{"report_id":"5ba577f8-a8bb-4a46-85b2-0083874205fb","version":6,"status":"done","tags":[],"date":"2025-10-14T22:35:51Z","url":{"schema":"http","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"172.83.154.238","port":0,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"title":"91UU色站"},"submit":{"url":{"schema":"http","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"172.83.154.238","port":0,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-18T22:35:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"polyfill-js.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"xn--d5-fk7ca.91uusp159.sbs","ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"domain_registered":"2025-10-14","domain_rank":0,"first_seen":"2025-10-14T22:35:52.153952Z","last_seen":"2025-10-14T22:35:52.153952Z","alert_count":12,"request_count":12,"received_data":967946,"sent_data":6824,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xyz.youji3.buzz","ip":{"addr":"121.0.97.21","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"domain_registered":"2025-02-24","domain_rank":0,"first_seen":"2025-08-06T07:57:49.074643Z","last_seen":"2025-10-06T09:53:49.235571Z","alert_count":0,"request_count":2,"received_data":68122,"sent_data":1298,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"polyfill-js.cn","ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"domain_registered":"2024-08-01","domain_rank":240780,"first_seen":"2024-08-04T22:10:30Z","last_seen":"2025-10-14T16:38:05.0332Z","alert_count":1,"request_count":1,"received_data":493,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b288d082a3795043520b0e68ca93b79c","sha1":"21869b2cf8e5ade69dbbeecfab1db5668da2ab6e","sha256":"932801324279f9522c488eb285cad8e0a7aac11377a6d0f2bf024c4a505781c9","sha512":"cff65dccda13ecdde53fb7683d031fd58b758357c05aac68d9424f876b604bb8ae9b3fbdd27bfdf3956cfa1c9ccded76d8a736e4661614674e7c79ae59117b5c","ssdeep":"","tlshash":"5c3144e0c60bfae5a02a592fb3dd1b5bca362306c5027f94fd0c62005f0e724b4f45a4","size":1761,"data":"","first_seen":"2025-10-13T07:48:52.230933Z","last_seen":"2025-11-22T00:59:22.691599Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/jquery.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-03T19:25:58.461115Z","times_seen":60463,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"682f41fdbfeddfd82194bdf1a00400c9","sha1":"2822feb74ea599caba9c55a0ebf403464d91b4ae","sha256":"f6f09ff47141227d512c4724a5159d3e314ed8c8becbeb937079430c73ba9ce8","sha512":"7b85c7b4b8cbc37dd73cbfaa2f61033cdba8881ac0ea4d07e78adaaa68a2db21cef80db4ab44f7bbd1c98a59625e084db1c8a380a1629068a25d36e382f236df","ssdeep":"","tlshash":"52b0926760659935e87261e9cc3885681125615b5c0add907f8d40f19bcf09e35f2149","size":125,"data":"","first_seen":"2023-03-07T12:04:05Z","last_seen":"2026-03-27T22:14:18.878401Z","times_seen":503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c0c86be4621be2c22d13ac3f205006ac","sha1":"444f7a92e539d54f66d01d990a8a83650719f8cc","sha256":"bdc735f519296173918a82075c937e931a79eed15825bdc0807e5d75de69efa5","sha512":"8e730ee456863a0501ab03b16f4119e2b612d1498909a5555cd00e29783b5103ec49b3c8d8a6a85efbaa23ccc9b37df1109caea4b9a6c93509e99dad197f83dc","ssdeep":"","tlshash":"8ff0592158ef1efd613aa27e6d7e892972ab2c19a0a0c044ae80a4155eb298586502c8","size":506,"data":"","first_seen":"2025-10-14T22:36:05.975957Z","last_seen":"2025-11-22T00:59:22.693122Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xyz.youji3.buzz/matomo.js","fqdn":"xyz.youji3.buzz","domain":"youji3.buzz","tld":"buzz"},"ip":{"addr":"121.0.97.21","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"8e15c63c0a10e6eb98666cf8dbb0c1d9","sha1":"4b7eae296c97a3ccb482166f0a71eea670e2d7f2","sha256":"dbefc0fa9b6b7680a9a1c1e5a0f0cc7c8ae3c41a7b15c206a144963cb36a073d","sha512":"4ba6fda2503491d67e565db8e94ee6366f33c