{"report_id":"583cd932-b18f-4082-a58a-852f424deadd","version":6,"status":"done","tags":[],"date":"2026-04-05T09:40:18Z","url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":0,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"title":"金凤凰3337798.COM","dom":{"size":29593,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"296b83aa6a6ba74e62c2453eaea4f9fb","sha1":"edcc50a6adec4657b332555a7613ce51990fc0b6","sha256":"f0ae47b98a44b16c58fdaf3b90c3f40597a999d69376deeb987009cd0d916ad4","sha512":"ee9c65ec866523029a42f1f5af30314023cbe10d42bfc21e85fa7c65366807f36215648ddb91d93042551b2cfe3deadbf8afe5798953131c2f3fea589c6ed153","ssdeep":"384:t5Ug5Uordwrrdwrrdwrrdwrrdwrrdwrrdwrrdw+NSLlPIOel:t5Ug5UUd8d8d8d8d8d8d8dOVja","tlshash":"34d27836a7a15f577242c9a7691bbd8e13f08c37cebec2c6bbad44b11f8c5621443258","dom_hash":"domhashb9fddd7c32e0061a03e5f1440402896b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":0,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T09:40:18Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-05T09:39:54Z","timestamp":1775381994,"ip_dst":{"addr":"Client IP","port":39396,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.152.3","port":443,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 1","source":"{\"timestamp\":\"2026-04-05T09:39:54.434503+0000\",\"flow_id\":389958031028147,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.152.3\",\"src_port\":443,\"dest_ip\":\"172.18.0.16\",\"dest_port\":39396,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400000,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 1\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":66,\"start\":\"2026-04-05T09:39:54.176051+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-30T04:31:31.043385Z","alert_count":0,"request_count":2,"received_data":30881,"sent_data":1202,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"8.999996996.xyz","ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"domain_registered":"2026-02-15","domain_rank":0,"first_seen":"2026-04-04T00:07:47.044662Z","last_seen":"2026-04-04T00:07:47.044662Z","alert_count":0,"request_count":19,"received_data":386480,"sent_data":7958,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"wanzhuanliuhe.a82518a.app","ip":{"addr":"161.153.6.176","port":3080,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-08T22:06:12.708332Z","last_seen":"2026-04-01T23:09:40.539691Z","alert_count":0,"request_count":1,"received_data":4597,"sent_data":538,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"domain_registered":"2026-02-15","domain_rank":0,"first_seen":"2026-04-05T09:40:19.724165Z","last_seen":"2026-04-05T09:40:19.724165Z","alert_count":18,"request_count":18,"received_data":253495,"sent_data":7901,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.11.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"336309.com","ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2015-09-29","domain_rank":3439766,"first_seen":"2025-08-18T19:16:53.022811Z","last_seen":"2026-04-01T23:09:38.787977Z","alert_count":0,"request_count":8,"received_data":123712,"sent_data":3961,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:1.11.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"tuwang.tukuwangluo.com","ip":{"addr":"38.175.197.142","port":80,"asn":400304,"as":"REDOUBT-NET","country":"United States","country_code":"US"},"domain_registered":"2024-09-25","domain_rank":0,"first_seen":"2026-04-02T02:03:52.992449Z","last_seen":"2026-04-02T02:03:52.99245Z","alert_count":0,"request_count":1,"received_data":169,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"643941.freep.cn","ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"domain_registered":"2005-11-17","domain_rank":0,"first_seen":"2025-11-24T14:26:37.413561Z","last_seen":"2026-04-02T05:03:50.033974Z","alert_count":0,"request_count":10,"received_data":824024,"sent_data":4852,"comment":"","tags":null,"fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}]},{"fqdn":"kswc88kkg0.99kjhi.app","ip":{"addr":"141.148.156.69","port":2860,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-25T22:20:16.721342Z","last_seen":"2026-04-01T23:09:40.958836Z","alert_count":0,"request_count":2,"received_data":36052,"sent_data":1001,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0c7c8372a9f37af611c68e543adc20d4","sha1":"1d362b60d9aef9b3f4fb47742ee6081ba11b7b8f","sha256":"699e988a455da6f9b13fc50d4423c5bb843b73219b1d40a88cc05e68abed0360","sha512":"14a95ee8a34ac1cb95f3cb0e017855d3600512e6997eb14329dbbad0a33ddb1e62ba41f6eef6e9feedf0434bd49d032e8b18654c55bd2e7b19de9649cc1f0827","ssdeep":"","tlshash":"6fc04c88b5a2250e2ab171a44f3b74aa50b219479d898c418095d8a2261bb3ed192985","size":138,"data":"","first_seen":"2026-01-25T22:20:27.249454Z","last_seen":"2026-04-05T16:11:09.212532Z","times_seen":187,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4bef1e5138705d02349a598e587e0411","sha1":"5a681fb09b3da2bf684a3898bff3b23eaf6d8a90","sha256":"56ae3c40cece948b3b9484c2cc0c8003389742e4bfe572e7406fe3bbda5109f4","sha512":"10daa25300af519417a360af61b90c6aa4ac0d418cad7aee5affbe648da499712448aef7c69f8aafdb94a18ba20392c9d8e078bbdd047eb35d3ff944bc32a852","ssdeep":"","tlshash":"bbe0c26d641230312e8f64a9abb6c3903c7410033683e000342c9ae14f21e35189accd","size":363,"data":"","first_seen":"2026-04-01T23:09:46.403191Z","last_seen":"2026-04-05T16:11:09.21563Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2d6ee92929d52c2a7d5765921e6df74b","sha1":"9e2e02af6c55c7f63807ed3d36d361bd034c6e2a","sha256":"33533955fe3ea40360bdcd31adccc0b02965a0f86165c768f90bd879f62033b0","sha512":"82622a72b0d5eae75df6b1e9567e3f942d8cc453e08ed790d34f8e51498cfacfb2d22983bdadef4cc481f3734e147d4fa345929e1f3787266ae81b6e8eee1afc","ssdeep":"","tlshash":"b0f0d3b753a5111e5943205e5d4f630dddb3d50b64888017dbdcd2953ed0e511193a5e","size":641,"data":"","first_seen":"2026-03-07T21:31:08.684923Z","last_seen":"2026-04-05T16:11:09.216558Z","times_seen":186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/js/jquery.min.js","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e0e0559014b222245deb26b6ae8bd940","sha1":"e2f3603e23711f6446f278a411d905623d65201e","sha256":"89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e","sha512":"60740da8f871b8263675db2421b0e565fc18e95c772f7c3d5916f224263cd71a6a2e6acceab2f6f8ba1c0607951f0198f525d87d0589fa57045b1d5f292dacf0","ssdeep":"1536:q4mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RlfDknv+p0WzH/IoSZ7qABZnu0sFv:qGsKXlI2p0WPSbDrstfam","tlshash":"ba93f8ddb2d1b06257bb21bd006f540ff236195e280d8850f129e8eabc74a4d9277fad","size":93100,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-05T16:29:29.551585Z","times_seen":18219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kswc88kkg0.99kjhi.app:2860/dh/skintk/js/9js.js","fqdn":"kswc88kkg0.99kjhi.app","domain":"99kjhi.app","tld":"app"},"ip":{"addr":"141.148.156.69","port":2860,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bada4e434a112be260b85848ed7a672f","sha1":"0e83a2679856b1d6d9cfb02f0a27fe81c2d55fa6","sha256":"10c26c217a4647b85d64373b29bf0017f062556c5f8d3672e65600afa50bd903","sha512":"1d5f4cc35eb157a24adc87048c32af2beee379b6eac75539526c07c642c8c2eda34bce7a9436bf67393edd0a4bfbd31959417cc1ddc537392a7e2bc064a64d34","ssdeep":"192:OBzxW3h3+tUNvB3jBVVMg/Yj2igS7wK4it3AB4bbRAPztCMqeoX54AoYscw/+VQQ:LIb/Haj+d","tlshash":"f6224449a4a60b12b41374751f9f77ac67798c73cd29db283f5ea2c25fd106208e2b8d","size":10623,"data":"","first_seen":"2026-01-01T08:14:59.550064Z","last_seen":"2026-04-05T16:11:09.191631Z","times_seen":188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?5c754ac15a8c95da0a32585720c545fe","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"bff68e5b2c73aa52ad0f27103c1e7c01","sha1":"e2e3da92a4c4319d2ef0fca7070a09a9b645254c","sha256":"857bdea28634f0930c28bd8cfb7d60b43a3ad333263841a47410155103f35958","sha512":"03abda35cbbc453f96d95273976cf10be24a6fac3057f3762cfb452fd39fd2a0d3f3a475238db43b4e217ec70a29098c1aa26399763b23c15f2a5528d1af6609","ssdeep":"384:6JJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:6J4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"bfd2d9e9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","size":29899,"data":"","first_seen":"2026-04-05T09:40:22.024708Z","last_seen":"2026-04-05T09:40:22.024708Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2825f75f6962b534fc5708d088f097c9","sha1":"638568caacf8310624d51c904e61108517a4115a","sha256":"fb341203bade107a26e619246e81d5f02eb566441a0023b65d102e4d54516d90","sha512":"aee3d7f8a03929b741a4298e7a98dbf97ffad78fbfb3c5de93f5ea32b2a61d39365dbbaeab4df4f7608fa8371d77997b8d2c3af6353e0334abc9f50ab130413d","ssdeep":"","tlshash":"a9c08c88061b60023e3600b9a77f30ec98320f930005ee00740998468fd839ce509ebf","size":166,"data":"","first_seen":"2026-03-07T21:31:08.682278Z","last_seen":"2026-04-05T16:11:09.218668Z","times_seen":186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"49987ab035c90f6fcf84f2b2018f0a4a","sha1":"1459cff35e00fcb2e37295dfff56d93637a5d441","sha256":"41ca6af307f0faa64aeb2b76120d52a3f78a0290acbacde2323ed7202095b95d","sha512":"fa2d015ac18157c6417b62b09c513f9aebcdd509e3df04f274a15bb1d189fc8d6a96a805553674eafc1de4ad99a2a97c2d276316c38a4e69ef166f930e99b9bc","ssdeep":"","tlshash":"194124c86ed3e91367af85c39d021abd30ee8b34f880b14bc717b59d26e0a87d644c20","size":2250,"data":"","first_seen":"2026-04-04T00:07:51.356577Z","last_seen":"2026-04-05T09:40:22.034925Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wanzhuanliuhe.a82518a.app:3080/yj.html","fqdn":"wanzhuanliuhe.a82518a.app","domain":"a82518a.app","tld":"app"},"ip":{"addr":"161.153.6.176","port":3080,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ab23116e7a4d11fa9327dc477097186","sha1":"12b851dded6412df8aec299b016d79ae5a599ad3","sha256":"63f3ec468e9f627bf40565e697fda8816616c192d5ae95ea696bb2beb064699f","sha512":"ae58c641bf651327d2d5bb3e79a04d5f897c11f7538bd44b47da5fdcfe79739f6e6ec874959e3e2ebb522ca80d5b45209d6a229fc0cac79e37ba16435f8dd650","ssdeep":"","tlshash":"375170b6bad3094615a731bf613f8344a1306043280ecb067d5f72285f92e0675fbbe9","size":3160,"data":"","first_seen":"2026-03-08T22:06:19.880766Z","last_seen":"2026-04-05T16:11:09.213173Z","times_seen":148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/ackj1.