506c25de9292c6e73a60ebaab496243346c6404480e","sha512":"f6eb006b5d0844ed078689e9c80215a63af294fbe80f088f52229d5a4e6ddcfca8958d5c39de03484d066beae2e00b93ae83d1e5a42f5d4f710baa8e3e7cc57a","ssdeep":"1536:iUMVM6MVMkMVM9MVMNMVMispxd1zJJ29Nll3IV7UHsR+z:Dd1NY95IV7UMR+z","tlshash":"8a93a9e9e04c05d56732c44baf99b37ca5b6f73cd5810da9f02f580c19d26a822c6f7a","first_seen":"2023-04-06T16:57:15Z","last_seen":"2026-04-05T05:12:08.137728Z","times_seen":8599,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":10,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/trku.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /js/trku.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-46ef\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ikKxEXUbp%2Fcc3gDbOQA9GOKVtaGc2zfNZBAb6D43r5DqVldoblyr6YuPlmf4Njcyyn4kncbdC6TppFintJ1KX1PJ9%2B4EKVrT0QPhHbGPZH6Sg7%2BFfCEz2khcrAE7%2FwfubBWi\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03db2a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18159,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (364)","md5":"3c24e8eded28f1e66bb633491397e6f5","sha1":"7272bad10db468f4305f4a0bea123a56cd949e73","sha256":"0453341e998da6994b3433b46cb6180e21ccf70150462b66ff4e6f01551b04a2","sha512":"accd9dff6836b05714e942a37d6ee5ced05a47b75797d7da461e90a9da04a4260a04d076ef31cf209441408ed8b81e9adc4e86412d137abc545e32f3e525c759","ssdeep":"384:iQJEWV47EFV47EsvV47Esk9bMDlMTdU8L++ueIHQSsxVy3YsyqVmL+n+1wyOys+v:iUEWV47EFV47E0V47E/MqE+uelUIDnaw","tlshash":"5a8292e4fb4d252998bb201d54bf01c5713dd1376a0a8c97bc2ce4780fa4e4d25beb68","first_seen":"2026-03-25T21:48:31.269051Z","last_seen":"2026-03-25T21:48:31.269051Z","times_seen":1,"resource_available":true,"data":null}},"time_used":600,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":600,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/OTYxODRjMzhiYmMxZjRkYjU4ZjQ1Mjk5NjAxYzZmNGI/s(w:640,h:360)/tag/000/000/136/8968f242.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/OTYxODRjMzhiYmMxZjRkYjU4ZjQ1Mjk5NjAxYzZmNGI/s(w:640,h:360)/tag/000/000/136/8968f242.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 72228\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 17:48:28 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kjIbPwUxqLF8NyEepSlfnXv6L0nHsF7NQ5qr3UNY75vVyKRGALcu7cw\r\nx-77-nzt-ray: 56376635299b48f10c58c46900f66339\r\nx-77-cache: HIT\r\nx-77-age: 100719\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":72228,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"5024ad71c665c16d604ec3f2c7dcd6da","sha1":"0fffb68b10a9b4cab71a5bacba001a9c32947069","sha256":"3703bae90f41807700769c6a31fd620a5a81ab7ae7bd40f0e78d044ab3cf05e3","sha512":"b05120762efead2ea30b9ef31c89d5c3c7f2be4d7a0dc7424c678aa1c42d7967cb5306c35665ae7b998f2c3f0bec27b787cf2b2ac029c32feb675e2e92826dac","ssdeep":"1536:7O0xZ0YIIJ8fmv8tt4tBPKZZYQrd0UCOZBKUwP9kSuksNzjUP4ih8:7/aw8fmv8ttYBiZZfd0Uml9RS7+8","tlshash":"aa630242f1658f92f4b093faaf25db5636e72f97fa12488101ce88cefd6499741e0462","first_seen":"2026-03-25T21:48:31.270695Z","last_seen":"2026-03-25T21:48:31.270695Z","times_seen":1,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":42,"dns":0,"connect":0,"send":0,"wait":15,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ODg0Njg2OTU1MGM4OWY5YTg5ZjRmMDZhMTdjMzQ1YTU/s(w:640,h:360)/tag/000/000/008/f0086725.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ODg0Njg2OTU1MGM4OWY5YTg5ZjRmMDZhMTdjMzQ1YTU/s(w:640,h:360)/tag/000/000/008/f0086725.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 74797\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 07:33:10 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: ktmx3gydcpyOp52aE27yU6w0vnRjeGEJsMnpRBizhaYnG8heGSysMXk\r\nx-77-nzt-ray: 56376635299b48f10c58c469f1eda138\r\nx-77-cache: HIT\r\nx-77-age: 224082\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":74797,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 720x360, components 3","md5":"9c69a816901a795a6d44884ba8feb12e","sha1":"b4e71d1b6c42faac1f129638e5c44f7698a7b8a2","sha256":"f833919e76118390aca72b53d1bcc16a18bc85c4f342d3947cb8771392e81854","sha512":"ab8b12e72e3ee6d8ab9ca15e957ac2a092058207b57073dcf8420d3d10ef96b8504c82036cc58a9e950f3f7ecebd459820bee1c12a926fff5b5fce2936252a77","ssdeep":"1536:7210SJTP7eybzfJG58gj6rKAblsPVud/EI4TnAFYsXMaIUDI0:7+7PJs8gUdmgZEUYxa9","tlshash":"7f730265d6a62991eddec8b1b8172fba89c3207c74f6007eabc7401134dcfad8d994c1","first_seen":"2026-03-25T21:48:31.272806Z","last_seen":"2026-03-25T21:48:31.272806Z","times_seen":1,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NDI4NzM0ZmVkMzk2MWUwMmNhOThjMDZhODk5Y2YzNzg/s(w:640,h:360)/tag/000/424/521/06a0f972.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NDI4NzM0ZmVkMzk2MWUwMmNhOThjMDZhODk5Y2YzNzg/s(w:640,h:360)/tag/000/424/521/06a0f972.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 33951\r\nx-rsic-processor: 20018\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 22:43:42 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: knN3Bj7A00iRh66NYm1IN6RH8LFK2/N1rXQk0ZiZBfffazvAWG9fyoA\r\nx-77-nzt-ray: 56376635299b48f10c58c469781f5138\r\nx-77-cache: HIT\r\nx-77-age: 428638\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":33951,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"42c91599945be7dacd71669f922a49e8","sha1":"f8fb94ee841f702a2e9c8f88228e6f106d6ef1b3","sha256":"42fbec0cd06c69cf9988217ec1bafb96ae48483da30da07d51c79fd8a0bf2f3d","sha512":"f55e8f292c61208ca5158f6143dc3da9762c3b3f478c887f94f0cf19b04459fb68b90b69dcbd66d97194ca11f565906785576b00ecf5e8b2bbf015ca574e3287","ssdeep":"768:TTwlfmXkzC/1QT4h4jLd9HbWeMKtMglui3Mg+EVbdIpb3I/wykG:TTgZCdQT4hKLdZbWpMIqXF2YkG","tlshash":"77e2d011b3570a84fc0b567894b26a418f7bd604cab6b5b479f5c2ef186b21e0e68247","first_seen":"2026-03-25T21:48:31.274523Z","last_seen":"2026-03-25T21:48:31.274523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":24,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YzQxNTg1ZjdiZTgxMDVhNTg4YWFiYWM1MzkwMGU1MDE/s(w:640,h:360)/tag/000/000/527/0fe8b929.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YzQxNTg1ZjdiZTgxMDVhNTg4YWFiYWM1MzkwMGU1MDE/s(w:640,h:360)/tag/000/000/527/0fe8b929.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 86509\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 07:49:06 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kuVFWWzX0769VMgfiwGp3KNuYml2+Lgh9cMMvpdb/Xr4ymxr3A8nz/0\r\nx-77-nzt-ray: 56376635299b48f10c58c4690b324c39\r\nx-77-cache: HIT\r\nx-77-age: 482324\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":86509,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"76c8e2ea5d74eb2256506c689f8b0139","sha1":"afd563ecd4b1910d65e7e57abf4820975ce4bf54","sha256":"e851ab37862c7113fa6090d812f3fa7a8cf2b153299e968f9f8ad378faa66771","sha512":"e0576b5d5bd0e1c14e698a2c496a75c21dac820f2dd0cd6954dce124652fbf8608d241e26ab737fd756a1bdde6eabde750fc88f68e36953f3bd2b71545f8be69","ssdeep":"1536:rI28njZSxTQ81vxvABMeThls79QYLXbJTA5qq4sd/s4YjEiEjwNxqTu:rIfjgx08HpeTQ73VW1PVuonwHqTu","tlshash":"03830261c23195defe35473ac47f9f678ab8892f19ea61070a6e8c39ec64d14e90c381","first_seen":"2026-03-25T21:48:31.276401Z","last_seen":"2026-03-25T21:48:31.276401Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/ct","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:47:59.