6d47c8171ffa91ddcde0ea143ebd4ef7ed448924214144f92961ad2065190b69edb1b32de9f1696d4e8c95f4007","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXL0+Yv+6S9en60kLddaSiVdmQwJ4ITDXVwXFD6:AT+Z2fu7av+6S9jLddaSiVdmQePXVP","tlshash":"1163d5ca72c279398bca2075503f1187b17aada7144cc4a4f56ac4fa3c3891e957bf78","size":67514,"data":"","first_seen":"2025-04-11T12:58:45.765735Z","last_seen":"2026-04-03T19:18:12.640695Z","times_seen":7508,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"8806a10fe3390ec78e72503b2bdaa98c","sha1":"4c780613cee62b76779d444e6f229e49093f7f8e","sha256":"9da99e2024409f1d2a4eb0bfa64b469add4f5b1ad3a8875150e216dc48402adb","sha512":"a527b49de6d3ea56080327c160360f637e23c29652c95bccd6a85ed13d88e02dc14d1790a4ec60ff86c20684c69ca26b6e8f488303fbafae713645197bb1951e","ssdeep":"","tlshash":"5301a48a769360761173216e8f6f610570662c6b1809c804fa4c41a0bf1468bb652bae","size":749,"data":"","first_seen":"2025-10-13T07:48:52.235128Z","last_seen":"2025-11-22T00:59:22.702779Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d617c201d1c14420dd64584caab25720","sha1":"f0ce903c41419ed3b5680ec8c4ca7cb879c1e9f8","sha256":"d4120ff5140259e2d0d19bede161600b58accb36ccc617b12f58e9b13588dbc8","sha512":"ca1e939ac91b6628d2b4bf2d5974c1e34614938659c78e50daa12e072fd47d5c33a5bc3d83cc7cd33ba0daefe96e97df429eb04c21bcb88272998a54995d7248","ssdeep":"","tlshash":"67b0922000a8f310cb36a0bca816405ac6325380a21e79a5918858782cf345cb44d881","size":110,"data":"","first_seen":"2023-03-07T01:41:27Z","last_seen":"2026-04-03T20:00:53.128123Z","times_seen":2661,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/home.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"97e311d35a4aa0ba09575a8dc989660b","sha1":"8166b5f8ba52aa57ab23321a8ddc8d0118f1e590","sha256":"1a52c16e5a7fc905630d52185ca457108cb0a65a4567cf6157709c1c5eceb311","sha512":"d3f4e4ef8af316fd4207a6db03e856917d5124263104ba9ebf0db1be151ce65172d26b6338d24553df9fe65b828e2a452a39bde7d1144a875c20bd5e28da9db8","ssdeep":"768:hR0cTTu8eMbZLbhpa6a/b7z9SsbhbeA5gr9GiSo5E7Iw4TQv5:hRZXde96oRiG5","tlshash":"ae03a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","size":38309,"data":"","first_seen":"2023-03-07T01:18:35Z","last_seen":"2026-04-03T19:07:44.615347Z","times_seen":5605,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/jquery.autocomplete.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"932466cf2976a99330383be9ffe8ca6b","sha1":"732c55aa5bbb6efb63fad871db9773139929d0e6","sha256":"22a879d897b0c6559e8a4f0e1d7f8866471478740a5b5cace3c29c97c8fdaf18","sha512":"e1ea60c13642bbc8ed8cd448007d5096c4067596b1fee2bea55f1fea765bab59f97f92fa973bdd329ccf78087be301325b14a206592a76c3699128459559159b","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviE:Ed7Dr7OtZTqE","tlshash":"d3b2ec0979e3226292a7707e8faf0008b676a557240cdd50bd1ca7d02f54938b6f7fe9","size":25108,"data":"","first_seen":"2023-04-07T04:49:34Z","last_seen":"2026-04-03T19:25:58.47002Z","times_seen":19993,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/jquery.lazyload.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dfc308833c7ae64a6e0e6bd33fb51d7","sha1":"527e4dbceb22c063ed1bc5bd2ec362d9a412892a","sha256":"f3a5e91219434ff92ae7b36b9582136a75f56b605ebeb54bac21efdfea4466d1","sha512":"383aec26af4153c8d03cf7ab898378d5be2d509fcc12e87daaccaf2a51f145ac57b08c3001db895ed95b24e807c5290d256e5570a519b2c478185b9472d27578","ssdeep":"","tlshash":"d641e5863f027534f179a9ad430f52096127d03b92d58dd1b089d8ecfcf86579a3698b","size":2232,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-03T18:39:46.850207Z","times_seen":18853,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8098b6de8ff111117dd2985d5112eb55","sha1":"6976f5e25a045bff43573961c2930b01d3cb25bb","sha256":"9e8ced825ff99d6826d4eade5e7b86b4c562c1771226e5947dbe9e42bb688b6c","sha512":"9cb726a73270f89929adc270b73