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e8c14bab485acaa0b28e3d372cafe333","sha1":"6d415f69d9e24c34f3e7e376ccacf7253a475925","sha256":"f702d6b99be29031d390246662649704267312ff01be359c1862212f9da6db80","sha512":"877892cf9e756e7292cfc9086d8ee83606738c092fabda505e91d2e40fd64c2af97b95bc08a0278e0cfa6b53138a4272a2478988b5d25b5f2bbe3052feb711ea","ssdeep":"192:ep5Dog2p4j+AibS1YMYARHniFmYGI163FvvMpSNdJWdyO9ZLSD7yk+MFudVHg9TM:ll4SvMYMd1El163FXMpSN/W39ZLSD7y9","tlshash":"e012a50873d15c712a5be733af1fa0d8eb2e1bbb39a94c09f54db5605f4c604d1a6ab0","size":9759,"data":"","first_seen":"2025-11-12T23:34:33.076032Z","last_seen":"2026-04-05T16:11:09.189665Z","times_seen":160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/ackj1.html","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-05T16:49:26.864204Z","times_seen":102816,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"67dd2be854f8fae61c30e6406134dcfa","sha1":"5af9c1dbfed6aaaf6f44cd69f39f583a1d4727fd","sha256":"f2dc1664c80b5e8896ec5a7b2e25946de7c8fde2bc343c59046eabef83e10479","sha512":"6a14ab86fb14aa062f215151bba6f60b109aecf69039d7667a38c5782856e453c665dd0c34ddf5e9f5d8cc73b60b07eed50acc749e9776d85bd31df17c3fc839","ssdeep":"","tlshash":"a6900258f404548640259c105aab1d34e567514e8149940257044df919514a6a70556c","size":52,"data":"","first_seen":"2026-03-10T18:41:32.241071Z","last_seen":"2026-04-05T09:40:22.037115Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"96f0ac2eae4e5464fc0ed907c8f554c5","sha1":"4dc5deb6f23c587aa37423b70d2e584b1aa35288","sha256":"e608c2fc80783500e4770e9ebee084d4d2d2d35f91161c81413b974ffb7f8c1a","sha512":"a2f5e2b09b2b51edfe3f67a90b6f8a8211d24e47529abbc602ba5e55c35871712af6bf55c0c1ff81a7910ea578cca95266bcf1facb9ec200ee31469ee46ed8df","ssdeep":"","tlshash":"5f41789976e315399017712a635f00203e49411fdf00dd20b9bcf09a4fdbc228a9bbad","size":2250,"data":"","first_seen":"2026-03-08T22:06:19.889223Z","last_seen":"2026-04-05T16:11:09.218Z","times_seen":148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e8a5ab51122b98643e2d23b6c21db4d","sha1":"a0aee7c8d163a9020136489197b5efd57b867663","sha256":"dbc5711a1160a89d10c8130136d444b34c590fd8b9b9a757e6480b86b5461923","sha512":"ec23c4b174c97fbeb002654f2bb05ff19dc9dda9db066955da6519f79d492445c2af43dc8b1adeebe3d5ab71a1b644cf2be7f2ed4d309bb5332aef4edfcfc222","ssdeep":"","tlshash":"a7012b0d947206a09b7371f50e1f0412a061942f1c4acd08bc6c70e11f14a6c0a97ae9","size":671,"data":"","first_seen":"2026-04-01T23:09:46.435573Z","last_seen":"2026-04-05T16:11:09.220013Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/ackj1.html","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bfd34d99d5fe1b408a32863e78b1dcf7","sha1":"7985739e184da9027ae2f788607bc3588533ce79","sha256":"444e08cca30d829b4e2ad0442682f79a51674d94c5f4e4802de8fcfca5794cce","sha512":"cff18ebf57d73fda71fb07b69ab9fc8b5f304f0aa0dbc0a230627398ad437c3e23403c3f8ecce015abe3acd6163cdeaf9fef7eff04847aedcb64fc647f9aba05","ssdeep":"","tlshash":"b1d02e2f2c24283623ae08a960aad94cb072104c903ee98080cee8215da0ed52c2eb88","size":254,"data":"","first_seen":"2025-11-12T23:34:33.108764Z","last_seen":"2026-04-05T16:11:09.219355Z","times_seen":160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/jquery-1.11.2.min.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"87e69028f78d75ca225b3dc54d233239","sha1":"b33ee3b42b988eef9d4d62495b6e54e23dd642fd","sha256":"d4ec583c7604001f87233d1fe0076cbd909f15a5f8c6b4c3f5dd81b462d79d32","sha512":"6679e3ee7d02d17cf5b5d93a8a1dfd58f9b79120936442a75ffed668d6f2496ec615bc128cee6bf7fb8e0062cc6e0bfa96523519d8210bbc5d690b05512b4cd7","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9l:A4Ud4qhJvNPqcB47MfWWca98Hrh","tlshash":"d093e8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95966,"data":"","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-05T16:11:09.209882Z","times_seen":1354,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/ackj1.html","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-05T16:49:26.864204Z","times_seen":102816,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"edaddb8132e9e0880252c5b6c47bf1c1","sha1":"dc08b5b6ca432b46cca94f1f297491e1b08736ea","sha256":"b98809417c0240085bf70f2a1127f0b622c1514651737e7e4ffac4b39e4da17e","sha512":"00dbcc0a7b89e5e377bc26573fa3b9f1d09267044b3ee1c594e22522f8a17733bf041ebfa09ddb2e70a9f495437933f8a4e42875a16a3221067bf1df558c090b","ssdeep":"","tlshash":"da4000000000000000000000000000000000000300000000300000000f000000000000","size":6,"data":"","first_seen":"2023-03-07T01:14:38Z","last_seen":"2026-04-05T16:24:19.052638Z","times_seen":13179,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/js/jquery-1.11.2.min.js","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fa0022c8b400800ef0b78b6af2ae364","sha1":"3de2597bce3595b78d5f17b0be2926e6c1755131","sha256":"ac07fa7df8194a01cee6f9140603c0c03b2c3fb1ae02c7c2d00f1c9c35d8c134","sha512":"5f77320dde6aa89949e0dae4acccb7a20b9edd282af94da86a39cbf77cc50c7e88ed82d492cb2ffbc341c7dfff2a17d73a2db23d2edca5a226ac215b0acd8ac2","ssdeep":"1536:0P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLyFoqqhJ7SerN5sVI6xcBvPv7E+nzms9e:f4UddqhJvNPqcBH7MfWWca98HrK","tlshash":"fa93e8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","size":95970,"data":"","first_seen":"2023-03-26T14:39:24Z","last_seen":"2026-04-05T16:11:09.189015Z","times_seen":277,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/LunarSolarConverter.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"08e0fded76ebb65c400c4ff35c3b2ae2","sha1":"9c1bcef224265877792312bf1f9821e4f825c0d6","sha256":"0492df3a61274cf69d7ebb7a795b3f5f6aad5d8deb70bce0338fd08cd3fa94d0","sha512":"045328d1387a1d75415c77c39862e189253b4dc3c7da8f95332004305c49b267f4cc8b995e5699edce1c09fa72b728c0b866f224d8973370d3aa0dc436c598a5","ssdeep":"96:yDBbFiEj9vhGRWMIJ/93pQXdEtodXuuslEZ1zNNVs+L3gNo321fz:qBBNCHcQXdE2ij","tlshash":"67d1fcc52b81aac912aa4b94b6293ef50217d117c9c9e48dfc48bac07cedf14127e3f0","size":6163,"data":"","first_seen":"2023-10-25T11:18:06Z","last_seen":"2026-04-05T16:11:09.196861Z","times_seen":242,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/lhc.utils.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf68fee5cc1d53672867c7bcb5b54cee","sha1":"1a7192a99b87e81b29e49e1697e0614d810c0fc6","sha256":"4e3a9748d8abee536fa9c325c1135ed0550079542dc95ed4283da41b68868f55","sha512":"a72135dac76b0cd478aa85828fe294dca0e7261fa28ea7c221944870f86ab2d7e19bd66e68d188ee80cb09a00dfb67e84d0f2bc0f9f4440025adb285a7918049","ssdeep":"","tlshash":"3e714284f1c2d175c6f925f4409e7019ae2addf5940e2215fa3c69cab839367b03ec79","size":3583,"data":"","first_seen":"2023-10-25T11:18:06Z","last_seen":"2026-04-05T16:11:09.205904Z","times_seen":242,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/ackj1.html","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"2f7145e839de58ec86e33d1868349f3c","sha1":"958fabbceef107b7eb6327fb6e603c2b21d16974","sha256":"8326f178c6dcd89d848a0e2a37c981f5ec5281f0fbbc9584f9d16b22969d5bbe","sha512":"797c451619d90b9ea145fa02305f4950377a5e8eb3e75d1efec2e0c995e843ecbf198448b36a9703e82f1e6be2e56e95514d0a7c12064663592a038a4f44fcba","ssdeep":"","tlshash":"e5e0f1d86bd4088b09cf3ca0d9456404f22e0d17671889ecdc02141328c7e2701c056f","size":403,"data":"","first_seen":"2026-04-05T09:40:22.040188Z","last_seen":"2026-04-05T09:40:22.040188Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"53e36f9b81247ee77b27a72562533c61","sha1":"49038b9036241a4cbb156b997625e5c2258e0004","sha256":"ba840e418d5bfefad4897668a1b8c551dddd379e77e939ce0000418b4dba24be","sha512":"6fd881f9ff93ff97e3a8f53791d9b5c78eaf871790086bdce03f8982395a040b6bb7f52ce74056d92245f759b13e1db8c1ec8567c77a4791153673e6aed8d8ba","ssdeep":"","tlshash":"82c08c63b59d050c1946408ce8d193088463358f2b00c712cdf075b6a8a9ae61fe238d","size":166,"data":"","first_seen":"2026-03-07T21:31:08.687586Z","last_seen":"2026-04-05T16:11:09.22203Z","times_seen":186,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5f3bdb47a5908dc521670fd84a292dab","sha1":"b55e1b0604b6a9255d47633c3de0a73fcf9f60f1","sha256":"88ece5b0f5bfc0f52d0d1dfa482846d042d1c00dd2135ac6f614714a622d2ecb","sha512":"05d984d407859cdb4d02153969eb959aaf45896c5a2b9c2e9db95a279b772ef8d1ae45b6bae88e68fb3ad08b6d2beb0fdee1a835fb096fde2be1b8d51408d7b8","ssdeep":"","tlshash":"fa9000b000a2ba233082b0b00c080a0a23a0083bec2b0f083bec03e00f22f828880808","size":43,"data":"","first_seen":"2025-09-27T09:07:06.198331Z","last_seen":"2026-04-05T16:11:09.222668Z","times_seen":240,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:40:00.177Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/d/ HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:00 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.11.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":7999,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2159)","md5":"8d3b1ee9b033bf7042e1049d27acc6b2","sha1":"fda400258f3eb63dc676571182905ce803e5e416","sha256":"e23ff298c2fb6fee8277fbc088b394e9472048d88834ff1ec6ae6ba3c30933ea","sha512":"3d8a3752ba2e33aa2745b6022920e76a74e05a89aaba23762f6d0ae2cc4b6535f91857f8b70ea4b112ed746d87a0bec567b60a00894da6d3f9a7e3fe141d7bc4","ssdeep":"192:LZhiSiriT2iuw2bvxsnGmOrdU9JqvqoynBfkgwZyh5RVC2M26NKDxhnUmNu:XCw2zUGrK9yuRVC2M26NKImNu","tlshash":"d3f1b6083ee3a407725f84869f9a5b3d31ed8b23eb049e5bf79e346d5bc85429452f04","first_seen":"2026-04-04T00:07:51.339864Z","last_seen":"2026-04-05T09:40:22.00564Z","times_seen":5,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/images/bg.png","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","date":"2026-04-05T09:40:01.054Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/d/images/bg.png HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:01 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"69a46169-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-05T16:49:33.651589Z","times_seen":245716,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/lhc.utils.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:03.