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"POST /ct HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4342\r\nOrigin: https://www.xyjdh.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4342,"data":"id=95200\u0026url=https%3A%2F%2Fwww.xyjdh.com%2Flink%2Fa.aspx%3Fid%3Dcdxxxx\u0026sf=1\u0026tpi=\u0026ch=Yahoo%20Test\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tsf=0\u0026tsfmi=0\u0026tsfu=\u0026cb=1774475279787\u0026hl=2\u0026op=0\u0026ag=2881387774\u0026rand=23296112626210615762201171021956159076171082711210523696719275822282015071578232127726002550\u0026fs=0x0\u0026fst=0x0\u0026np=win32\u0026nv=\u0026ref=https%3A%2F%2Fr1s6.cdxxxx.live%2F\u0026ss=1280x1024\u0026nc=1\u0026at=\u0026di=W1siZWYiLDYwMjNdLFsiYWJuY2giLDEyXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiXX0iXSxbLTMzLCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2UsZmFsc2UsZmFsc2VdIl0sWy01MCwiLSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy02MSwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMDExMDAxMTExMTAwMDAwMDEwIl0sWy03MiwiRXhVPSJdLFstNzMsIkVoUT0iXSxbLTc0LCItIl0sWy05LCItIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy01OSwiLSJdLFstMzEsImZhbHNlIl0sWy00NSwiNzUyLDAsMCw3MTksMCwwLDc2MSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy0yLCI2LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTU4LCItIl0sWy02MywiLSJdLFstNjQsIi0iXSxbLTY1LCItIl0sWy0xMCwiLSJdLFstMjEsIi0iXSxbLTM0LCItIl0sWy00NiwiMCJdLFstNDksIi0iXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTcwLCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiZG9SZWRpcmVjdFwiLFwiX19jdGNnX2N0Xzk1MjAwX2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy0yOCwiZW4tVVMsZW4iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDAsIjM3Il0sWy01MSwiLSJdLFstMTUsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLDAsMCxcIi1cIixcIi1cIiwwLDAsbnVsbF0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTM1LCJbMTc3NDQ3NTI3OTY0MywwXSJdLFstNTMsIjAwMSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6MTEzLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy00MSwiLSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy02MiwiNTgiXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEwIl0sWy01NSwiMCJdLFstNjYsIi0iXSxbLTEyLCJcIjFcIiJdLFstMTgsIlsxLDAsMCwwXSJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstNjAsIi0iXSxbLTY4LCItIl0sWy02OSwiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbImJuY2giLDIyNF0sWy0xNiwiMCJdLFstMzcsIi0iXSxbLTUyLCItIl0sWy00LCItIl0sWy01LCItIl0sWy02NywiLSJdLFstNzUsIihpbnRlcm1lZGlhdGUgdmFsdWUpLnNvbWVGdW5jIGlzIG5vdCBhIGZ1bmN0aW9uIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTIwLCItIl0sWy0yMywiKyJdLFstMjYsIi0iXSxbLTI3LCItIl0sWy0zMiwiMCJdLFstMzgsImMsLTEsLTEsODI1LDAsMTUsMCw2NiwxMzMsNTcsLTEsMCwsLDE1MDQsMTUwMyJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFVFcGNXRXBTVUZ4S0YxcFdWQlpLUVVrV1VCWU1BUWdPRFFCWUNsb0lYQTRBQ3dzS0RnMWFXQUJiQ2wwTlhWOWZDUTBKRGhkVFNnTUlBdzhQRGcwSkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hVRXBjV0VwU1VGeEtGMXBXVkJaS1FVa1dVQllNQVFnT0RRQllDbG9JWEE0QUN3c0tEZzFhV0FCYkNsME5YVjlmQ1EwSkRoZFRTZ01JQXc4UEFBb09GVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjFCS1hGaEtVbEJjU2hkYVZsUVdTa0ZKRmxBV0RBRUlEZzBBV0FwYUNGd09BQXNMQ2c9PSJdLFsiZGRiIiwiMCw3LDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMywwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDM0LDAsMTUsMSwyLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMSwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDEsMSwyLDUsMCwxMTQsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D\u0026dep=1\u0026pre=0\u0026sdd=\u0026cri=Ph3ADveBA4\u0026pto=1522\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1774475279.JzknKbkwVFKsH5tr\u0026suid=1.1774475279.qBhS2vjDSZ9NQzV1\u0026tuid=1.1774475279.NBWZNtg0GZFSdez4\u0026sid=1.1774475279788.UlgvgxEMpSduN5sR\u0026fbc=-\u0026gtm=-\u0026it=3%2C1178%2C64\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Oi15fzZz"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: https://www.xyjdh.com\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Wed, 25 Mar 2026 21:47:59 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ntiming-allow-origin: https://www.xyjdh.com\r\ncontent-length: 1294\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3736,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"545716a1d8e51c455e6e96175b72c20d","sha1":"7a6d05d1e9ab9f62398f087c60a69d3286ba2860","sha256":"a597547fa61f9398b6d327d752713d86683c0636652ec278295491d1c96c1e27","sha512":"fb464cb95c3b02b603fbba06b2137fed073c7ae03b629c31af0c5b08f049223e36de5033c2d277c482f413142d87d8ff733cfb714475b23f566a8af0e0348136","ssdeep":"","tlshash":"8e714c2656bd1e71427a0d63eeb2a48cc32b283638c34186d43af5c63e37779d540054","first_seen":"2026-03-25T21:48:31.278757Z","last_seen":"2026-03-25T21:48:31.278757Z","times_seen":1,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":144,"dns":36,"connect":34,"send":0,"wait":80,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126deac332ef45829d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57148f6d2717071a10acf9f29f673dfbe0f875504a6fe37a7251853b8a64c4073803219204085e360358c2ea694634a031b737884fa1c629ec4036ec1f276818db4de546e093d5c13cb42c15e36c85eb002fdf53641d355693c47f3bbf2bf3ba87fc4851bd5997d060b675852c8740fb6130af2d1bf91f566375954f2aadcff4f263e46daf40d612f04a6f73a0c7402c6821069a67899c19f00535f983c77b0f2f7489ce31218884421e385863455ee69c26722e04acff4a2a88a3f17bc6e25d77492aa3a2a7c5cd76bddbde09e85ec8586f31dff488eba3269adfeb6a953612c3bc8b700a1ce5392becd0576ef1c7bc33c818b70fe8d040dc1c94926098616bcd8676c634d392a0fcd6bbee4a7ebe67fef3e8354360e9c16991a850f11017428803488fd1d19a91a6cb70c96a88de99a538a03c7b74dc2865d483920e7f86a633bb06e3945d8670bf3d1a0b5eda20ad1c848ae36feb966c8b1de195c6c17dc2574f79fa13541d3e487487f4238f46dec18a66939974ebd0629a8eeaea768ab3f1546b72c8b11e489bf9495f01d5e2e933fa7ee3be4ee5f233a060b267c720884d82f678be4e35eebc8f74232d225f38013716aae18e64ce06ab58474328f8a852d698190de2a5d6babd6edef0edfc87fbb3ec424f3dff5b9bbf596f865f7812d7625b6d71ff7bae7105dfeac36b967dd42d8cb731cebe0985660923201e61149dc1f8c63b7a5186054395d2b4a7a29e165ccaa2b76f97d1727cdfd6163b6cfb96d0485bfd7cdb24cd41a459ed6998b016bcf820fe89cb97c11370e5f23a7d8371a189b4ac139e6b3d0844e6302052f7f92bec861db4f8d1ae55df9b95774b6e13ac37b904b454b5866d9235462346336301933de4ff7702b918aad196618c85499e6861ed512a3e9583bc1648ac35ac9c1ada1b23541bf86a50ddfc862c920860f8d044f88083ed8a40c64f017757e07d24529c920440a87cbaafd3278ecffe4e0029e0782a0904cf1558fa8bae4553826871cf85d8029a85a8c5583ea86ff8543f14de44227fd5d20c5d9989a085a0a019e126b4378370d38503d8ffa96825e58340c19ebaaed6b19294725086b86009c7238052ce4cebf62fa0ddd1c728f1ff958aa71928cfb8b8a951cb02d90e55375f\u0026cri=Ph3ADveBA4\u0026ts=316\u0026cb=1774475280103","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:00.