a7f1fdb269efc4385c7216828cbd39343658ed55195e7f1c7f9d97ab2d6a3dc79c5f8cac59bb729d23d1f27b71828caa1b857","ssdeep":"","tlshash":"055000030000000f303000cc0000c00c00000300c30c0000c000c0300f0c3c03c03000","size":11,"data":"","first_seen":"2025-10-14T22:36:06.00608Z","last_seen":"2025-11-03T10:30:11.341585Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b70b0bb6edfffa983420704eb038e861","sha1":"b904359a6983faf60fc7cad17c30baebbd147753","sha256":"2e2656e2d15551a4d34b8f04eaf665e6d2f4219e91514bf70529c96db2896e39","sha512":"5fc5c8cf9898cbeb4dbb48f59f9d3c414e6eefd6d997d9cf70d97ba24bcde4f437c86cb9554963a60bf511963ed46fd2f2188e9360a1400c73717fb0bf0d7a78","ssdeep":"","tlshash":"2bd02b5f2d0b58f03b4500a31378f508f0a2144a9424e001b0ed8c144f50fc044ad795","size":275,"data":"","first_seen":"2024-08-14T21:24:11Z","last_seen":"2026-04-03T08:26:48.416544Z","times_seen":1067,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"polyfill-js.cn/v3/polyfill.min.js?features=default","fqdn":"polyfill-js.cn","domain":"polyfill-js.cn","tld":"cn"},"ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"435a451090061be4c0254761f2f94e1f","sha1":"1a873f8c9a0dfb421e3213dfbbfa8aafa9960d4c","sha256":"6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2","sha512":"0506dbdede1f984b75421ec86cdd451752ec85b44f5a6f880bc0f06bf8884f1f934f4eafad41ed89015d2118a73bd4dcb20ad4b0d2118e16f311aa25737cf1ab","ssdeep":"","tlshash":"43b012a448824f95eae305c0485602851baf5fc95405d318ce72a41cc862845b2ccc6c","size":104,"data":"","first_seen":"2023-12-16T06:03:22Z","last_seen":"2026-04-03T19:31:02.037316Z","times_seen":21079,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"86a705a9e0c9bbeb5e8a017fb58faa88","sha1":"845f565990862ad692516a51b7653fc0061ae70e","sha256":"d7030b92ede2b36f71f1c798a188de4b80ba87bb0506418d0a68b71c3edcf4ee","sha512":"017e62c9156c246525f2cfe72fa76ee1143392da4be56a09e72293934face90f89dc09e9e9955a0b0f370e160f692c33b599ceae20f4bbb9dea294df41409b4a","ssdeep":"","tlshash":"b851a61f7aa720da0aaa34f32a8b185cac32d4004e2f41a5d153e58059785fdd65ffc9","size":2918,"data":"","first_seen":"2025-10-14T22:36:06.018659Z","last_seen":"2025-11-03T10:30:11.34445Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb/css/hmlcss.css","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb/css/hmlcss.css HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"68dfa692-14506\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Fri, 03 Oct 2025 10:33:54 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":83206,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"baa1d230cf38a468af5bdfafd15d9236","sha1":"0814a6ca423907607a0d04063b44d24cafbcc8a5","sha256":"9b0a2fa4444e5286ddae1e1c60e8a731266e3bb860207c292192aaaa28bda511","sha512":"5fa9a406e770f6d87f6f1645c74ad875b613e08ae161942ce40a5e8a3d39b2a7ee92dc313d01267828d5a557542c0d0e0233150e148639252f7960e2f4e267b2","ssdeep":"768:Iv05FDlGFEFcOGM7wNFQN+tLd4sIzOBsu4RENkFQFUhLEInFy+JmsxFT7RNXymjp:0qq9MugUd4VRok2ehHysxj0mjH/QmjV","tlshash":"2f837397eb221149b02781a8bbf7a7a6533e5003f106ee7dbe852144cf0d4e55af3789","first_seen":"2025-10-09T13:22:41.884483Z","last_seen":"2025-11-22T00:59:22.684076Z","times_seen":4,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb/css/app.css","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb/css/app.css HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"663594ca-ad7\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Sat, 04 May 2024 01:52:10 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-length: 1100\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2775,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"10ed0187661da39c9a77410e13032af4","sha1":"65505f1d0202db01e3107abf0159368c33ee04cc","sha256":"88af95046a7a176d7fb3de5824eeaabea4ff929d6a2c84a65d9cb8fc02784680","sha512":"94adf5a9bb1ac7e3fbf60db0de861482ee1fd1d5b1ceb8076de5ba177293ad82b8191673c2d2f77862717196a4f71510c7afcef3341e8f53b36726f347d3e8f5","ssdeep":"","tlshash":"ef511262fd63050c702bc0a86be2d799133ce1436115d9bdbf413566cf4edc861bab89","first_seen":"2024-07-19T08:39:31Z","last_seen":"2026-03-17T14:18:16.434963Z","times_seen":57,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/jquery.lazyload.