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xinaomen/js/lhc.utils.js HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 11 May 2023 19:02:41 GMT\r\nvary: Accept-Encoding\r\netag: W/\"645d3bd1-dff\"\r\nexpires: Sun, 05 Apr 2026 21:40:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3583,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (969)","md5":"cf68fee5cc1d53672867c7bcb5b54cee","sha1":"1a7192a99b87e81b29e49e1697e0614d810c0fc6","sha256":"4e3a9748d8abee536fa9c325c1135ed0550079542dc95ed4283da41b68868f55","sha512":"a72135dac76b0cd478aa85828fe294dca0e7261fa28ea7c221944870f86ab2d7e19bd66e68d188ee80cb09a00dfb67e84d0f2bc0f9f4440025adb285a7918049","ssdeep":"","tlshash":"3e714284f1c2d175c6f925f4409e7019ae2addf5940e2215fa3c69cab839367b03ec79","first_seen":"2023-10-25T11:18:06Z","last_seen":"2026-04-05T16:11:09.205904Z","times_seen":242,"resource_available":true,"data":null}},"time_used":313,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":313,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xamlhc.json?t=1775382009154\u0026_=1775382003946","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:09.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xamlhc.json?t=1775382009154\u0026_=1775382003946 HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:09 GMT\r\ncontent-type: application/json\r\ncontent-length: 132\r\nlast-modified: Sat, 04 Apr 2026 13:37:31 GMT\r\netag: \"69d1141b-84\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":132,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"918fd1ecaa34e9791e281993e6f8f5a3","sha1":"d4f5f5e51b26d4bc5628824e4fa8e0819925cb54","sha256":"174248599cc4c3432434900fd08917321e990b7a0ef1fadbe74211c37dd52ea7","sha512":"09097fb05adc5e9d00b002035b3cd28106d1bc3383cc73226784486e4389dc4e47ce6af3df934fe40dcaf4f9a21249a00137d7e019cce3ae04f12d2c8bd3ac82","ssdeep":"","tlshash":"4ec092411d1d26133ec57298783d96e209a2ef2a1919eabc929ca8855beddd202960a2","first_seen":"2026-04-04T14:01:31.40341Z","last_seen":"2026-04-05T13:26:09.264842Z","times_seen":45,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:54.718Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nLocation: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":762,"timings":{"blocked":252,"dns":1,"connect":254,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/images/ie.png","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","date":"2026-04-05T09:40:00.483Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/d/images/ie.png HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:00 GMT\r\nContent-Type: image/png\r\nContent-Length: 830\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nConnection: keep-alive\r\nETag: \"699fec6f-33e\"\r\nExpires: Tue, 05 May 2026 09:40:00 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":830,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"72b1d5eeb79e6f8976814417ac34fedf","sha1":"9925a426e51eaa742044e7b90fcc28e3367039fe","sha256":"121769b065d7ef99e1464f650febbd3c8a4f5397b6e1ed7a8e4904f1c80195ac","sha512":"be0e4c10bcfaff854061f10145bf88781947247d3f702da927e9fc2feb6f9809ef3ed4dc9e83b8c18527d08c08df3e4eb251d04ff28b0273164dc6abb1bf5a14","ssdeep":"","tlshash":"ea0181fa776e08290f4cb756029022961f62b8890f22af007c15d4a5b244fee148e370","first_seen":"2023-11-03T09:59:56Z","last_seen":"2026-04-05T16:11:09.198171Z","times_seen":232,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:40:01.883Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/ HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: text/html; charset=gb2312\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nSet-Cookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454; path=/\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":65838,"size_decoded":0,"mime_type":"text/html; charset=gb2312","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (678)","md5":"043b25533dac054f520dec3dca8be868","sha1":"e35f721fd940f1db6c6aef5e325224389a3515c3","sha256":"9e13adab2315a2d0f36dc0de75bec6d3f3f5790da5a13c103cc7acba3f2d5c0b","sha512":"2c54839203059a497a9a545d91d7da04c6c2acf61ce5658e06c79297985cb13fae8d40cbd961e8654d7c717bcdf8c5add11d51f0b1f7488a4421bbc3a0ed3190","ssdeep":"768:mYhF1E27dbkRIaIwqUQPtwQo/F2phGSHPficFVFkvmDHam4Z:mUo27dbkRIaIwqUQlwQo/IHHicX6p","tlshash":"d2634f27eff6010a6043d4b873622b0aeb55450bd54a8d347fae66a48fc99b24c5f38c","first_seen":"2026-04-01T23:09:46.29059Z","last_seen":"2026-04-05T16:11:09.194874Z","times_seen":100,"resource_available":true,"data":null}},"time_used":787,"timings":{"blocked":257,"dns":1,"connect":257,"send":0,"wait":271,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/hd.png","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.539Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/hd.png HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/png\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-167c\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5756,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"c41ab0af5b15d0bff8b65b9b9700edd2","sha1":"68a7cfc4440793a13225e37f94c338e3cf733f6f","sha256":"a12c30c62c71388283e033c70de9acdaef743d595e43508dccd32ea219385cdc","sha512":"1c5020024a41e00d27b0a4b03c2c230900702c08a53f0946012c27deff05a23e8678338bbae02046b93c0df4136356a7e555faf7e683eecf9ae07c062c06a43d","ssdeep":"96:UllcHitlIxv9vk7C1+I4wWHLihk/xIu4zOzr9Fz3oRdFOfKPZGc7rf1xgK0f:PIIHUCD4wayuuOjzYRdcEdrf1xT0f","tlshash":"e2c18e4a5cc22b6e1c4a0f5a2d3ff9da4d6ab50c221c6d0c48a9c20fd7209219d77f0a","first_seen":"2026-03-08T22:06:19.807413Z","last_seen":"2026-04-05T16:11:09.17954Z","times_seen":144,"resource_available":false,"data":null}},"time_used":956,"timings":{"blocked":710,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/img/hl.js","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.558Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/hl.js HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"69a46169-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-05T16:49:33.651589Z","times_seen":245716,"resource_available":true,"data":null}},"time_used":450,"timings":{"blocked":194,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:55.230Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /demo/ HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":753,"timings":{"blocked":753,"dns":0,"connect":257,"send":0,"wait":0,"receive":0,"ssl":266},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"tuwang.tukuwangluo.com/i/2025/11/25/69248cf67b051.gif%3C/div%3E%3C/div%3E%3Cdiv%20class=","fqdn":"tuwang.tukuwangluo.com","domain":"tukuwangluo.com","tld":"com"},"ip":{"addr":"38.175.197.142","port":80,"asn":400304,"as":"REDOUBT-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.549Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /i/2025/11/25/69248cf67b051.gif%3C/div%3E%3C/div%3E%3Cdiv%20class= HTTP/1.1\r\nHost: tuwang.tukuwangluo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: text/html\r\nContent-Length: 148\r\nConnection: keep-alive\r\nETag: \"6748a946-94\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":1232,"timings":{"blocked":496,"dns":0,"connect":298,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/3.gif","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/3.gif HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 9530\r\nContent-Type: image/gif\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":9530,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 59 x 78","md5":"da0c1c911f3cb210860bd5cdd1c42796","sha1":"be089bf810dbe2de597c90d7a126263d467a390f","sha256":"df2dc71e8ad94ac5e58a057d7481ff46251fa5444b500c2840d234d69c454de6","sha512":"e5b798b5553c3afc84618fd22f747845ea6bf5c21804b7e95c9fc218b80f6ceb2ac91ae6bc59cf581b4c903cf4efbba31cdb6871fc281b0003c487f9c385407b","ssdeep":"192:DsSpbdyQptxAl4YcsJnT+4Fv+2RjJ5k6CSsSpbdyQpt4:QAbslHcinTjFrN5kpZAbs3","tlshash":"4f129f0d8cee9114f12612fc1abf74fa12ec998d8beb6507628534c33df621dd24676a","first_seen":"2024-12-23T01:42:44.970778Z","last_seen":"2026-04-05T16:11:09.180252Z","times_seen":186,"resource_available":false,"data":null}},"time_used":1061,"timings":{"blocked":943,"dns":0,"connect":0,"send":0,"wait":117,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/css/login.css","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:56.906Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/mobile/css/login.css HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:57 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"699fec6f-b03\"\r\nExpires: Sun, 05 Apr 2026 21:39:57 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2819,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (316), with CRLF line terminators","md5":"eaf43cd0752a6a21f039816b370916d2","sha1":"6091e81dfb0bf2a7ebf4726a2a5de7adbe13bbaa","sha256":"d31e9bb040d5a297f1d1b44f5eec9b99ad06f86238a19f8134ffbec066c09ab6","sha512":"7c0e54c4482ed95c85685f884afd90a6394c29429689e23e7a7617bb10343cafa7c4857d91844f79593663c51bf2d64c2e931ae979f5af3392113e9d964fc5d0","ssdeep":"","tlshash":"3051a7b6d209110ae4b7f36865e2d5ca309ec01bf407197efb6474e9c9c78af4531345","first_seen":"2025-09-22T03:01:52.225132Z","last_seen":"2026-04-05T16:11:09.184261Z","times_seen":212,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/%E5%B9%BF%E5%91%8A.gif","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/%E5%B9%BF%E5%91%8A.gif HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 131783\r\nContent-Type: image/gif\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":131783,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"b7a5d027c7d66f36a9807c20a2fe1e61","sha1":"21e44a291adb9772ef8b31cb6d84c227fa8e15c3","sha256":"a5151fde38be40c1b6371499ffb5711bf26f4ce9508aa724b0f6031eada7d708","sha512":"872e53e5e9b6fa68e4bb399ebf6c3ef345cbaa8f8eb6f3b8c424b9b996dfc695d03091f4dbb3e97b4a3164d2dc93d9c43edce4bd31b456a340fefe6cec9c938a","ssdeep":"3072:2VCT2EyPairD1BsJWY+ZXruyKekjJnNeojTlzBX31D7SJ4pB:QlXairzsJZg9GflzZ31K4","tlshash":"60d30282a22881d4dd7b5e1d36af5be125c630472ec4f1437d48e19b2036fdac8c6ae7","first_seen":"2024-08-19T21:04:18.399147Z","last_seen":"2026-04-05T16:11:09.188351Z","times_seen":182,"resource_available":false,"data":null}},"time_used":1340,"timings":{"blocked":476,"dns":150,"connect":114,"send":0,"wait":120,"receive":234,"ssl":243},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E5%8E%9F%E5%9B%BE/wechat2.png","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E5%8E%9F%E5%9B%BE/wechat2.png HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 631\r\nContent-Type: image/png\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":631,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 21, 8-bit/color RGBA, non-interlaced","md5":"c7506e9232411683bb3cc044b688d72b","sha1":"7601b5727cc56f0dc9c1c4b4cd843cd452c6da89","sha256":"57d5053e1f070c47f2ef98ad70353189f3c86d7f16233a4c8e8704d7f9430de1","sha512":"0a964c13e829ca773a1babd771274567cd494d897f98f1425bd38bab89fc462ea31e57916502669fe8e10a740f3a8f44372d83ba14489f789be1ba387bf3f9f3","ssdeep":"","tlshash":"a3f062e3b1805f6d5dce2f028267109af875571923c620bfc5e20f3028b4a3dac4ac45","first_seen":"2024-08-19T15:35:04.616175Z","last_seen":"2026-04-05T16:11:09.20525Z","times_seen":117,"resource_available":false,"data":null}},"time_used":926,"timings":{"blocked":445,"dns":1,"connect":118,"send":0,"wait":118,"receive":0,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/4.gif","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/4.gif HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 11334\r\nContent-Type: image/gif\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:59 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":11334,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 87a, 50 x 50","md5":"8aa0f2ca22b742b22cc82ea0f3bb1e8a","sha1":"1fb6ae7db4ad98f2bf392dae13d06659fca83e2f","sha256":"d0f52518dc4171c3205b311ea44090c45c8e393f01715349f7a185fc29670118","sha512":"ee01007789e3daa2098f427db7829209cd136796a7b758dddd3ee8cff7aae16608836594352385414469243f28dbc4866caa2ffb1dbfd6892c10bedb613cd514","ssdeep":"192:Bdt+OBEdiahm2sZc59N7eU1gxI+lhnX4JFc+qSWSDA0Hipjk6xqsMKg5ABG5K:oOBEEahBzeU1gxV4JFcCWSE0k4cqsMKL","tlshash":"bf32ae588559f14be05ef1fc0c0f4c3fae3a1951083ed697281c93096ffd19a8998ee9","first_seen":"2025-02-07T14:32:56.512881Z","last_seen":"2026-04-05T16:11:09.211225Z","times_seen":180,"resource_available":false,"data":null}},"time_used":1149,"timings":{"blocked":1044,"dns":0,"connect":0,"send":0,"wait":103,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/LunarSolarConverter.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:03.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xinaomen/js/LunarSolarConverter.js HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 11 May 2023 19:02:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"645d3bd2-1813\"\r\nexpires: Sun, 05 Apr 2026 21:40:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6163,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (3704)","md5":"08e0fded76ebb65c400c4ff35c3b2ae2","sha1":"9c1bcef224265877792312bf1f9821e4f825c0d6","sha256":"0492df3a61274cf69d7ebb7a795b3f5f6aad5d8deb70bce0338fd08cd3fa94d0","sha512":"045328d1387a1d75415c77c39862e189253b4dc3c7da8f95332004305c49b267f4cc8b995e5699edce1c09fa72b728c0b866f224d8973370d3aa0dc436c598a5","ssdeep":"96:yDBbFiEj9vhGRWMIJ/93pQXdEtodXuuslEZ1zNNVs+L3gNo321fz:qBBNCHcQXdE2ij","tlshash":"67d1fcc52b81aac912aa4b94b6293ef50217d117c9c9e48dfc48bac07cedf14127e3f0","first_seen":"2023-10-25T11:18:06Z","last_seen":"2026-04-05T16:11:09.196861Z","times_seen":242,"resource_available":true,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"8.999996996.xyz/facai/","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:40:01.261Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /facai/ HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":608,"timings":{"blocked":0,"dns":86,"connect":257,"send":0,"wait":0,"receive":0,"ssl":262},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/tx.png","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.541Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/tx.png HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/png\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-6c6\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1734,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"802ab34e7fee233779e0e14f2b42e08c","sha1":"46f91d20523697b2ed28200d87428b2d4793d240","sha256":"a1443f6c533e050c5e3c4bc3a41e5403ed2e783ab248c148a6f5ca4a7d6f6862","sha512":"a437f97d0d170316334ca0becf0839e5dafea916d4ea8588e4fd01b351e00e90784f78eee5efdcb9cf168739a5bc2261c1cfd02ba700f43e5882325220bf603f","ssdeep":"","tlshash":"03310b0b77f81b7f290278db526ac015eb9820dd2509660a937c957812a6d7aa534641","first_seen":"2025-01-19T15:39:13.875161Z","last_seen":"2026-04-05T16:11:09.20075Z","times_seen":158,"resource_available":false,"data":null}},"time_used":696,"timings":{"blocked":449,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kswc88kkg0.99kjhi.app:2860/dh/skintk/js/9js.js","fqdn":"kswc88kkg0.99kjhi.app","domain":"99kjhi.app","tld":"app"},"ip":{"addr":"141.148.156.69","port":2860,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kswc88kkg0.99kjhi.app:2860/dh/amtuku.html","date":"2026-04-05T09:40:03.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"99kjhi.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 23:02:13 GMT","end":"Wed, 24 Jun 2026 23:02:12 GMT"},"fingerprint":{"sha1":"AE:72:BD:2A:24:8D:13:0F:5F:F3:5A:B9:55:8C:2E:13:5C:78:8F:4B","sha256":"6E:12:60:54:70:E4:2A:19:A0:AD:DB:FD:72:F6:A8:3A:42:4D:3C:56:71:1E:46:39:69:B0:A9:15:47:7F:87:58"}}},"request":{"raw":"GET /dh/skintk/js/9js.js HTTP/1.1\r\nHost: kswc88kkg0.99kjhi.app:2860\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kswc88kkg0.99kjhi.app:2860/dh/amtuku.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Dec 2024 19:09:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"676da9f0-298a\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10634,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"bada4e434a112be260b85848ed7a672f","sha1":"0e83a2679856b1d6d9cfb02f0a27fe81c2d55fa6","sha256":"10c26c217a4647b85d64373b29bf0017f062556c5f8d3672e65600afa50bd903","sha512":"1d5f4cc35eb157a24adc87048c32af2beee379b6eac75539526c07c642c8c2eda34bce7a9436bf67393edd0a4bfbd31959417cc1ddc537392a7e2bc064a64d34","ssdeep":"192:OBzxW3h3+tUNvB3jBVVMg/Yj2igS7wK4it3AB4bbRAPztCMqeoX54AoYscw/+VQQ:LIb/Haj+d","tlshash":"f6224449a4a60b12b41374751f9f77ac67798c73cd29db283f5ea2c25fd106208e2b8d","first_seen":"2026-01-01T08:14:59.550064Z","last_seen":"2026-04-05T16:11:09.191631Z","times_seen":188,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":147,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/css/global.css","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:56.899Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/mobile/css/global.css HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:56 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"699fec6f-5316\"\r\nExpires: Sun, 05 Apr 2026 21:39:56 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21270,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"1997a77efe041ead66de41d4a21fd5d7","sha1":"3387d9083178db1437036223647b5973dd030af7","sha256":"8d8d9c35edc2feec828eb4e28ff7aac84f900e3f80e97b06da4411ac44bb1e63","sha512":"726c4738108f8d977e27ae58933ba989cfd37d04b36e28f59542207d9e7679d3d05684602ede41b5b3f8cb7ee77d4c73d934abbdf48512fae5020079fd01d806","ssdeep":"384:q1BwjStA5IBRBCxUCJ/W/yvBEj0NO+EP1G+glqM1uTdysaYMKJlJUHvFDr:q1BwjCAm3CxUCJ/W/yJEj0NO+EP1G+g3","tlshash":"b4a2b068d765604df216b6febfb05e062e4e54936a4f4a74a9f77818e04641f3c322cc","first_seen":"2025-09-22T03:01:52.243998Z","last_seen":"2026-04-05T16:11:09.194239Z","times_seen":214,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/css/home.css","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.512Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/css/home.css HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 01 Apr 2026 10:46:34 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69ccf78a-2aa3\"\r\nExpires: Sun, 05 Apr 2026 21:40:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10915,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"f3d6a3d482cda3d7e3320ce3eccca3f4","sha1":"fb9847171b3e62a990d48f3d0eb11d1c90a91324","sha256":"89a248802ee4896182201333c6bc9654f5d1276ba8bfaf309e50e98094ab0798","sha512":"fbb138d42a52f24990ada280f1ba92a4a881a99dd2ca3da59aaf5c30ac0f7f2e63d688811a3c6f1e3f80cd3132044acb899eb11d7851739f3727e6b8535b1d7a","ssdeep":"96:t8QjkmzMFD/pNlgMjzHV3i+cGV3AVkgaJJTCiI2Hicr/pf3TUlxGYJTakcoGCTBN:PtMFLFHVS+X3AVk9SlxGM7UexB97skHx","tlshash":"eb329531e746000ab17bc1697522fbe87605909ad20b4bfdb9d33695cfca2e21573b9c","first_seen":"2026-04-01T23:09:46.365165Z","last_seen":"2026-04-05T16:11:09.187001Z","times_seen":100,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/1.gif","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/1.gif HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 11675\r\nContent-Type: image/gif\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":11675,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 149 x 149","md5":"b9133d4de51be4383a7f264d5a6d055d","sha1":"e7272c70b77923c22bef4795f0433f879b2fa764","sha256":"27230e3d243bc417f364376807b09235db248c548d180a76cb8de6d32c8c9148","sha512":"2ad9af14a24d04907a52c2719c465821e12ac1d159a052ad6c79d69de6df00e4104c8f6bcefd41c9acc1c6fdd3159c16b182b620545c44d7fe1da1d8aded6d82","ssdeep":"192:3JimuuqFhLGxIUkHZ/ZM7fNraOJAR5B6AhxgsaTimRdcp+V7Zgkh2NvrY6t+gzqg:ZimRQs+jRZM7VrbJc5sAALimR+GgNNDX","tlshash":"4c32b062050e8bdae7df4cf0254393c2217b77fb6339a2421857751a324819fded5b46","first_seen":"2023-05-10T07:19:08Z","last_seen":"2026-04-05T16:11:09.182901Z","times_seen":275,"resource_available":false,"data":null}},"time_used":1032,"timings":{"blocked":529,"dns":0,"connect":114,"send":0,"wait":141,"receive":1,"ssl":246},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/ackj1.html","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.561Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xinaomen/ackj1.html HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 22 Jan 2026 15:58:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6972490e-14b4\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:1.11.