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126deac332ef45829d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57148f6d2717071a10acf9f29f673dfbe0f875504a6fe37a7251853b8a64c4073803219204085e360358c2ea694634a031b737884fa1c629ec4036ec1f276818db4de546e093d5c13cb42c15e36c85eb002fdf53641d355693c47f3bbf2bf3ba87fc4851bd5997d060b675852c8740fb6130af2d1bf91f566375954f2aadcff4f263e46daf40d612f04a6f73a0c7402c6821069a67899c19f00535f983c77b0f2f7489ce31218884421e385863455ee69c26722e04acff4a2a88a3f17bc6e25d77492aa3a2a7c5cd76bddbde09e85ec8586f31dff488eba3269adfeb6a953612c3bc8b700a1ce5392becd0576ef1c7bc33c818b70fe8d040dc1c94926098616bcd8676c634d392a0fcd6bbee4a7ebe67fef3e8354360e9c16991a850f11017428803488fd1d19a91a6cb70c96a88de99a538a03c7b74dc2865d483920e7f86a633bb06e3945d8670bf3d1a0b5eda20ad1c848ae36feb966c8b1de195c6c17dc2574f79fa13541d3e487487f4238f46dec18a66939974ebd0629a8eeaea768ab3f1546b72c8b11e489bf9495f01d5e2e933fa7ee3be4ee5f233a060b267c720884d82f678be4e35eebc8f74232d225f38013716aae18e64ce06ab58474328f8a852d698190de2a5d6babd6edef0edfc87fbb3ec424f3dff5b9bbf596f865f7812d7625b6d71ff7bae7105dfeac36b967dd42d8cb731cebe0985660923201e61149dc1f8c63b7a5186054395d2b4a7a29e165ccaa2b76f97d1727cdfd6163b6cfb96d0485bfd7cdb24cd41a459ed6998b016bcf820fe89cb97c11370e5f23a7d8371a189b4ac139e6b3d0844e6302052f7f92bec861db4f8d1ae55df9b95774b6e13ac37b904b454b5866d9235462346336301933de4ff7702b918aad196618c85499e6861ed512a3e9583bc1648ac35ac9c1ada1b23541bf86a50ddfc862c920860f8d044f88083ed8a40c64f017757e07d24529c920440a87cbaafd3278ecffe4e0029e0782a0904cf1558fa8bae4553826871cf85d8029a85a8c5583ea86ff8543f14de44227fd5d20c5d9989a085a0a019e126b4378370d38503d8ffa96825e58340c19ebaaed6b19294725086b86009c7238052ce4cebf62fa0ddd1c728f1ff958aa71928cfb8b8a951cb02d90e55375f\u0026cri=Ph3ADveBA4\u0026ts=316\u0026cb=1774475280103 HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MGI1ODk0ODdlODY3OTYxYjY5ODdiZWFiZTBiYzQ5MzI/s(w:640,h:360)/tag/000/038/299/eff1c937.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MGI1ODk0ODdlODY3OTYxYjY5ODdiZWFiZTBiYzQ5MzI/s(w:640,h:360)/tag/000/038/299/eff1c937.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 68834\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:28 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: kmGmEyYs49LSbn4vN5ieIgB2q2APEqHSw5SvVwGFvyLlADirIhgK5gA\r\nx-77-nzt-ray: 56376635299b48f10c58c469cfe13238\r\nx-77-cache: HIT\r\nx-77-age: 118107\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":68834,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"80b00e4e871eed5c576fd9857a57967c","sha1":"c09135c2572bf26d7594281c936a6a0a4ca9f598","sha256":"ff0d11ae269fab2fb48d8df761a04674d9fd1ac0f13d5c3425f06b93b344bc63","sha512":"6f925a396f48f7bf62723cfed77e5ec479963f509842a4e9dd269f21ea8ecacedcce1507397ed40b1f66d5c97387c352d0ec18678915161610f3a29aa2c554be","ssdeep":"1536:Xv/m2qMRg23gma2JQc6YHQY8/aNep/5S6yh7fmIJv:X6gg23ybcLHQY8CNezBGfpJv","tlshash":"c46301517253afdcd468affb0aaf6da01fca6ae407217e4001d416704b36cc48e3b9e9","first_seen":"2026-03-25T21:48:31.280592Z","last_seen":"2026-03-25T21:48:31.280592Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":24,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YWM4MjgxYzE1MmQxNWYyZWEyYzk3NWExYTZkOGU5ZDI/s(w:640,h:360)/tag/000/424/534/ce09b408.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YWM4MjgxYzE1MmQxNWYyZWEyYzk3NWExYTZkOGU5ZDI/s(w:640,h:360)/tag/000/424/534/ce09b408.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 72572\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Wed, 01 Apr 2026 11:35:53 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kl3b/qt7iStQ30K/HImRP3EMmEkkgFUP1yr7otStILgOqYmEdwaljuE\r\nx-77-nzt-ray: 56376635299b48f10c58c4691fce4e38\r\nx-77-cache: HIT\r\nx-77-age: 36721\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":72572,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"84b96189f0b19ebb6baf6dfefe1d1399","sha1":"510a50e27d25eb4cd673652e5faacd0e007f853d","sha256":"2df1ef310223f74679a235f80f3d106c0bb4a36c100bea943e3d72d7242be220","sha512":"2f6a2e29d84b0f8cf90ce8402d4baa0836e97d731bff5f15a772d61adfc07a9440e6d78c96c0f0d8ce430a7a0267072c01934c9415e62074d80b1ba51ee549c0","ssdeep":"1536:jjl5/bv7rzREXaDlLa8G/M8cagWr8q1uU3RkSGapcx9UEBtVUFnsH:jj3v7piwlLa8MXr8q1uARkRjxrtVUa","tlshash":"2c630259d922018dfce3c9fb122e8f43302570d529e9791c06e78537aed61af463660a","first_seen":"2026-03-25T21:48:31.282084Z","last_seen":"2026-03-25T21:48:31.282084Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":24,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"258451d89367dfb28gg.dpscx6.com:8005/sc/7771?n=zkjddzxz","fqdn":"258451d89367dfb28gg.dpscx6.com","domain":"dpscx6.com","tld":"com"},"ip":{"addr":"203.107.63.189","port":8005,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.cmzdco.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:51:28 GMT","end":"Wed, 27 May 2026 09:51:27 GMT"},"fingerprint":{"sha1":"47:F9:2B:2D:51:85:5E:ED:2E:CB:5F:FE:A6:96:92:10:53:75:A6:A3","sha256":"1F:55:C9:BA:DA:06:8D:8C:E5:54:E7:43:0B:10:E4:96:00:80:ED:27:E6:AA:DF:E1:C1:F0:68:EB:E3:20:68:23"}}},"request":{"raw":"GET /sc/7771?n=zkjddzxz HTTP/1.1\r\nHost: 258451d89367dfb28gg.dpscx6.com:8005\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Wed, 25 Mar 2026 21:48:00 GMT\r\nContent-Type: text/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.6.31\r\nP3P: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=1800\r\nPragma: max-age=1800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.31","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":14888,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (14846), with CRLF line terminators","md5":"28aad47bd50021beaecdf315b3cc9ab7","sha1":"7525b6adf8f2a3255c6d039a12b7813d5e854206","sha256":"47a98d17dd181b46acdfffb579768ccbfccaa3d6b0ad38566e0a8d58d41558a4","sha512":"24262210d69a9807e331b09049214bd1108bb2bd27079786ef248915b26ce0b0d660dc9d0e80f360e0d605ab9a77664728b7d1f122886f6d4f47c8237b1b9003","ssdeep":"384:jZ4+KcF1YhOKV7JvBCw9gD2uuoZnH8GWmlNd5pq4JkvWVy:jZ4PcF1YhvNJvE4gJDZH8GWm1nqVn","tlshash":"9762f929ba91203b03976332bb7be24cf7379c585b010852c1357d913f29e56e69beb4","first_seen":"2026-03-25T21:48:31.283785Z","last_seen":"2026-03-25T21:48:31.283785Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3937,"timings":{"blocked":1677,"dns":919,"connect":258,"send":0,"wait":537,"receive":1,"ssl":543},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/static/css/css2.css\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40128\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-9cc0\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wuWSJd9gmhDQ4oWvzugU8F7nTvGvp0dhvBk0qRgGeYLGxsHdy1JeCXlz30a81mOiHFzAqriC03hzEQgxm%2BaAXZowl4qcV9gFSc%2B3yWW6AXMLPH9ihuxbHoGli6j2EYMuS%2Bjx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df95e5ba618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T05:46:26.363175Z","times_seen":716017,"resource_available":false,"data":null}},"time_used":828,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":501,"receive":327,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.0.0/webfonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://r1s6.cdxxxx.live\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 126828\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"620188b3-1ef6c\"\r\nlast-modified: Mon, 07 Feb 2022 21:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 492065\r\nexpires: Mon, 15 Mar 2027 21:47:58 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F7CT1tJSBPHD%2F%2BHy7OJrOv2%2BOhtODSf9D%2B1YWxdZ8ikjvP6cLpuEMo37qNiyOrgCe677U8jAKnj6kHcpN0%2BaD0x0ZuhO%2Bmaif0OVBJyqBJj22JGqogVd0ISOQmLZbmqeYWNQPRgN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: 9e211df97fa43181-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":126828,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 126828, version 768.256","md5":"297973a488f688271dd223d542ba2697","sha1":"ed99d812e4c88826335f93acede3fad85c90fb54","sha256":"1b099f88c06ed0869872561c157f0ec9cbe133a0939d9ece4ee1e1f54bd4683d","sha512":"83c802972d9fee9dd7e3c0de42d8636c504e65ff20e43406bb446cc95a16acaa21789a03f0e2006148abfe47100bbd0c66aa4cf98f11e9b0220f1dcdb5204f46","ssdeep":"3072:caEaIjBfXHk79vCMuMZhQqmiutWxJfU52qiAx+SMfd:caEaIf3kxa5aaVMaHAScd","tlshash":"9dc3120ef3299411c6f0af104c63d6d627617389ffd548c767993e768aac9e70c28ea0","first_seen":"2023-04-10T14:50:44Z","last_seen":"2026-04-05T05:13:16.8001Z","times_seen":7549,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":1,"connect":0,"send":0,"wait":12,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YzIxMGVhMjBlZTkwYTMwZTY2Y2I3YzNlZjZlMDA4ZDE/s(w:640,h:360)/tag/000/424/607/1711d0ce.