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/static/js/jquery.lazyload.js HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"67d28346-8b8\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Thu, 13 Mar 2025 07:03:34 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-length: 744\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2232,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2230)","md5":"9dfc308833c7ae64a6e0e6bd33fb51d7","sha1":"527e4dbceb22c063ed1bc5bd2ec362d9a412892a","sha256":"f3a5e91219434ff92ae7b36b9582136a75f56b605ebeb54bac21efdfea4466d1","sha512":"383aec26af4153c8d03cf7ab898378d5be2d509fcc12e87daaccaf2a51f145ac57b08c3001db895ed95b24e807c5290d256e5570a519b2c478185b9472d27578","ssdeep":"","tlshash":"d641e5863f027534f179a9ad430f52096127d03b92d58dd1b089d8ecfcf86579a3698b","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-03T18:39:46.850207Z","times_seen":18853,"resource_available":true,"data":null}},"time_used":416,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":368,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb//image/miaobofa.png","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:29.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb//image/miaobofa.png HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"68dfa93e-13a7\"\r\nexpires: Thu, 13 Nov 2025 22:35:29 GMT\r\nlast-modified: Fri, 03 Oct 2025 10:45:18 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5031,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"4734df9e6a8742a84969402bfe138232","sha1":"5a6abf7866222bbc53cba432d3fa3ca872ca9e2e","sha256":"090e5fe3419b9e88404dee8bd1cd58120b2da90af58614961636e11016d37382","sha512":"23e30cf4701127b083c2659c9d79a1a9f0fbf163ceac49e6676d583ee108a381c0a096211d310244a2f992e95b3c6436e941ec0af6f9d587c99cb4f65a290b38","ssdeep":"96:CSPF3jiXbrbdlngFRmmjV/K8Q/YapJmn0B41eKqjb0Mt6YDA+tK+8z:CSt3+PMHVy8Q/YOm0EeKqjOYPtK+k","tlshash":"61a19f0e021d6f062fdec47e144d35e6d03ef955b2cae2d64b052d3d2c84ddeaa62087","first_seen":"2025-10-09T13:22:41.880592Z","last_seen":"2025-11-22T00:59:22.683233Z","times_seen":4,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb//image/miaobofa.png","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:29.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb//image/miaobofa.png HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"68dfa93e-13a7\"\r\nexpires: Thu, 13 Nov 2025 22:35:29 GMT\r\nlast-modified: Fri, 03 Oct 2025 10:45:18 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5031,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"4734df9e6a8742a84969402bfe138232","sha1":"5a6abf7866222bbc53cba432d3fa3ca872ca9e2e","sha256":"090e5fe3419b9e88404dee8bd1cd58120b2da90af58614961636e11016d37382","sha512":"23e30cf4701127b083c2659c9d79a1a9f0fbf163ceac49e6676d583ee108a381c0a096211d310244a2f992e95b3c6436e941ec0af6f9d587c99cb4f65a290b38","ssdeep":"96:CSPF3jiXbrbdlngFRmmjV/K8Q/YapJmn0B41eKqjb0Mt6YDA+tK+8z:CSt3+PMHVy8Q/YOm0EeKqjOYPtK+k","tlshash":"61a19f0e021d6f062fdec47e144d35e6d03ef955b2cae2d64b052d3d2c84ddeaa62087","first_seen":"2025-10-09T13:22:41.880592Z","last_seen":"2025-11-22T00:59:22.683233Z","times_seen":4,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb/css/bootstrap.min.css","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb/css/bootstrap.min.css HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"663594ca-23af5\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Sat, 04 May 