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5300,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"7f868ac3f8353081ae94cff34dd37114","sha1":"782d6ff991d73be52fe0c1c511331022c748b820","sha256":"78ab9177c2567c29ab9728e3a839d2b94f437064c18f9ddf744c8086b94f864d","sha512":"9c59616410e7c857db4057bcec8509e1d05cf90ba033e9165b13242d140d23057f1c72bb029b97584711f52193dafdcecce054516fa0cc8c1cdbf648771426d1","ssdeep":"96:9/us9NS/wnFJBBjBHO98Uc1Pu0rVYsFR6W3DEoxxGNhGx4LNM:E/IBBjE8tlYsFR6W3DEoxIHGaLNM","tlshash":"07b1019214fb20256242c4e876b6bb0e2bb1d507d30bcf243bad66a19f86dc58d3765c","first_seen":"2026-03-09T18:06:16.294797Z","last_seen":"2026-04-05T16:11:09.196203Z","times_seen":147,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":-1,"dns":383,"connect":162,"send":0,"wait":168,"receive":0,"ssl":173},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/bg.webp","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:03.003Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/bg.webp HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/webp\r\nContent-Length: 45058\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nConnection: keep-alive\r\nETag: \"6969e0a5-b002\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45058,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2e0b0a6df433c27349982c89cc300a4f","sha1":"3074b21367fff4e7e088f44bcb5d36757e87bfb1","sha256":"163df3ddbc742334a6cac90101b2d264059eb195903c06f2366913a2090a75fd","sha512":"4774884d5dfeae84bbc0273e00b8e0ca4ae22543c87e3ef813499044d35290513ca59063514e58e813a3cb7522ce638fcfa68c9ce1f44c35f4441fce63a79cb6","ssdeep":"768:9wWIiIID61qqawOHBttzfPX/nIl6x06vRtdrdcTXQPrheF4cLSfpkQqk:O7E6ADwOHHRPfu6x9Xdr8QPr0F47fCQT","tlshash":"6613f2220dbdc115ca16a233eebf81b2a93d264b49bbdbd47f0317c74456c87b185ba4","first_seen":"2026-03-08T22:06:19.813754Z","last_seen":"2026-04-05T16:11:09.200142Z","times_seen":148,"resource_available":false,"data":null}},"time_used":893,"timings":{"blocked":126,"dns":0,"connect":0,"send":0,"wait":258,"receive":509,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/ackj1.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:03.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xinaomen/js/ackj1.js HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 24 Nov 2024 11:29:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67430e1b-261f\"\r\nexpires: Sun, 05 Apr 2026 21:40:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9759,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7184)","md5":"e8c14bab485acaa0b28e3d372cafe333","sha1":"6d415f69d9e24c34f3e7e376ccacf7253a475925","sha256":"f702d6b99be29031d390246662649704267312ff01be359c1862212f9da6db80","sha512":"877892cf9e756e7292cfc9086d8ee83606738c092fabda505e91d2e40fd64c2af97b95bc08a0278e0cfa6b53138a4272a2478988b5d25b5f2bbe3052feb711ea","ssdeep":"192:ep5Dog2p4j+AibS1YMYARHniFmYGI163FvvMpSNdJWdyO9ZLSD7yk+MFudVHg9TM:ll4SvMYMd1El163FXMpSN/W39ZLSD7y9","tlshash":"e012a50873d15c712a5be733af1fa0d8eb2e1bbb39a94c09f54db5605f4c604d1a6ab0","first_seen":"2025-11-12T23:34:33.076032Z","last_seen":"2026-04-05T16:11:09.189665Z","times_seen":160,"resource_available":true,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/favicon.ico","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:04.343Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:04 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"69a46169-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-05T16:49:33.651589Z","times_seen":245716,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/666666/images/docsearch.png","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:57.167Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/666666/images/docsearch.png HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/css/global.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:57 GMT\r\nContent-Type: image/png\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"699fec6f-9f8\"\r\nExpires: Tue, 05 May 2026 09:39:57 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2552,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 62 x 63, 8-bit/color RGBA, non-interlaced","md5":"4b5bef3f0f00b81a03b72d23b1d24e8d","sha1":"cf87b4256750d3264d0ef16db3d09e135395441b","sha256":"4c3a0cce0b83dadc1df318ba060a870db3ded1e08b3620586f494856e7b25502","sha512":"64606e423cda34f211d770b1c5dad7bb94ebbe23c5a705cbe009933b2b51a9d0ecc95326797bcf276b128442fdb5dd2be81d167f7ba0b9f3b697c8dd7d17a27b","ssdeep":"","tlshash":"43513c5b02026ce71c15a15191a38109fbc13e3b7d7d471dfba8c8e80b4add5ae95129","first_seen":"2023-05-10T13:00:24Z","last_seen":"2026-04-05T16:11:09.197514Z","times_seen":213,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":209,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/sy.png","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.531Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/sy.png HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/png\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-4ab\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1195,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"04d843fa6cf555eda27665c73395a247","sha1":"168b707e3a1a1f999e82dff2855d9d69495da665","sha256":"21c86c0e02c9f0df11cdf0b60f1b621c9205d1aa2ff524b866188ff78a6e23d6","sha512":"08e3f9c34c30ccff66a7f824c5468308c31f51c1e2072ce18438a3d72764e5babe63d807268e81f3b68477d110c19ddbb48c739ef19bdab977fc797195971783","ssdeep":"","tlshash":"4421d7bd3960dc8d88a62cdbad4fcb1800831e499927016c9c38e452af0bea2fc61127","first_seen":"2025-03-02T04:13:33.606712Z","last_seen":"2026-04-05T16:11:09.202651Z","times_seen":153,"resource_available":false,"data":null}},"time_used":962,"timings":{"blocked":716,"dns":0,"connect":0,"send":0,"wait":245,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/js/jquery.min.js","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.560Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/js/jquery.min.js HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-16bac\"\r\nExpires: Sun, 05 Apr 2026 21:40:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93100,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32072)","md5":"e0e0559014b222245deb26b6ae8bd940","sha1":"e2f3603e23711f6446f278a411d905623d65201e","sha256":"89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e","sha512":"60740da8f871b8263675db2421b0e565fc18e95c772f7c3d5916f224263cd71a6a2e6acceab2f6f8ba1c0607951f0198f525d87d0589fa57045b1d5f292dacf0","ssdeep":"1536:q4mCgi8DyCuXXFiJ+L0kJQsJVPEKLQRZdC/RlfDknv+p0WzH/IoSZ7qABZnu0sFv:qGsKXlI2p0WPSbDrstfam","tlshash":"ba93f8ddb2d1b06257bb21bd006f540ff236195e280d8850f129e8eabc74a4d9277fad","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-05T16:29:29.551585Z","times_seen":18219,"resource_available":true,"data":null}},"time_used":963,"timings":{"blocked":196,"dns":1,"connect":253,"send":0,"wait":259,"receive":254,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/css/font-awesome.min.css","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:56.908Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/mobile/css/font-awesome.min.css HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:57 GMT\r\nContent-Type: text/css\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"699fec6f-78f8\"\r\nExpires: Sun, 05 Apr 2026 21:39:57 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30968,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30805)","md5":"ebd2f6764a6563b33793269a5c5244db","sha1":"fc24798cfe5f0dd6aae0ba5f14ed04a1a5febacd","sha256":"e51dff009132623ec5cf0328800f93b4e68e86bb0203669a085e1f0d9271286d","sha512":"6dec4dbb6316277d2d9b85ee09bc111f668c989902ba633f89a70fd3907594ff42532a8a1a9137cfb262b902084deed145acc07bc77f1cbdd53b79c0d31eee1b","ssdeep":"384:9u5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:2lr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"48d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d22a522c5fb9","first_seen":"2025-09-22T03:01:52.212503Z","last_seen":"2026-04-05T16:11:09.210555Z","times_seen":212,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":209,"dns":1,"connect":256,"send":0,"wait":258,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/favicon.ico","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:57.840Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:57 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"69a46169-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-05T16:49:33.651589Z","times_seen":245716,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/favicon.ico","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","date":"2026-04-05T09:40:01.048Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/QQlogo.png","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/QQlogo.png HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 79177\r\nContent-Type: image/png\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":79177,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 419 x 419, 8-bit/color RGBA, non-interlaced","md5":"25ea317c70ea22661128146d18b6d3e1","sha1":"bb94eaf19a87e6c62e1eb646937da4a93c42e6ee","sha256":"5884444afc52c565f6cf367ae278228333debba5211e58335a55c3cb6e773a38","sha512":"e71c111ec53f44b703b5b47ffc78e553e4b451e8e4f25c6b484037face9030b63cb9089818bf1c37a8970bd38eb4e2400ee846055625a7677fc4cf754156b75f","ssdeep":"1536:w8aVlvQX35+iGJDF/FV7IdMZmOPIIM38ehXXznRaVpafYwssjIrSD:DIZQ5FGJDbBmOP5c8kXXznRVfYwvIs","tlshash":"b173025a170025cd6f2b906b5ac0530af22fb81460c6640ad1eb677ddd0bbdfa36ed36","first_seen":"2026-03-08T22:06:19.810216Z","last_seen":"2026-04-05T16:11:09.203294Z","times_seen":101,"resource_available":false,"data":null}},"time_used":1056,"timings":{"blocked":444,"dns":1,"connect":117,"send":0,"wait":118,"receive":122,"ssl":246},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/245.jpg","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:03.316Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/245.jpg HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/css/nn.css\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-52a8\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21160,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=744, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1602], baseline, precision 8, 100x46, components 