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YzIxMGVhMjBlZTkwYTMwZTY2Y2I3YzNlZjZlMDA4ZDE/s(w:640,h:360)/tag/000/424/607/1711d0ce.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 44839\r\nx-rsic-processor: 20018\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Wed, 01 Apr 2026 13:12:49 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: krm+/hsBiHn7gwPc3Gu62ssgF7qAgeXPthxnyJCa2Zf9OMFZkDtUiUs\r\nx-77-nzt-ray: 56376635299b48f10c58c46972f62c38\r\nx-77-cache: HIT\r\nx-77-age: 30898\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":44839,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"32226ce06628926cd4b85be37c832a1f","sha1":"05f8f2abfbe69d2847c5cc621290466dee8b80b0","sha256":"65e23170577463e460dd22a170298a1af248481e017ed3a5cb37541c371606cc","sha512":"b419275db322a97bc9372ca1f6f4f2abdd1365b521c4678f13ded068e5b0c448140bb19c04ced75ed44307a3b1cee57ff55ce488b1bc111bb72931459f4e04b7","ssdeep":"768:TZj0xwV/6XaueXOkKkeDg3p5FvXKdhc2XUd7Iv3hNvQWRSut+p64GKzIN8:TZYK/6ZeXF26p5F/Kdhc9d7Iv3LQWRSV","tlshash":"331301b2ee4341cbd7a9427657d8cf10dfc6a6514b02c04989c7719e5ae7ce38fb109a","first_seen":"2026-03-25T21:48:31.286349Z","last_seen":"2026-03-25T21:48:31.286349Z","times_seen":1,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":25,"dns":0,"connect":0,"send":0,"wait":24,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NTNjNjRhOWRjOTcyZmY2NDFhNzM2NGJlM2NkMjE4YjM/s(w:640,h:360)/tag/000/425/482/7fbb9c21.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NTNjNjRhOWRjOTcyZmY2NDFhNzM2NGJlM2NkMjE4YjM/s(w:640,h:360)/tag/000/425/482/7fbb9c21.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 62907\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Thu, 26 Mar 2026 09:39:16 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: khC8l0iYl2czzgyORF6pTyS7bBXcFzWJn0GPll6opdgxyPGTYFwIBQk\r\nx-77-nzt-ray: 56376635299b48f10c58c4696dd7f43a\r\nx-77-cache: HIT\r\nx-77-age: 562114\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":62907,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"cd5aa03b6f8a688bc38a4e7b02dfa4d3","sha1":"01d45563b89baba86ed99a9e19fc724cc62281ad","sha256":"1c66e713d0277aacd4a469f9cb0848339c72dced5c7437f3582366a0c8dfe2e0","sha512":"99614a848e9a672dab5d267e03558dcd1308101ce08480a77e0d9cc4240511627b2d043192e00580b4f4293187c4b58707c2766ab1dbe001524b86fd8523a31d","ssdeep":"1536:rOOsZkrwZ2SEPe3UeP0hR0PQ1tMD2yXxtAnk1ytVL7ST:rMZkr+0aUEIRyQ1NmtikAViT","tlshash":"9c53019a4bb888cbfb3cfdb0c850ea2791c9bf05ce21a5fc2647590873197d7468651e","first_seen":"2026-03-25T21:48:31.288067Z","last_seen":"2026-03-25T21:48:31.288067Z","times_seen":1,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":64,"dns":42,"connect":11,"send":0,"wait":10,"receive":44,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:58.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/font/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/static/css/css2.css\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:58 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 40128\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\netag: \"697fc41b-9cc0\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0Tvn%2BS3dUscUoCk7GEcb9EQrRfeLnMHA21%2Bajsc8OWV%2BFEQQsnRDtpUwDZGOQ2q%2FZBkNDqYWheVELVuAP51PD5qZodoIG71erIR5SrI3WWNLOYJ5LaqtSl2UQGUsuUlOE1bt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df96e67a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-05T05:46:26.363175Z","times_seen":716017,"resource_available":false,"data":null}},"time_used":819,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":493,"receive":326,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/?mode=async\u0026action=js_stats\u0026rand=1774475278533","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:59.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /?mode=async\u0026action=js_stats\u0026rand=1774475278533 HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5; kt_tcookie=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:59 GMT\r\ncontent-type: text/html;charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JH9MR%2BgVxgSV1IKNHYsuvFozJwu1cmgKN%2BV8BxrCeaTRt3FcpCpUELLd1snV%2FUU%2Bj2IyJ2C8qxNV6ET%2BiD%2BqmG90r3DCo7P7fJwRwn6U6xIR3%2FM3Yns9iqxSBaskzBDKqgLe\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e211dfe6b2ea618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"4b4a20bbefeb78a2e7e6e7ed332c73a1","sha1":"48899a110be933a3314192486a9c918dda529b79","sha256":"d620aa58ffbe1db93766e58c99e6cf9690057f811205b32ffbc57047f612dec7","sha512":"6eaf7fd1c80df1b0b4f3db5ed89751e4012357113e15f6793191eff7ff3153fdf74ec82c6f994d0ee1bde5e33f1037b966946ddf964fe1da0af1886c2ee6ddf0","ssdeep":"","tlshash":"c9a00246dc028b1723f10432d632f22d7a6572959481f5c514e1c81521013dfb92f9ed","first_seen":"2025-05-09T16:42:36.030641Z","last_seen":"2026-04-03T19:20:50.003692Z","times_seen":13,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xyjdh.com/search/tcerider.php?f=http%3A%2F%2Fexploreonlineresults.com%3Fdn%3Dxyjdh.com%26sksubid%3D35961519%26_slsen%3D0\u0026v=ogcym18EOR0meUH9qXSRvKXkSQ6OKpaRd0AcE7LJ_4lRx12RdUoRZrLBvj18EfMo80elWwMil6TzGpRZmv6ADBWG8ovABfo78HGqUNdx1BQqGLYaQPtOQ9bKea46Mxh6x01XySdA5YAPOlbuykDuktrXLeUZlwRuOziIEZe0pLqQUMVXeVuANwQeOJezwzX3Cdt\u0026l=ogcjJDDfF1lLNKzhVVCKyQG56YN63ruWnvFwc0B8rYJ1rsYSjW2u7u26I9eicThPfVNrF-jjodv-oyXiISt2F-cRsDLuZvlc4WfagxwuWmMHrXpCG545bVle48w0ceNpRrL4njVAzmIxz4cyaZA-8t0a9mrGsuMI5E7ran66Ex8I3FkRd9X4x-MQYtNIgzY7F5lBB6LtVd9DhF39YWbSJFRdVZT5YMBlHy44gYp3w34LGCBkPr5G9G296a3t7DhLsguBzcbTmfH9Kg0sHIRKgkDlhXrp0UNt4O0Ha50NOP45mliHppm_WjUd-Cm6fwErAltTV7hz34dBOOXydhBmPUdBhgSRM_XGrsbc8JFXylYdKv4QijxKWO_6GWRihOFVwNxkshHXu-1wgNbvQCRUfVrFmTY01jI_h8lEvYFYPt443rl-u4933Yn3nLQRLhhroWtqK-hSWGJkrSdtfbribrCy5icCuBKVsmVaVoEEWkBeUMvng00xL-M_MVbkR9dbvsTm442-03h-UYpi125HqS8Mbi3eihTzIQZH_d_46cxbtTweHy4XnDRvsLvNhq4lWatuG40ds7210sBTx-zLTIiqaufc7-5ewQwv1xm6wNR3ttS92Eh6l29VYdf3A24-Yl-rr6adxleOuPFX07DzGa9GPp5StRM6yk2quzPNn7ZMWXQdqfRpxpY0o0s00cje8LCKlK9QFwlrMvZbpVL37KQ","fqdn":"www.xyjdh.com","domain":"xyjdh.com","tld":"com"},"ip":{"addr":"91.195.240.123","port":443,"asn":47846,"as":"SEDO GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:48:00.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xyjdh.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Wed, 27 Aug 2025 00:00:00 GMT","end":"Wed, 26 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B6:DD:55:CD:E7:92:D0:DD:93:4E:8C:54:70:94:7F:3B:C7:9F:0C:CC","sha256":"7E:CB:49:6F:68:5D:36:37:F4:CB:DF:98:DE:A2:79:78:ED:16:CD:22:67:DE:D7:C1:E3:00:F4:2F:AB:9C:3A:37"}}},"request":{"raw":"GET /search/tcerider.php?f=http%3A%2F%2Fexploreonlineresults.com%3Fdn%3Dxyjdh.com%26sksubid%3D35961519%26_slsen%3D0\u0026v=ogcym18EOR0meUH9qXSRvKXkSQ6OKpaRd0AcE7LJ_4lRx12RdUoRZrLBvj18EfMo80elWwMil6TzGpRZmv6ADBWG8ovABfo78HGqUNdx1BQqGLYaQPtOQ9bKea46Mxh6x01XySdA5YAPOlbuykDuktrXLeUZlwRuOziIEZe0pLqQUMVXeVuANwQeOJezwzX3Cdt\u0026l=ogcjJDDfF1lLNKzhVVCKyQG56YN63ruWnvFwc0B8rYJ1rsYSjW2u7u26I9eicThPfVNrF-jjodv-oyXiISt2F-cRsDLuZvlc4WfagxwuWmMHrXpCG545bVle48w0ceNpRrL4njVAzmIxz4cyaZA-8t0a9mrGsuMI5E7ran66Ex8I3FkRd9X4x-MQYtNIgzY7F5lBB6LtVd9DhF39YWbSJFRdVZT5YMBlHy44gYp3w34LGCBkPr5G9G296a3t7DhLsguBzcbTmfH9Kg0sHIRKgkDlhXrp0UNt4O0Ha50NOP45mliHppm_WjUd-Cm6fwErAltTV7hz34dBOOXydhBmPUdBhgSRM_XGrsbc8JFXylYdKv4QijxKWO_6GWRihOFVwNxkshHXu-1wgNbvQCRUfVrFmTY01jI_h8lEvYFYPt443rl-u4933Yn3nLQRLhhroWtqK-hSWGJkrSdtfbribrCy5icCuBKVsmVaVoEEWkBeUMvng00xL-M_MVbkR9dbvsTm442-03h-UYpi125HqS8Mbi3eihTzIQZH_d_46cxbtTweHy4XnDRvsLvNhq4lWatuG40ds7210sBTx-zLTIiqaufc7-5ewQwv1xm6wNR3ttS92Eh6l29VYdf3A24-Yl-rr6adxleOuPFX07DzGa9GPp5StRM6yk2quzPNn7ZMWXQdqfRpxpY0o0s00cje8LCKlK9QFwlrMvZbpVL37KQ HTTP/1.1\r\nHost: www.xyjdh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.xyjdh.com/link/a.aspx?id=cdxxxx\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _cq_duid=1.1774475279.JzknKbkwVFKsH5tr; _cq_suid=1.1774475279.qBhS2vjDSZ9NQzV1; _cq_session=1.1774475279788.UlgvgxEMpSduN5sR.1774475279788\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 25 Mar 2026 21:48:00 GMT\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Wed, 25 Mar 2026 21:48:00 GMT\r\nlocation: http://exploreonlineresults.com?dn=xyjdh.com\u0026sksubid=35961519\u0026_slsen=0\r\npragma: no-cache\r\nserver: Parking/1.0\r\nx-cache-miss-from: parking-79cf8c95dd-mrldr\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T05:47:04.311114Z","times_seen":13362114,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/css/css2.css","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/css/css2.css HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-3eb8\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PYO5X8WVZHUAzhvwLPtxsxZLLIZuHR509Km95eu%2FA4zmke2paaz7xTbZyt%2BEhA3TFBYRC0Qu8Fz%2Futnh58TtIIQMHAiF9O%2F68la4KwN9rycdLolNjHDMJ9XRStUdUxdVFZuw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211defed37a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16056,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1572)","md5":"11d95b80d4197a0cf94325aa2dba6a83","sha1":"58512f80cea557d328bbb8dbfdd854693f5975ba","sha256":"a83cbc6f94df0960a3057656d0e18c4e523f376aab6614f6533916050ce4d0db","sha512":"d3dd09afebc8f34b40536c593c529947a74097bd60ae08c8c8fa5d578d53f254ce8bcfebe58ec37a385023a54efb8f8d46b542f7f7f5648f5afcef64faa2e412","ssdeep":"384:nf38tBy4/qY4iU0JfeFkYyh/qY4bd9jfkPeCyb/qY4hnHq:xYpVSXZ","tlshash":"9e721b90081710009b839ce223cebf35fe5e92507145d0b5abfd5b6baddbcaa536939c","first_seen":"2026-03-25T21:48:31.290597Z","last_seen":"2026-03-25T21:48:31.290597Z","times_seen":1,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":613,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/js/jquery-3.1.0.min.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /js/jquery-3.1.0.min.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-1514f\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cISQXDVMe7OLVY2YSKNcDKTr83CHElOxwPP0vEdvrh%2F4LavW5lJb1i5wbJip84Cqm9NgOh44s56J1e68mz4GBjRbycs5iiOkaooQwPw2asedPzYbSR1GwQFoW9y9ujoNUv24\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df03da3a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86351,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32014)","md5":"05e51b1db558320f1939f9789ccf5c8f","sha1":"c72c1735b4d903d90dd51225ebefb8c74ebbc51f","sha256":"702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb","sha512":"ab3ad9a98fe431508461ebbf8029bc536f34d16cfef8b4c62b8a62b56fe2b30a426e3c3186c994c2578bd585da1c89a9b421c6d2f27053b2f2ed13b0dd9428c3","ssdeep":"1536:3dhEyijTikEJqRdXXe9J578goJsWXdLVhNLKz4DTAjnWotoZqwsRmKKH7UggYiTv:2Qcd5hNLxTwn3t0iUHiTDU8Cu5","tlshash":"4383e6d9b2c670529b7730b850bf450bb17a98dab44c8da0f068c5d47eb4a8d907bf2c","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T05:05:13.621395Z","times_seen":9685,"resource_available":true,"data":null}},"time_used":711,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/NjBjODIxMDI2ZmM5ZDI5ZjEwNGI4MGIzMWI3MDQ2ZjQ/s(w:640,h:360)/tag/000/423/669/a5beb3b2.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/NjBjODIxMDI2ZmM5ZDI5ZjEwNGI4MGIzMWI3MDQ2ZjQ/s(w:640,h:360)/tag/000/423/669/a5beb3b2.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 70058\r\nx-rsic-processor: 20019\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Wed, 01 Apr 2026 13:13:27 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: krMnUuW6ZDWNe9WiH2D5pTkqQEIAx8XpaOeYxv6YZKE95uvebfaHHHo\r\nx-77-nzt-ray: 56376635299b48f10c58c46917635538\r\nx-77-cache: HIT\r\nx-77-age: 30842\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":70058,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"1b7b9573544dcb984a05c38f811e9bbd","sha1":"776038ee0206f0ac33801a4a05b0f965cb6f6f05","sha256":"835da29398c20a3f4031e6ed12d8fca3e9e04fb809205ec399d6bbcf0f1f5250","sha512":"af1bef2544093cc8b8a39fe1732c39e2acb8777dc9c4403ce5811f2a1a352c042135571186c158cc6588c60e93902aa60470402ffbf3312190011f2e76fa368d","ssdeep":"1536:rg7v8zodtkhkZMcUorr3nQrY2F2GsAGYnyt9iDCBoZ+NFWV:rgMuK0PU2r3QHbPqdoZ+Nu","tlshash":"9763022011e39aa7f597ba304ddaf2efbfea493c5315186a25ccf46901698f38d510ce","first_seen":"2026-03-25T21:48:31.293Z","last_seen":"2026-03-25T21:48:31.293Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":11,"dns":0,"connect":0,"send":0,"wait":24,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MmE4NTQyMWQ3OGI5YmEzYWQyYWZlZjQwZjk3ZWUyMDc/s(w:640,h:360)/tag/000/423/653/d0b7e907.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MmE4NTQyMWQ3OGI5YmEzYWQyYWZlZjQwZjk3ZWUyMDc/s(w:640,h:360)/tag/000/423/653/d0b7e907.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 44541\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:21 GMT\r\nx-envoy-upstream-service-time: 3\r\ntiming-allow-origin: *\r\nx-77-nzt: ksrLSZeYPTEWfHWlfTW/lTFm2SZ8DXQp7CIVYpQfA/ew/+JOGEr3ZJU\r\nx-77-nzt-ray: 56376635299b48f10c58c469f8255d38\r\nx-77-cache: HIT\r\nx-77-age: 118108\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":44541,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"d1c690f46a3dc25bd09fdc52f04be3a0","sha1":"977d744758832fa77f7794774d4f505700131dc3","sha256":"efaebbe3a7ed2b81c10b7a4c739d26f57b0027437aaba4ad06d99e430b9cc3fc","sha512":"a05ab7220177883171aba7a80c630ce128803dcd0829bc5fc2e41fcf11a3f995c299c912556b6c32912ee68e5f658ac494486dda9dcc18028469be8cfd9033f5","ssdeep":"768:TcZ/7j6YiRG+VZnb0Rb1V8ZXwzQzE2CMKs1U4POCSyCsIROodBejJRAKWoJex6wQ:TKjxipb0RR+ZXwq8WU4POzzsIwoY1RAK","tlshash":"ef13f1febb71c5c7e6646331a1d26b525f84c491f278bb2816d0b600cb05a3ddc8caa5","first_seen":"2026-03-25T21:48:31.29465Z","last_seen":"2026-03-25T21:48:31.29465Z","times_seen":1,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":24,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/OTZmOTIyYzY0NGI5NWMzYmIyNGFiZGVmMmNlYzZhOWI/s(w:640,h:360)/tag/000/000/098/8c34c5a4.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/OTZmOTIyYzY0NGI5NWMzYmIyNGFiZGVmMmNlYzZhOWI/s(w:640,h:360)/tag/000/000/098/8c34c5a4.