3","md5":"f128062eb96d39810b2cde053b63b8a1","sha1":"c975cf4032febdd77b304c35a5a4677488437471","sha256":"8be878c673af5f97070b4751d3505f8911a4c4dc6333b3d74be3c7c28c450470","sha512":"b22dc2f4774d75afcf82c308c7084c1c7f29feb1b1651c7d348a78bdfaacdf430acfff3612c721cfc7308ea8b937509ec27ad4e146875119ba3c732037b2a2a8","ssdeep":"384:DCYNg73fmbPwGYNg73fmwsnWdD5LHYNg7P/zgwndV:DCYy7MPTYy77sWpdYyYwndV","tlshash":"01923a35af66df53f9e1d77458f1e792b3527b28e7a32782305c6a013b602c09d8d18a","first_seen":"2026-03-08T22:06:19.863603Z","last_seen":"2026-04-05T16:11:09.209227Z","times_seen":148,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":177,"dns":0,"connect":0,"send":0,"wait":245,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/yxzd.png","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/yxzd.png HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 331170\r\nContent-Type: image/png\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":331170,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 185, 8-bit/color RGB, non-interlaced","md5":"2b1e18ad6253d638f310c008353e163d","sha1":"9fcad1a0983f930ccd63c521942a0bfa12ee759a","sha256":"0af4c9eb2c141b68f2aff2afaa0a347312dcd29173c0057588d058da9e2232f5","sha512":"dd811917ef46a06dc43b8ec08bd0e88af2c7621e49f8c62a723b2a4897c98804a766a7e30f0e141647f2565512183d64cf4b6f57b9fae8ae0cd6fad620c15791","ssdeep":"6144:NzsAl5Mi0c2WidcA1WKv5Lqx2AY54o9twDhPOmoBSF4BWCMtY6lfelJL:bl5r0c2proKvlqx2AY5ftFSOTT6clh","tlshash":"6664235ba1261732d377507305fda21a2db98bbad7385e916a00e2d305ce1deee60bd0","first_seen":"2026-03-08T22:06:19.862388Z","last_seen":"2026-04-05T16:11:09.1809Z","times_seen":147,"resource_available":false,"data":null}},"time_used":1367,"timings":{"blocked":432,"dns":1,"connect":113,"send":0,"wait":118,"receive":459,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kswc88kkg0.99kjhi.app:2860/dh/amtuku.html","fqdn":"kswc88kkg0.99kjhi.app","domain":"99kjhi.app","tld":"app"},"ip":{"addr":"141.148.156.69","port":2860,"asn":31898,"as":"ORACLE-BMC-31898","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:03.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"99kjhi.app","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Mar 2026 23:02:13 GMT","end":"Wed, 24 Jun 2026 23:02:12 GMT"},"fingerprint":{"sha1":"AE:72:BD:2A:24:8D:13:0F:5F:F3:5A:B9:55:8C:2E:13:5C:78:8F:4B","sha256":"6E:12:60:54:70:E4:2A:19:A0:AD:DB:FD:72:F6:A8:3A:42:4D:3C:56:71:1E:46:39:69:B0:A9:15:47:7F:87:58"}}},"request":{"raw":"GET /dh/amtuku.html HTTP/1.1\r\nHost: kswc88kkg0.99kjhi.app:2860\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: text/html\r\nlast-modified: Sat, 04 Apr 2026 14:14:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d11ce1-610b\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24843,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CR line terminators","md5":"cd3962547a84275a3758caf1b0b929a2","sha1":"2d31d5ec6ec806f9409467730e0a3769a4f75a0b","sha256":"0faa8fefa0f8ca709258d7b9b8c129aaace31f00f7fedfedd1eafcecc7d0aaa0","sha512":"4dfeeac4e0caf4e20e8588418a6d81f82157c7b2b21ea944fb15951070c98d36d9cd1fa30f073022d740b48d20a731f7cf5aa3049d99704d7e59f5b8df80a437","ssdeep":"384:b5Un5UTrdw6rdw6rdw6rdw6rdw6rdw6rdw6rdwoJdUxTNH:b5Un5UvdpdpdpdpdpdpdpdmFh","tlshash":"8ab2793667e02f5763c2c9e3a41bed0943f58c35cabec2c6bbae64a11f9c9a11443355","first_seen":"2026-04-04T14:17:34.46331Z","last_seen":"2026-04-05T14:03:55.142874Z","times_seen":50,"resource_available":false,"data":null}},"time_used":824,"timings":{"blocked":332,"dns":34,"connect":146,"send":0,"wait":146,"receive":0,"ssl":162},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/static/js/layer.js","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:56.905Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/mobile/static/js/layer.js HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"69a46169-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-05T16:49:33.651589Z","times_seen":245716,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/images/1.png","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","date":"2026-04-05T09:40:01.056Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/d/images/1.png HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:01 GMT\r\nContent-Type: text/html\r\nContent-Length: 138\r\nConnection: keep-alive\r\nETag: \"69a46169-8a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-05T16:49:33.651589Z","times_seen":245716,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/css/news.css","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.514Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/css/news.css HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 31 Mar 2026 08:02:42 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69cb7fa2-446d\"\r\nExpires: Sun, 05 Apr 2026 21:40:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17517,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (353)","md5":"8cee0804c6cf544d9b1e6dfd53271d67","sha1":"1a6259c1b057d2301277b99019799fd5d740412c","sha256":"2aa820762ea966697d95e4b079b3fe64d1353ebe1f7961fafb58428e93c195bd","sha512":"536558cc0d3d6fc165018d0df2fe9de1585073db78b29127d48ffecde5d65a5274934f9d2e5978967716759ee5710490387cb07a2db7dee1c14b538b1bd983d0","ssdeep":"384:9Ol2VF1Z4VPRfINA9F7gVk9Xmyb7PTfG9p6kq:9OOFX4VPRANA9FcVkbBV","tlshash":"c2726133e652104ab107d4ab6f51abd93338a013c85b9f7ab9f67168cfc20fe55a1748","first_seen":"2026-04-01T23:09:46.350182Z","last_seen":"2026-04-05T16:11:09.211876Z","times_seen":100,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/5555.png","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.527Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/5555.png HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 31 Mar 2026 09:32:39 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69cb94b7-6009\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24585,"size_decoded":0,"mime_type":"image/png","magic":"GIF image data, version 89a, 500 x 106","md5":"1d071d2be5365c84c8d961b2018f0f49","sha1":"ac14584a5ccc9205330798d1b279f575215588f4","sha256":"5426630593b5c58ad86ff9201a62804687e41c2920efa0e71cff356a9e61cb9d","sha512":"a432151e47de03933280ebb555c13ed9184745c2e255f6b2b76c50daba168f8e7b3a0e92059e227422e7b78ef571402133dca0406c4c1c1c0103772b87b94929","ssdeep":"384:7SBD0nUDEc5iKaQG2m99PvlrlhnlSDrm0AezLMVp5PyGsxYvMca89jgOffGrqBIS:IDKWniKa6GFpVpl3sxYEca8dq8IyGJHm","tlshash":"ecb2d046bf303a0225ddbc004586bb64023024aff6c0bcf2bd2ce67eeb512b574a9956","first_seen":"2026-04-01T23:09:46.367986Z","last_seen":"2026-04-05T16:11:09.195521Z","times_seen":100,"resource_available":false,"data":null}},"time_used":1499,"timings":{"blocked":464,"dns":1,"connect":267,"send":0,"wait":268,"receive":275,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/2.gif","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/2.gif HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 5201\r\nContent-Type: image/gif\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET:4.0.30319","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":5201,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 50 x 50","md5":"85a968009b68a5ef2d2abee26c890186","sha1":"e26c6c003d900549f78f5122d05f19e1473f5179","sha256":"1b48811307f378d0008307e7b3e0d88fe6268ae2f1525b1f67ad3d13d59c3bf0","sha512":"88d4dd897cbb9c1a9b4e978de48b360312e905fd3f65f55586eccfdeaca9db76c935dd5f1aea3db0291374476e0243ca7145a706ed6a78b56e41bf98724bc898","ssdeep":"96:kGsKVu0t546YLJYWNbTXerk+/zWNbt4yXXT3IT:JVDt54rHNmryNB4yHTYT","tlshash":"51b16d07d2f06d34c549cfb0d9399d0a70ade42bed65285583e7b20763912bcbe16c0b","first_seen":"2025-02-07T14:32:56.510863Z","last_seen":"2026-04-05T16:11:09.198826Z","times_seen":184,"resource_available":false,"data":null}},"time_used":1054,"timings":{"blocked":922,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?5c754ac15a8c95da0a32585720c545fe","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:03.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?5c754ac15a8c95da0a32585720c545fe HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11293\r\nContent-Type: application/javascript\r\nDate: Sun, 05 Apr 2026 09:40:04 GMT\r\nEtag: 0c0ca230fc2d74d7570088ee111a7e18\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=16CE75D970E51904; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29899,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (623)","md5":"bff68e5b2c73aa52ad0f27103c1e7c01","sha1":"e2e3da92a4c4319d2ef0fca7070a09a9b645254c","sha256":"857bdea28634f0930c28bd8cfb7d60b43a3ad333263841a47410155103f35958","sha512":"03abda35cbbc453f96d95273976cf10be24a6fac3057f3762cfb452fd39fd2a0d3f3a475238db43b4e217ec70a29098c1aa26399763b23c15f2a5528d1af6609","ssdeep":"384:6JJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:6J4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"bfd2d9e9b282713293a324a5153f324af17b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-04-05T09:40:22.024708Z","last_seen":"2026-04-05T09:40:22.024708Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1857,"timings":{"blocked":761,"dns":1,"connect":250,"send":0,"wait":326,"receive":1,"ssl":515},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:59.142Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /demo/d/ HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":506,"timings":{"blocked":506,"dns":0,"connect":257,"send":0,"wait":0,"receive":0,"ssl":264},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/cz.png","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.536Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/cz.png HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/png\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-85f\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"9305f904ad19b9876d4007d10b97575b","sha1":"c818dcdfb52517716b1c822f7a4d8472af1626b4","sha256":"e5066c7fcd4637e8ad3bda079331ab6595b11db31c4c7086a474a6343bc4238b","sha512":"04f2e32946a550c05b133e70024f61a569cadc31fd992907efda8b5286deb5f8b25336fbf692ad999903e05bb60d0eed796aa2887ca8251190979ed4bd40f01f","ssdeep":"","tlshash":"ab410a4c394123ab06aa4c06deefca47b4bf88541b524c649aa5827617facc4f41b62f","first_seen":"2025-01-19T15:39:13.88084Z","last_seen":"2026-04-05T16:11:09.185636Z","times_seen":154,"resource_available":false,"data":null}},"time_used":1494,"timings":{"blocked":606,"dns":1,"connect":267,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%9E%97/%E7%AE%A1%E5%AE%B6%E5%A9%86/traitymxx.gif","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%9E%97/%E7%AE%A1%E5%AE%B6%E5%A9%86/traitymxx.gif HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 198963\r\nContent-Type: image/gif\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]},{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]}],"data":{"size":198963,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 240 x 240","md5":"751097927fc77a8ed4bf784c70161075","sha1":"52e738dc9698ee4faab28a38964d52d0542af998","sha256":"20b9f16d625ea660d8a49a7ea8db0eecf4a04fb31faaf85ea0bb43d6d0c5be09","sha512":"dd5813b2e584f5ba6ba3a3ed74b86bf19a1edade81017d1a0d2817ed1370bb19114088621a517de200c59361fc77f50d24a24c640948dc477d9bc917ad915a79","ssdeep":"3072:ePM+p4vmc1wicuQxc2V8FU80vl12bZ6FcxCsXF381AHAcW5yjuPE9tfdjMOu:Ee+c1wicbLl80fY6FcxV3AIW5BE7V4Ou","tlshash":"9614023fd321c4ba9c1ab5fa8917159b042f8c85116a412abdf3f8d37531a4094bf9bb","first_seen":"2024-08-19T19:10:17.044192Z","last_seen":"2026-04-05T16:11:09.199497Z","times_seen":151,"resource_available":false,"data":null}},"time_used":1267,"timings":{"blocked":434,"dns":1,"connect":117,"send":0,"wait":119,"receive":346,"ssl":245},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xinaomen/js/jquery-1.11.2.min.js","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:03.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xinaomen/js/jquery-1.11.2.min.js HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 11 May 2023 19:02:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"645d3bd0-176de\"\r\nexpires: Sun, 05 Apr 2026 21:40:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95966,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047)","md5":"87e69028f78d75ca225b3dc54d233239","sha1":"b33ee3b42b988eef9d4d62495b6e54e23dd642fd","sha256":"d4ec583c7604001f87233d1fe0076cbd909f15a5f8c6b4c3f5dd81b462d79d32","sha512":"6679e3ee7d02d17cf5b5d93a8a1dfd58f9b79120936442a75ffed668d6f2496ec615bc128cee6bf7fb8e0062cc6e0bfa96523519d8210bbc5d690b05512b4cd7","ssdeep":"1536:5P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLNFoqqhJ7SerN5sVI6xcBgPv7E+nzms9l:A4Ud4qhJvNPqcB47MfWWca98Hrh","tlshash":"d093e8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-07T01:10:31Z","last_seen":"2026-04-05T16:11:09.209882Z","times_seen":1354,"resource_available":true,"data":null}},"time_used":328,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":328,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:56.516Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/ HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:56 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9864,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"903bc2bcd530da234ee0a84f736d1700","sha1":"790ef0d7d7f357dfc42f41c925395619e44d18aa","sha256":"732240a4cf9953f3d37e863f8ed62f75b9a7b233e3ee5b0631565055434f3044","sha512":"c45f1486fc354d5ae5b20c0fdaad978dbee6f2ef5066d0bc3d35d8585bb6106e4be8fb99dab34c4359b4f2fd79ea5fa5e036943b524ccdbbe729f5d719f32810","ssdeep":"96:DbQD2mT2SgjLra0QwcYZYvXspALH6QnEVyEgolyV7AGtbPCA+81eOiUAvEKBrtYR:QDh2xjPahT0pEwwV5tjm0UdHYUQv","tlshash":"5712623294f2143782e381987271570b3a91d95bc90b4e18b3fc1ae69fc7e92de4366d","first_seen":"2026-04-01T23:09:46.31964Z","last_seen":"2026-04-05T16:11:09.201386Z","times_seen":100,"resource_available":true,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/css/nn.css","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.520Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/css/nn.css HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 17 Mar 2026 09:07:32 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69b919d4-dda\"\r\nExpires: Sun, 05 Apr 2026 21:40:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3546,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"dc34be8ebc91db11c953c1ca805dd41f","sha1":"799967fa9fb3f99069c56e64991f34434a75f37f","sha256":"6137a0354ab7c5329e7d3879ee70363669735d3c7665fd294eff39b7a76ba3d3","sha512":"9800fd18d845da3ed4abe07e1a3e880e7297c7d7cf76532c28d07d16b70ef95dd558cb0510b615e0dcb4f60b9245a6a9f2bc58a3f4b0d1ea36faabf9e1d0a29b","ssdeep":"","tlshash":"ea71bbf28333698b7111c6282b21728526294a13c78fc874bb86bb9c6fc53644dd5bdb","first_seen":"2026-04-01T23:09:46.277888Z","last_seen":"2026-04-05T16:11:09.202039Z","times_seen":100,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":225,"dns":1,"connect":244,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"643941.freep.cn/643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/am.png","fqdn":"643941.freep.cn","domain":"freep.cn","tld":"cn"},"ip":{"addr":"173.208.190.4","port":443,"asn":32097,"as":"WII","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA1","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.freep.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Wed, 21 May 2025 08:14:02 GMT","end":"Sat, 20 Jun 2026 08:14:01 GMT"},"fingerprint":{"sha1":"36:1E:56:A3:DD:8C:1D:B1:CC:09:28:60:60:7C:A1:4C:7E:25:95:7A","sha256":"77:E6:0C:41:80:B8:22:94:45:7F:A6:C6:E3:52:4A:CB:6F:75:69:00:14:35:E3:2C:37:03:CC:58:58:82:54:32"}}},"request":{"raw":"GET /643941/%E6%AF%9B%E6%A1%83/%E7%AE%A1%E5%AE%B6%E5%A9%86/am.png HTTP/1.1\r\nHost: 643941.freep.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Length: 40891\r\nContent-Type: image/png\r\nExpires: Mon, 06 Apr 2026 09:39:59 GMT\r\nAccept-Ranges: bytes\r\nServer: Microsoft-IIS/8.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Headers: *\r\nDate: Sun, 05 Apr 2026 09:39:58 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"IIS:8.5","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Microsoft ASP.NET","description":"ASP.NET is an open-source, server-side web-application framework designed for web development to produce dynamic web pages.","website":"https://www.asp.net","common_platform_enumeration":"cpe:2.3:a:microsoft:asp.net:*:*:*:*:*:*:*:*","icon":"Microsoft ASP.NET.svg","categories":["Web frameworks"]}],"data":{"size":40891,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced","md5":"8f199257f16e3015b7c08fef25fb046d","sha1":"d1cd99070acf11162fd6a160223c1f0bed592b37","sha256":"5657dcbb33dc45dc26ecbc6eff6a6c39e1c629304a08f251d02f6f538ab74820","sha512":"653b590b8f49f1ef6186747064fa8bd50d1af794694bfa1032e7619db020abc6b6bc04306a24b8713202cc06ba5b4a57e54152644047cf5a6d44e4a6cf327cbf","ssdeep":"768:4Dbc9aH/y3cpHj4k06/8Za5lyrLzbEoGY7KoFJbIBE3ygFkjq69bWlufClg:obcU5hjLSkwLz4oGY710cyg2jq69yMz","tlshash":"9603f1acdf8e25367580b001ddd696ed6c9b0645afa8ae429c81bfc70027f709c4b5db","first_seen":"2024-03-30T22:59:35Z","last_seen":"2026-04-05T16:11:09.207227Z","times_seen":170,"resource_available":false,"data":null}},"time_used":952,"timings":{"blocked":832,"dns":0,"connect":0,"send":0,"wait":118,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/css/fbi.css","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.525Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/css/fbi.css HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 17 Mar 2026 09:14:36 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"69b91b7c-1ce1\"\r\nExpires: Sun, 05 Apr 2026 21:40:02 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7393,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"6025c7a06a579785be6eb5878be4d667","sha1":"f7db25388f9dc9a147970dd6319caa6f622b250b","sha256":"9511ac9fb44927fdf1d9b3018b0efcc6f93e93e97216f30900138b59d1475a83","sha512":"a6d62102c1f893e7865eb64e67751ea436ce31803612af6b2d691467f75924c146777965703a68c4e8aba2409813845c84893c7d43689fb051c671f49e48d45d","ssdeep":"96:85X4difW4KrFRVQW145OCXZtTb0dT5S957/WaZnh157/WaZnhl:3zFRWW1eX7bI5S957/Waz157/Wazl","tlshash":"b8e1be5fef845c0a762d18ab3b242fe7312a4c6b181a5db26569f0487bc507b43d0bad","first_seen":"2026-04-01T23:09:46.342535Z","last_seen":"2026-04-05T16:11:09.187623Z","times_seen":100,"resource_available":false,"data":null}},"time_used":710,"timings":{"blocked":220,"dns":1,"connect":244,"send":0,"wait":244,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/gz.png","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:02.533Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/gz.png HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/png\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-60a\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"4f31af928b54eaf79d9a1fd0a676933f","sha1":"397cb06af12e6d4ffb1c0bdc32b28fa7f08239bf","sha256":"6f1f4fcec6862f8ae4cc70032782ca48c51351d3f4c8325fc746b9cafcd96899","sha512":"34c8b64d6fc2d374222fcfe28323d3cf65aca286ac80f2410ca230438bea5ad93380e99a51028d4810d84bdbceff1dd64b02feceb0e79f7d911302a7e90f1567","ssdeep":"","tlshash":"db312adec3e0d60d956eee6119e38b32d3cb28800fa73406127d0462ee075c8359031d","first_seen":"2025-03-02T04:13:33.607946Z","last_seen":"2026-04-05T16:11:09.208529Z","times_seen":153,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":466,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wanzhuanliuhe.a82518a.app:3080/yj.html","fqdn":"wanzhuanliuhe.a82518a.app","domain":"a82518a.app","tld":"app"},"ip":{"addr":"161.153.6.176","port":3080,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:03.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a82518a.