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 81169\r\nx-rsic-processor: 20021\r\nx-rsic-responder: 20020\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:19 GMT\r\nx-envoy-upstream-service-time: 56\r\ntiming-allow-origin: *\r\nx-77-nzt: krxYTtqeZTT4G/W0DDKzQCr4oB+Bawkv8myUtFNmvBQjFzZ5v5nOupg\r\nx-77-nzt-ray: 56376635299b48f10c58c46912936b38\r\nx-77-cache: HIT\r\nx-77-age: 118100\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":81169,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"3b926e081ada684e2521e93e379a00d5","sha1":"e84e864cb971c6399fcc0d1f41b5b357672385f0","sha256":"80f909f69c2610f1c895e86b33066d6475b8667fc402a09de1c48423f0f76b2b","sha512":"bb41ab77a58ec08afe3fe579b82df5f47e48bb4467ad5dce22e1326650d98ae388fa52c26a730b55ce09a0c5f186928ea3d740a0f7a78f113149342dd28d3e5f","ssdeep":"1536:jg4DoLfDnY1Dxl7lyZtcNo3+bJSpcIFC/in4BhrTd28bd5KBxYXLTWNG:jg4DvDx5l8qoMMpTC/in4BhlpbSYONG","tlshash":"9a8312ab47725b41fcc996b0f7c98b3369e8f0a2a9d2c1292757309c67d3027283ca55","first_seen":"2026-03-25T21:48:31.29623Z","last_seen":"2026-03-25T21:48:31.29623Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/ZGM0NzVhMjA5ZjE1NjRlYWY5NmE0MWI2NDNmMDA5MTc/s(w:640,h:360)/tag/000/424/554/32b8af32.webp","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/ZGM0NzVhMjA5ZjE1NjRlYWY5NmE0MWI2NDNmMDA5MTc/s(w:640,h:360)/tag/000/424/554/32b8af32.webp HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/webp\r\ncontent-length: 24990\r\nx-rsic-processor: 20020\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20019\r\ncache-control: max-age=604800\r\nexpires: Mon, 30 Mar 2026 09:59:17 GMT\r\nx-envoy-upstream-service-time: 1\r\ntiming-allow-origin: *\r\nx-77-nzt: kt1SSRJSoqD79zW349mR7s2Hc6zUpM9J05Bq6EyoROrHPsWewnsj5sQ\r\nx-77-nzt-ray: 56376635299b48f10c58c4699aaff238\r\nx-77-cache: HIT\r\nx-77-age: 215289\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":24990,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"378af9664223716a151d0c673977fe9a","sha1":"02794645799f9f7cc07ffbf44c3cc14a5e05b9be","sha256":"2d7954becd798ae4bcd0ac625470b82171efe907209c701863bd07555890d338","sha512":"0007051447ffd7242be96dae9a93078bf0469309234587b483ff473de279641cbab9d1ff9454bcee41acd2bf32f8210f4207d5590f099cd4e49c8dd2db4ed4cb","ssdeep":"768:nrrhW/gdO766ziX1cz3re6krFOLBf40Ri4yb:nrr8gdG66ziyDq6kCJRjyb","tlshash":"37b2f1eccf23d5dae916c171620236423271dff75af9a4c0ea18363a56a38b61662334","first_seen":"2026-03-25T21:48:31.297885Z","last_seen":"2026-03-25T21:48:31.297885Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/add.php","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /add.php HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l%2BOR3dq7togyjn5FvVAtLDl9WA55996NFdvBPR%2BgoHBn%2F81jNCb3AIGkal3BoKg22mITM76Sgr5YK7J%2FS5aVpk%2FYvASLBE%2B7DyyMforVxZd%2BxzGlMhYwNSLpdr8%2BqBjIOCbu\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9e211df09de7a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1201,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"92885d518a59d65cc4312e75b153db74","sha1":"13cee154c83b410c330b0dd6bb1528fec2c9d201","sha256":"414ec6d2cc68c1d55e7bebb42c4b9829aeaa5f6bdfaf2faf11a3cb5e4859af71","sha512":"05d56cab07cdb86ae3facae8a2afb2d87dba5aa3f05dbd587762bc3e0ff8bcd3c567cee8c2fd91750c01d1635aac18530157d2c7dee65b4d006d6e275f151a8f","ssdeep":"","tlshash":"4f21447241a210617a5b20d71757674d7a62f02bf802ddc5b28dcb449fd1e9890ff1d5","first_seen":"2026-03-25T21:48:31.299336Z","last_seen":"2026-03-25T21:48:31.299336Z","times_seen":1,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/static/js/assets.js","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /static/js/assets.js HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:57 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697fc41b-36b2f\"\r\nexpires: Thu, 26 Mar 2026 09:47:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0A1sONcIvTapCwx3DpCqfdZ%2BIy1ej1IlCba7CgTr4VjUwjQb%2B%2Fev%2BiXmyiLHEJJSMb0X6yIjRw4jYqX1%2FHvflHZE0TkXPy49ZYlMjKG9PEKAduyo8oiAnEQ9RzHFnbXlGIr4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e211df09df0a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":224047,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65526)","md5":"d687d22737ad83d188bb57d53eeebeb3","sha1":"ea17ee86556a9ab3d84444106506ceaf5b7b4a83","sha256":"96d78388dfc4feb6feb0ec0fac27d58e62591bdc89d80775d41989b8c6172e11","sha512":"88e23350b74d27f753c4acbdb2271d992010ed3d00e632ed0fdc687bb4e8a4fc48b76dd24f1c9ce4e4e7e9b62d8fe518c2a57c685cb28dbcabfef43d6f536e94","ssdeep":"6144:oRI5UhJVI6fBFkvgn49jraWIm+T0WBD1p191gIo:rcrId","tlshash":"b32429897211b25112e752d6516d8606a3765419b40b88bcb4bccceb6c7ec6c22fffbc","first_seen":"2024-02-23T23:26:03Z","last_seen":"2026-04-04T17:53:00.433599Z","times_seen":353,"resource_available":true,"data":null}},"time_used":858,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":687,"receive":171,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"r1s6.cdxxxx.live/favicon.ico","fqdn":"r1s6.cdxxxx.live","domain":"cdxxxx.live","tld":"live"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:59.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdxxxx.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 03 Mar 2026 11:41:00 GMT","end":"Mon, 01 Jun 2026 12:38:43 GMT"},"fingerprint":{"sha1":"13:A5:D9:1F:2F:52:1E:BA:9D:FD:27:73:70:13:B5:04:A6:69:EF:A3","sha256":"04:E5:DE:A8:7E:C8:CF:A5:A6:BE:BB:C2:EA:99:E1:5B:F0:A4:83:D3:C2:82:11:E6:6A:02:A1:E7:5D:AA:A3:29"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: r1s6.cdxxxx.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nCookie: PHPSESSID=k3d8jep40jm5f17q0u5d0ik3n5; kt_tcookie=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Mar 2026 21:48:00 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Sun, 01 Feb 2026 21:22:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1p6R2U27L4iDxEwR%2FLEM3Eec1VPwW7%2Bgc50iSbtvnAlifXtXf5vK6mwPAFXEFWmfB2GVpDQ4zKFWZS6V1KvcDheIYTlKxMkujR%2BffSih62JHzs2AWJDTqQxe0oedM0AXBJm6\"}]}\r\netag: W/\"697fc41b-466\"\r\ncontent-encoding: br\r\ncf-ray: 9e211e00cd52a618-ARN\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1126,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 32x32 with \n- PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"3f6aed57807bb26755cc9ceaa045d0a4","sha1":"4d1212edf68bd115621c75f46d858f180a832bc4","sha256":"d883c9ba184cd4b6a49011650c218f96eccbd870face11b01455e5a50bafa8d7","sha512":"eaf9e5a81148047ee19f231dfa30076d7e1192af586b0b047ce5df5c4abbddffd1e40a74274784c2506a7c67e39324254e65b55d5c58b763798abacd32e58566","ssdeep":"","tlshash":"c221b9d327bc9836da0f5778870f7d42dc76778b65e3501406bcc0b801a225e4155f67","first_seen":"2025-09-20T12:04:19.094137Z","last_seen":"2026-03-25T21:48:31.301278Z","times_seen":2,"resource_available":false,"data":null}},"time_used":546,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"r1s6.cdxxxx.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/OWI4NjVmMTA4Zjg2ZGM1ZmY3N2Q5NzRkMzcxODBiOTA/s(w:640,h:360)/tag/000/425/450/0c2d255c.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/OWI4NjVmMTA4Zjg2ZGM1ZmY3N2Q5NzRkMzcxODBiOTA/s(w:640,h:360)/tag/000/425/450/0c2d255c.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 48934\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-responder: 20018\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 05:56:53 GMT\r\nx-envoy-upstream-service-time: 2\r\ntiming-allow-origin: *\r\nx-77-nzt: kkr/ncmorP0XrJF33DG7a9AAntpt7ZHRMt5bxmsm6ohDbHTJbrKhytY\r\nx-77-nzt-ray: 56376635299b48f10c58c469bab26938\r\nx-77-cache: HIT\r\nx-77-age: 489056\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":48934,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"4ffd9fa322a99ae611d881bb25620af7","sha1":"f626dc6ecda76bb89b67ba75305bba9c25bb4eae","sha256":"e7547f31df9c94cd5c2c1d4d2d5fe2faf23f1dd899f9711127f0fc91f5a542e1","sha512":"339569a334ae4e728bc9d5c8711171a5a7086a434e664e329cfb50291e742a0df38e0eee35e80b44563afb30e243edf389f147b550bee1e6ee8ba7a1db6f7fec","ssdeep":"768:LG96MyEVxAWtNzJLyKb9oMLq9neFn0iX3b02Sccem2O6w8r+Ha/6zpBs1J7a:LG99yLElOKhoMLq9eFnrb1ie3lb+pBAA","tlshash":"6823f179c3e0c5faf12679ba76c98f12cec539bef352515e1ef42c0424126847a287b8","first_seen":"2026-03-25T21:48:31.302862Z","last_seen":"2026-03-25T21:48:31.302862Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":25,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/YzkxZDJhMDk5NzI5YTBkZmE0N2YyZGM2Mzc1Y2U5YTU/s(w:640,h:360)/tag/000/424/564/315d36e9.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/YzkxZDJhMDk5NzI5YTBkZmE0N2YyZGM2Mzc1Y2U5YTU/s(w:640,h:360)/tag/000/424/564/315d36e9.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 54245\r\nx-rsic-processor: 20018\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Fri, 27 Mar 2026 07:54:50 GMT\r\nx-envoy-upstream-service-time: 321\r\ntiming-allow-origin: *\r\nx-77-nzt: kh588Z49WARXAA/YSzyLSNqUiNxkhDff4py2zvJmJzUYhKKVHA4h4Yc\r\nx-77-nzt-ray: 56376635299b48f10c58c4694071813a\r\nx-77-cache: HIT\r\nx-77-age: 481808\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":54245,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"0dfa96b64e935fa0d95e49889f81ab9c","sha1":"da637cc04da02c76d110184d8054c4f40916dba9","sha256":"fe62a36da3cbae652f6605dcdf086010fb072be599cef5a2334bd151419b63a7","sha512":"2b0e51f00c0aebde027f6c69b42a8459aa7618ee731c941d113bcd2e10e96e25019ab619ca3b1a201c39179904d4288476ef94c29fdf2cdd9da60a29a7f5949a","ssdeep":"1536:rcqwg1gab+Hg0dQ4EtNn9Q2fXxWJMu9RCWk8C:rbx+Hg9b3HxyJXPm","tlshash":"3333f1dab48767f2d8ffa7b4c6721f1e66916f0300085505ccc9e35436483d67eaa1e9","first_seen":"2026-03-25T21:48:31.304229Z","last_seen":"2026-03-25T21:48:31.304229Z","times_seen":1,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":60,"dns":19,"connect":10,"send":0,"wait":12,"receive":43,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ic-tt-nss.xhcdn.com/a/MzIyZmJlMDU0YzZkNTVhY2YyYzJkYTYwYmMxM2YyMzc/s(w:640,h:360)/tag/000/000/235/5a4f3684.jpg","fqdn":"ic-tt-nss.xhcdn.com","domain":"xhcdn.com","tld":"com"},"ip":{"addr":"185.76.9.4","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://r1s6.cdxxxx.live/","date":"2026-03-25T21:47:56.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1871944538.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 16 Jan 2026 13:08:12 GMT","end":"Thu, 16 Apr 2026 13:08:11 GMT"},"fingerprint":{"sha1":"00:4E:2C:4B:1D:2C:AD:D6:41:7D:FB:7F:06:0C:59:97:6A:E3:9F:85","sha256":"2F:31:03:B4:20:76:2E:1B:BA:23:5D:8A:E6:BC:39:D8:1D:C9:47:36:A9:00:2B:0F:DC:F4:3E:A6:EE:19:D3:37"}}},"request":{"raw":"GET /a/MzIyZmJlMDU0YzZkNTVhY2YyYzJkYTYwYmMxM2YyMzc/s(w:640,h:360)/tag/000/000/235/5a4f3684.jpg HTTP/1.1\r\nHost: ic-tt-nss.xhcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://r1s6.cdxxxx.live/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Mar 2026 21:47:56 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 74108\r\nx-rsic-processor: 20021\r\nx-rsic-cache-hit: yes\r\nx-rsic-cache-mem: yes\r\nx-rsic-responder: 20021\r\ncache-control: max-age=604800\r\nexpires: Tue, 31 Mar 2026 12:59:08 GMT\r\nx-envoy-upstream-service-time: 0\r\ntiming-allow-origin: *\r\nx-77-nzt: ko4xlRUcOhfggMGn/v9bvztW/IM1YRIOu3OU35OP6KnIKV/zdIagzKo\r\nx-77-nzt-ray: 56376635299b48f10c58c469e0592f39\r\nx-77-cache: HIT\r\nx-77-age: 118098\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":74108,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2, software=PhotoScape], baseline, precision 8, 720x360, components 3","md5":"d556aeccc39546f2fb614bd7edd04960","sha1":"4085eb4fd15fc34c4e72c8c2743be98a383a9d16","sha256":"2b6216f532f9a7d73d64791f90cc109079cae4a2b5eb17c29cc70855393d54ad","sha512":"d12e627eca642993b870f8703bd92a5e1e0bbd8cc041092756003a8a8bc167c0c66d43f107d6ecc0c8104fb0f9c42e5c1fe67b843007a5d4491006ada88a4b69","ssdeep":"1536:3fLx4pxDLCK5TIVkvtTQGMtGR+y1dAN0uNkzDRc1G4AU:3NUxXe+vNQGMt2+zgzDb5U","tlshash":"e973f1ad21ebf2faf13b99fb41321e49d9bea304a9a4f7db34c016a870005c25578d5d","first_seen":"2026-03-25T21:48:31.305616Z","last_seen":"2026-03-25T21:48:31.305616Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.iseaskies.com/ct?id=95200\u0026url=https%3A%2F%2Fwww.xyjdh.com%2Flink%2Fa.aspx%3Fid%3Dcdxxxx\u0026sf=1\u0026tpi=\u0026ch=Yahoo%20Test\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tsf=0\u0026tsfmi=0\u0026tsfu=\u0026cb=1774475279787\u0026hl=2\u0026op=0\u0026ag=2881387774\u0026rand=23296112626210615762201171021956159076171082711210523696719275822282015071578232127726002550\u0026fs=0x0\u0026fst=0x0\u0026np=win32\u0026nv=\u0026ref=https%3A%2F%2Fr1s6.cdxxxx.live%2F\u0026ss=1280x1024\u0026nc=1\u0026at=\u0026di=W1siZWYiLDYwMjNdLFsiYWJuY2giLDEyXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiXX0iXSxbLTMzLCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2UsZmFsc2UsZmFsc2VdIl0sWy01MCwiLSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy02MSwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMDExMDAxMTExMTAwMDAwMDEwIl0sWy03MiwiRXhVPSJdLFstNzMsIkVoUT0iXSxbLTc0LCItIl0sWy05LCItIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy01OSwiLSJdLFstMzEsImZhbHNlIl0sWy00NSwiNzUyLDAsMCw3MTksMCwwLDc2MSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy0yLCI2LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTU4LCItIl0sWy02MywiLSJdLFstNjQsIi0iXSxbLTY1LCItIl0sWy0xMCwiLSJdLFstMjEsIi0iXSxbLTM0LCItIl0sWy00NiwiMCJdLFstNDksIi0iXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTcwLCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiZG9SZWRpcmVjdFwiLFwiX19jdGNnX2N0Xzk1MjAwX2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy0yOCwiZW4tVVMsZW4iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDAsIjM3Il0sWy01MSwiLSJdLFstMTUsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLDAsMCxcIi1cIixcIi1cIiwwLDAsbnVsbF0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTM1LCJbMTc3NDQ3NTI3OTY0MywwXSJdLFstNTMsIjAwMSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6MTEzLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy00MSwiLSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy02MiwiNTgiXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEwIl0sWy01NSwiMCJdLFstNjYsIi0iXSxbLTEyLCJcIjFcIiJdLFstMTgsIlsxLDAsMCwwXSJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstNjAsIi0iXSxbLTY4LCItIl0sWy02OSwiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbImJuY2giLDIyNF0sWy0xNiwiMCJdLFstMzcsIi0iXSxbLTUyLCItIl0sWy00LCItIl0sWy01LCItIl0sWy02NywiLSJdLFstNzUsIihpbnRlcm1lZGlhdGUgdmFsdWUpLnNvbWVGdW5jIGlzIG5vdCBhIGZ1bmN0aW9uIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTIwLCItIl0sWy0yMywiKyJdLFstMjYsIi0iXSxbLTI3LCItIl0sWy0zMiwiMCJdLFstMzgsImMsLTEsLTEsODI1LDAsMTUsMCw2NiwxMzMsNTcsLTEsMCwsLDE1MDQsMTUwMyJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFVFcGNXRXBTVUZ4S0YxcFdWQlpLUVVrV1VCWU1BUWdPRFFCWUNsb0lYQTRBQ3dzS0RnMWFXQUJiQ2wwTlhWOWZDUTBKRGhkVFNnTUlBdzhQRGcwSkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hVRXBjV0VwU1VGeEtGMXBXVkJaS1FVa1dVQllNQVFnT0RRQllDbG9JWEE0QUN3c0tEZzFhV0FCYkNsME5YVjlmQ1EwSkRoZFRTZ01JQXc4UEFBb09GVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjFCS1hGaEtVbEJjU2hkYVZsUVdTa0ZKRmxBV0RBRUlEZzBBV0FwYUNGd09BQXNMQ2c9PSJdLFsiZGRiIiwiMCw3LDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMywwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDM0LDAsMTUsMSwyLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMSwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDEsMSwyLDUsMCwxMTQsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D\u0026dep=1\u0026pre=0\u0026sdd=\u0026cri=Ph3ADveBA4\u0026pto=1522\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1774475279.JzknKbkwVFKsH5tr\u0026suid=1.1774475279.qBhS2vjDSZ9NQzV1\u0026tuid=1.1774475279.NBWZNtg0GZFSdez4\u0026sid=1.1774475279788.UlgvgxEMpSduN5sR\u0026fbc=-\u0026gtm=-\u0026it=3%2C1178%2C64\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=jx.4.2;\u0026sck=-\u0026io=aGA2Oi15fzZz\u0026xer=%7B%22r%22%3A1%2C%22i%22%3A2%7D","fqdn":"obseu.iseaskies.com","domain":"iseaskies.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.xyjdh.com/link/a.aspx?id=cdxxxx","date":"2026-03-25T21:48:00.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.iseaskies.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 14 Mar 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:29:00:EF:41:A1:05:3E:E1:8D:C7:C6:56:5A:2D:1B:ED:11:A5:D8","sha256":"58:10:1A:43:35:D0:AC:8D:AD:C5:42:AA:E4:34:CD:77:38:D9:D4:20:96:D5:48:10:9F:33:64:53:01:20:2D:B2"}}},"request":{"raw":"GET /ct?id=95200\u0026url=https%3A%2F%2Fwww.xyjdh.com%2Flink%2Fa.aspx%3Fid%3Dcdxxxx\u0026sf=1\u0026tpi=\u0026ch=Yahoo%20Test\u0026uvid=2684493d-7de1-4b7f-9a1d-7385b8f325ec\u0026tsf=0\u0026tsfmi=0\u0026tsfu=\u0026cb=1774475279787\u0026hl=2\u0026op=0\u0026ag=2881387774\u0026rand=23296112626210615762201171021956159076171082711210523696719275822282015071578232127726002550\u0026fs=0x0\u0026fst=0x0\u0026np=win32\u0026nv=\u0026ref=https%3A%2F%2Fr1s6.cdxxxx.live%2F\u0026ss=1280x1024\u0026nc=1\u0026at=\u0026di=W1siZWYiLDYwMjNdLFsiYWJuY2giLDEyXSxbLTExLCJ7XCJ0XCI6XCJcIixcIm1cIjpbXCJkZXNjcmlwdGlvblwiXX0iXSxbLTMzLCItIl0sWy0zOSwiW1wiMjAxMDAxMDFcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsXCIyMDE4MTAwMTAwMDAwMFwiLG51bGwsZmFsc2UsbnVsbCxmYWxzZSxudWxsLDUsdHJ1ZSxmYWxzZSxudWxsLDAsZmFsc2UsZmFsc2UsZmFsc2UsZmFsc2VdIl0sWy01MCwiLSJdLFstNTYsImxhbmRzY2FwZS1wcmltYXJ5Il0sWy02MSwiLSJdLFstNzEsImEwMTAwMTAxMTAwMTAwMTAxMDAwMDExMDAxMTExMTAwMDAwMDEwIl0sWy03MiwiRXhVPSJdLFstNzMsIkVoUT0iXSxbLTc0LCItIl0sWy05LCItIl0sWy0yOSwiLSJdLFstNDQsIjAsNSwwLDUiXSxbLTQ4LCJbXCItXCIsXCItXCIsXCItXCIsXCItXCIsXCItXCJdIl0sWy01OSwiLSJdLFstMzEsImZhbHNlIl0sWy00NSwiNzUyLDAsMCw3MTksMCwwLDc2MSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl0sWy0yLCI2LElzTjluR25XYkFZQUl4TmZRYU9xR0UwQ0ZBUXNjRzAwSW5oT2JZQkFLWVVPelFPNkVYMDIwSW1HTGN1NjJ1cmRQL2MyZDJwTm1WWkF3ZjMvLzh6NzlHckhhMVd1M09tWFBQdmUiXSxbLTU4LCItIl0sWy02MywiLSJdLFstNjQsIi0iXSxbLTY1LCItIl0sWy0xMCwiLSJdLFstMjEsIi0iXSxbLTM0LCItIl0sWy00NiwiMCJdLFstNDksIi0iXSxbLTU0LCJ7XCJoXCI6W1wiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTcwLCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwiZG9SZWRpcmVjdFwiLFwiX19jdGNnX2N0Xzk1MjAwX2V4ZWNcIl0sXCJuXCI6W10sXCJkXCI6W119Il0sWy0yOCwiZW4tVVMsZW4iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNDAsIjM3Il0sWy01MSwiLSJdLFstMTUsIi0iXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwwLDAsMCwwLDAsMCxcIi1cIixcIi1cIiwwLDAsbnVsbF0iXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTM1LCJbMTc3NDQ3NTI3OTY0MywwXSJdLFstNTMsIjAwMSJdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwibWVzYVwiLFwiclwiOlwibGx2bXBpcGVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjBcIixcImd2ZXJcIjpcIndlYmdsIDEuMFwiLFwiZ3ZlblwiOlwibW96aWxsYVwiLFwiYmVuXCI6MTEzLFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMTQsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy00MSwiLSJdLFstMSwiTGludXggeDg2XzY0Il0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy02MiwiNTgiXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTQzLCIwMDAwMDAwMTAwMDAwMDAwMDAxMTEwMDEwMDAwMDEwMDAwMDAwMDAwMDEwIl0sWy01NSwiMCJdLFstNjYsIi0iXSxbLTEyLCJcIjFcIiJdLFstMTgsIlsxLDAsMCwwXSJdLFstMjQsIltdIl0sWy0yNSwiLSJdLFstNjAsIi0iXSxbLTY4LCItIl0sWy02OSwiLSJdLFstOCwiLSJdLFstMTMsIi0iXSxbImJuY2giLDIyNF0sWy0xNiwiMCJdLFstMzcsIi0iXSxbLTUyLCItIl0sWy00LCItIl0sWy01LCItIl0sWy02NywiLSJdLFstNzUsIihpbnRlcm1lZGlhdGUgdmFsdWUpLnNvbWVGdW5jIGlzIG5vdCBhIGZ1bmN0aW9uIl0sWy03LCItIl0sWy0xNywiNDgiXSxbLTIwLCItIl0sWy0yMywiKyJdLFstMjYsIi0iXSxbLTI3LCItIl0sWy0zMiwiMCJdLFstMzgsImMsLTEsLTEsODI1LDAsMTUsMCw2NiwxMzMsNTcsLTEsMCwsLDE1MDQsMTUwMyJdLFstNDcsIlVUQyxlbi1VUyxsYXRuLGdyZWdvcnkiXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFVFcGNXRXBTVUZ4S0YxcFdWQlpLUVVrV1VCWU1BUWdPRFFCWUNsb0lYQTRBQ3dzS0RnMWFXQUJiQ2wwTlhWOWZDUTBKRGhkVFNnTUlBdzhQRGcwSkZRNElBQlpORjF4QlNWWkxUVW9XQlhsUlRVMUpTZ01XRmx4TVZsc1hVRXBjV0VwU1VGeEtGMXBXVkJaS1FVa1dVQllNQVFnT0RRQllDbG9JWEE0QUN3c0tEZzFhV0FCYkNsME5YVjlmQ1EwSkRoZFRTZ01JQXc4UEFBb09GVXBjVFcxUVZGeFdURTBaVVZoWFhWVmNTeE1PQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjFCS1hGaEtVbEJjU2hkYVZsUVdTa0ZKRmxBV0RBRUlEZzBBV0FwYUNGd09BQXNMQ2c9PSJdLFsiZGRiIiwiMCw3LDAsMCwwLDIsMCwwLDEsMSwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMywwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwyLDM0LDAsMTUsMSwyLDAsMCwwLDEsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDEsMSwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDEsMSwyLDUsMCwxMTQsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwxLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCwwLDAsMCwwLDAsMCJdXQ%3D%3D\u0026dep=1\u0026pre=0\u0026sdd=\u0026cri=Ph3ADveBA4\u0026pto=1522\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1774475279.JzknKbkwVFKsH5tr\u0026suid=1.1774475279.qBhS2vjDSZ9NQzV1\u0026tuid=1.1774475279.NBWZNtg0GZFSdez4\u0026sid=1.1774475279788.UlgvgxEMpSduN5sR\u0026fbc=-\u0026gtm=-\u0026it=3%2C1178%2C64\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=jx.4.2;\u0026sck=-\u0026io=aGA2Oi15fzZz\u0026xer=%7B%22r%22%3A1%2C%22i%22%3A2%7D HTTP/1.1\r\nHost: obseu.iseaskies.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.xyjdh.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript\r\ndate: Wed, 25 Mar 2026 21:48:00 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ntiming-allow-origin: https://www.xyjdh.com\r\ncontent-length: 1352\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3802,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (3802), with no line terminators","md5":"82da20c79ff4a90dd446ad1b26d56773","sha1":"caa171cf9649c092282658dc3b90490de2709e1c","sha256":"92b009800bcaa2b99d9899722093ab92a55d9438585c08375729c8ecf2c3b4a2","sha512":"66b3bea2070279618bddf2ad6806284a339d1a4d7eaa2b7037ec1d8a8df86470b1900b6acfaa0f61685a2f8835570df3b5181deab6dca5de5a922706ff7a5f3e","ssdeep":"","tlshash":"af712b26167e1c75427a0a33eff7a94cd32b29323dc74045d8a6f5d62e3763cd540024","first_seen":"2026-03-25T21:48:31.307019Z","last_seen":"2026-03-25T21:48:31.307019Z","times_seen":1,"resource_available":true,"data":null}},"time_used":48,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}