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 14:44:32 GMT","end":"Fri, 29 May 2026 14:44:31 GMT"},"fingerprint":{"sha1":"47:C0:86:63:DD:95:BD:07:E7:25:2D:77:84:F9:08:99:9C:39:80:91","sha256":"23:17:32:3D:76:13:9A:F8:F4:53:36:1F:45:D2:06:B3:5C:D2:EB:31:DA:69:FF:BD:69:49:AA:1C:F2:91:B2:C1"}}},"request":{"raw":"GET /yj.html HTTP/1.1\r\nHost: wanzhuanliuhe.a82518a.app:3080\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 05 Apr 2026 09:40:03 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 18 Sep 2025 16:14:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68cc2feb-10dc\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4316,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (349)","md5":"d60144abbd8ca023a42e4fe0e4ce08d0","sha1":"e880e4c696232f023c067c48485b184f8081cced","sha256":"bd6577eca4dde740d7743030bf414df2f193e53b2a15f08629b95890715fe7e6","sha512":"eb56caa2f6b7c81f6caf3ce5ceaa790d9e0a55097903338c0e103024b543b6d235bee6c8c3b616cbd4c6d5c0dfb12fbfcd72a7da7855a4693e9faa6549e787eb","ssdeep":"96:9PfPJ/XmgibqscVDoODrw7zq2RFK1DXUIlGfUEw+P:r/X1cqZVDocrwhRwlGcEw+P","tlshash":"c191b672fae3050661b761bf717f834971209483240ecb097d9f32244f82a4635bbbd9","first_seen":"2026-03-08T22:06:19.855741Z","last_seen":"2026-04-05T16:11:09.190993Z","times_seen":148,"resource_available":false,"data":null}},"time_used":826,"timings":{"blocked":334,"dns":32,"connect":146,"send":0,"wait":146,"receive":0,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/tt.jpg","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:03.314Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/tt.jpg HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-15b1\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5553,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 718x80, components 3","md5":"067701aab4accef3fc421e1dc100b230","sha1":"83a60867b19e7f7cb714c35d606d15485b56ea3c","sha256":"201ce5cff30866e2f4c95c30e05a8794b8ac129b43b89862ae94cca6f3418968","sha512":"fb6e7bf8a6ac135c19acf03490a74830e678d99e7d60f80d512dd9276d0c891c119006f6c190b0f4a61318b7fad2ec27054ac62595bb5f2c66c59307855e9bc8","ssdeep":"96:IUxd161llzaeHjKJ8TnC3aan+MWLKW+/4gjW90+4st5RNxg/:IUDeHja2C3aan3WLKzQgK++4snRN+","tlshash":"feb13ca507b3da23e25e05745bf9d394e609f902b1e0b94777c12fe81499ed0cce1389","first_seen":"2026-03-09T18:06:16.284568Z","last_seen":"2026-04-05T16:11:09.203947Z","times_seen":104,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=16CE75D970E51904\u0026cc=0\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=45\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=522257011\u0026si=5c754ac15a8c95da0a32585720c545fe\u0026su=http%3A%2F%2F8.999996996.xyz%2F\u0026v=1.3.2\u0026lv=1\u0026sn=38855\u0026r=0\u0026ww=658\u0026u=https%3A%2F%2F336309.com%2Flink%2Fxinaomen%2Fackj1.html\u0026tt=%E6%96%B0%E6%BE%B3%E5%BD%A9%E6%97%A0%E5%B9%BF%E5%91%8A%E5%BC%80%E5%A5%96%E6%9D%A1","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:04.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=16CE75D970E51904\u0026cc=0\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=45\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=522257011\u0026si=5c754ac15a8c95da0a32585720c545fe\u0026su=http%3A%2F%2F8.999996996.xyz%2F\u0026v=1.3.2\u0026lv=1\u0026sn=38855\u0026r=0\u0026ww=658\u0026u=https%3A%2F%2F336309.com%2Flink%2Fxinaomen%2Fackj1.html\u0026tt=%E6%96%B0%E6%BE%B3%E5%BD%A9%E6%97%A0%E5%B9%BF%E5%91%8A%E5%BC%80%E5%A5%96%E6%9D%A1 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Sun, 05 Apr 2026 09:40:04 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=C759F488AEB77BB1; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T16:48:53.272297Z","times_seen":327913,"resource_available":true,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":316,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/static/fonts/fontawesome-webfont.woff2","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/","date":"2026-04-05T09:39:57.410Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/mobile/static/fonts/fontawesome-webfont.woff2 HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/mobile/css/font-awesome.min.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:39:57 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 77160\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nConnection: keep-alive\r\nETag: \"699fec6f-12d68\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-05T16:45:27.588207Z","times_seen":413580,"resource_available":true,"data":null}},"time_used":772,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":515,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/js/jquery-1.11.2.min.js","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/","date":"2026-04-05T09:40:00.479Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /demo/d/js/jquery-1.11.2.min.js HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://0ywhqfhm1khndemzh9cm.999996997.xyz/demo/d/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:00 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 26 Feb 2026 06:47:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"699fec6f-176e2\"\r\nExpires: Sun, 05 Apr 2026 21:40:00 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95970,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32047), with CRLF line terminators","md5":"9fa0022c8b400800ef0b78b6af2ae364","sha1":"3de2597bce3595b78d5f17b0be2926e6c1755131","sha256":"ac07fa7df8194a01cee6f9140603c0c03b2c3fb1ae02c7c2d00f1c9c35d8c134","sha512":"5f77320dde6aa89949e0dae4acccb7a20b9edd282af94da86a39cbf77cc50c7e88ed82d492cb2ffbc341c7dfff2a17d73a2db23d2edca5a226ac215b0acd8ac2","ssdeep":"1536:0P1vk7i6GUHdXXeyQazBu+4HhiO2AEeLyFoqqhJ7SerN5sVI6xcBvPv7E+nzms9e:f4UddqhJvNPqcBH7MfWWca98HrK","tlshash":"fa93e8d9b7d67062977730b850bf510bb13a98eab80c4c60f1a4d8e47e74a89507bf2d","first_seen":"2023-03-26T14:39:24Z","last_seen":"2026-04-05T16:11:09.189015Z","times_seen":277,"resource_available":true,"data":null}},"time_used":518,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":259,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xamlhc.json?t=1775382003974\u0026_=1775382003945","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:03.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xamlhc.json?t=1775382003974\u0026_=1775382003945 HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:04 GMT\r\ncontent-type: application/json\r\ncontent-length: 132\r\nlast-modified: Sat, 04 Apr 2026 13:37:31 GMT\r\netag: \"69d1141b-84\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":132,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"918fd1ecaa34e9791e281993e6f8f5a3","sha1":"d4f5f5e51b26d4bc5628824e4fa8e0819925cb54","sha256":"174248599cc4c3432434900fd08917321e990b7a0ef1fadbe74211c37dd52ea7","sha512":"09097fb05adc5e9d00b002035b3cd28106d1bc3383cc73226784486e4389dc4e47ce6af3df934fe40dcaf4f9a21249a00137d7e019cce3ae04f12d2c8bd3ac82","ssdeep":"","tlshash":"4ec092411d1d26133ec57298783d96e209a2ef2a1919eabc929ca8855beddd202960a2","first_seen":"2026-04-04T14:01:31.40341Z","last_seen":"2026-04-05T13:26:09.264842Z","times_seen":45,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":162,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0ywhqfhm1khndemzh9cm.999996997.xyz/demo","fqdn":"0ywhqfhm1khndemzh9cm.999996997.xyz","domain":"999996997.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:54.089Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /demo HTTP/1.1\r\nHost: 0ywhqfhm1khndemzh9cm.999996997.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":613,"timings":{"blocked":0,"dns":87,"connect":259,"send":0,"wait":0,"receive":0,"ssl":265},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"0ywhqfhm1khndemzh9cm.999996997.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"8.999996996.xyz/facai/img/238.jpg","fqdn":"8.999996996.xyz","domain":"999996996.xyz","tld":"xyz"},"ip":{"addr":"2.59.152.3","port":80,"asn":212921,"as":"Hdtidc Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://8.999996996.xyz/facai/","date":"2026-04-05T09:40:03.315Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /facai/img/238.jpg HTTP/1.1\r\nHost: 8.999996996.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://8.999996996.xyz/facai/css/nn.css\r\nCookie: PHPSESSID=tih3eftaqq7mkpnidb0fn81454\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 05 Apr 2026 09:40:03 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Fri, 16 Jan 2026 06:54:29 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"6969e0a5-11eef\"\r\nExpires: Tue, 05 May 2026 09:40:03 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73455,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, progressive, precision 8, 780x1169, components 3","md5":"16891a0cec307f539e9ecfce8456e45a","sha1":"1396f05dd8e4822036705737287f3bdc148c3ba9","sha256":"f8a40ad7026719510cb03b311c04207e34e580634399d54d5cc0e2347fe23def","sha512":"5067ad17c6ac43a6ee0f7dd8b3b31d3163f65b4f647cc042d86eba6963fd4bbdae1b0411b7cf33f304337cdf791573822cd156398878815f0c29ea3716185721","ssdeep":"1536:W+FjZElPaXlEeWR+j0ibiw0UhNgQJ55Kvh3J/ixjjAh2SoPkL2:fVEdaXWf3i2emh3J/0jjo2SOkL2","tlshash":"147302716892c4a3f1c3e0b4c8a27a89595aaffe1363ad3647d4653a3b40364fd14d4e","first_seen":"2026-03-08T22:06:19.837489Z","last_seen":"2026-04-05T16:11:09.207863Z","times_seen":148,"resource_available":false,"data":null}},"time_used":810,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":247,"receive":491,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"336309.com/link/xamlhc.json?t=1775382014329\u0026_=1775382003947","fqdn":"336309.com","domain":"336309.com","tld":"com"},"ip":{"addr":"38.97.254.137","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://336309.com/link/xinaomen/ackj1.html","date":"2026-04-05T09:40:14.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.336309.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 22 Mar 2026 06:00:00 GMT","end":"Sat, 20 Jun 2026 05:59:59 GMT"},"fingerprint":{"sha1":"77:93:19:CB:53:5B:E2:36:B6:0F:F7:66:3B:66:5C:46:3D:88:04:39","sha256":"6D:41:77:1F:BF:6F:5C:A5:CA:58:75:2B:DC:5B:D3:2A:43:4A:03:52:AE:1B:54:E6:14:1E:EC:8D:FE:D2:4A:23"}}},"request":{"raw":"GET /link/xamlhc.json?t=1775382014329\u0026_=1775382003947 HTTP/1.1\r\nHost: 336309.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://336309.com/link/xinaomen/ackj1.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 05 Apr 2026 09:40:14 GMT\r\ncontent-type: application/json\r\ncontent-length: 132\r\nlast-modified: Sat, 04 Apr 2026 13:37:31 GMT\r\netag: \"69d1141b-84\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":132,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"918fd1ecaa34e9791e281993e6f8f5a3","sha1":"d4f5f5e51b26d4bc5628824e4fa8e0819925cb54","sha256":"174248599cc4c3432434900fd08917321e990b7a0ef1fadbe74211c37dd52ea7","sha512":"09097fb05adc5e9d00b002035b3cd28106d1bc3383cc73226784486e4389dc4e47ce6af3df934fe40dcaf4f9a21249a00137d7e019cce3ae04f12d2c8bd3ac82","ssdeep":"","tlshash":"4ec092411d1d26133ec57298783d96e209a2ef2a1919eabc929ca8855beddd202960a2","first_seen":"2026-04-04T14:01:31.40341Z","last_seen":"2026-04-05T13:26:09.264842Z","times_seen":45,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}