2024 01:52:10 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146165,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"a0c2623961e94406a74753948fdb937a","sha1":"c5f3c6515f6fa97d082f32d2c0a089103c8b0796","sha256":"f51cd728bb98f90d00e03cac3d68953563a02ae2c758a1f4989ad8bc9d2e22e9","sha512":"0dd888d802dd885a7000087709418026928d144e3267f0c9528a678e832726d491482f86e490c92e6dcc7ad2443e52edc0f89ee5a47981a0ae4fddfbb1da95aa","ssdeep":"768:qYpSttMtGtXsiMiaLbgPVJ7wJ5FJL0+UWjJ3Q/QFMAiiJKJQvQSnv758IWCY9RjF:0gtt0PaUWmvRGOA/JKTsNu/zH","tlshash":"57e36564ba1131cf23539bc8b7b08d525f1462b1de1f4dbef096294c83d85683a72ade","first_seen":"2024-07-19T08:39:31Z","last_seen":"2026-03-17T14:18:16.420515Z","times_seen":47,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/jquery.autocomplete.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/static/js/jquery.autocomplete.js HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"67d28346-6215\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Thu, 13 Mar 2025 07:03:34 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"932466cf2976a99330383be9ffe8ca6b","sha1":"732c55aa5bbb6efb63fad871db9773139929d0e6","sha256":"22a879d897b0c6559e8a4f0e1d7f8866471478740a5b5cace3c29c97c8fdaf18","sha512":"e1ea60c13642bbc8ed8cd448007d5096c4067596b1fee2bea55f1fea765bab59f97f92fa973bdd329ccf78087be301325b14a206592a76c3699128459559159b","ssdeep":"384:EC8MJlHqBlgr2qMrLXej2Jy7fwaoSXo0TviE:Ed7Dr7OtZTqE","tlshash":"d3b2ec0979e3226292a7707e8faf0008b676a557240cdd50bd1ca7d02f54938b6f7fe9","first_seen":"2023-04-07T04:49:34Z","last_seen":"2026-04-03T19:25:58.47002Z","times_seen":19993,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb/image/miaobologo.png","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb/image/miaobologo.png HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"68e79fc1-65578\"\r\nexpires: Thu, 13 Nov 2025 22:35:29 GMT\r\nlast-modified: Thu, 09 Oct 2025 11:42:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":415096,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10583 x 2268, 8-bit/color RGBA, non-interlaced","md5":"3d9ba3e364455015e2095ba3cff161b7","sha1":"3034756b37fa6867a0a7eb6d586e076e3da0354c","sha256":"3adbe35e745cea153333f0339ce42379ef89461107a78ebd41a96b244155b957","sha512":"4c5e78d5db30f947d983046b970dfc7d2758072880dd90b30f33f193f79d6d95cb7320e4c850888abbd89d20edd7c49e34dee0d7b946113bddb9997e329309da","ssdeep":"6144:Uh2F/sOtImE7o52bpBT2tDPX2k0mwfYuSSt5ywpfxxTT3w1CkQl7xUTbD:82kzsYPA7xnSt5vLT3aC3KPD","tlshash":"a994f1819a0fcde4d89551bcd479afc677e115bbc6060fc62b79e0b16ec620a70af0c6","first_seen":"2025-10-14T22:36:05.919534Z","last_seen":"2025-10-14T22:36:05.919534Z","times_seen":1,"resource_available":false,"data":null}},"time_used":501,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":501,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyz.youji3.buzz/matomo.php?action_name=91UU%E8%89%B2%E7%AB%99\u0026idsite=2\u0026rec=1\u0026r=821605\u0026h=22\u0026m=35\u0026s=30\u0026url=https%3A%2F%2Fxn--d5-fk7ca.91uusp159.sbs%2F91uu%2F%3Freferrer%3Dhttps%3A%2F%2Ffucc-g8.91fls11.top%2F\u0026_id=7ef15fb243497343\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=d4rkPG\u0026pf_net=962\u0026pf_srv=350\u0026pf_tfr=54\u0026pf_dm1=655\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"xyz.youji3.buzz","domain":"youji3.buzz","tld":"buzz"},"ip":{"addr":"121.0.97.21","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:30.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xyz.youji3.buzz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Sep 2025 10:21:43 GMT","end":"Mon, 22 Dec 2025 10:21:42 GMT"},"fingerprint":{"sha1":"A9:49:C2:52:E1:E3:65:C8:46:8F:F8:BF:43:1E:57:4B:9B:26:08:07","sha256":"E9:34:84:41:CA:4C:CC:7A:35:4E:08:8E:4E:1A:88:06:35:B6:13:60:15:4A:C7:A6:35:C3:33:BF:49:37:D9:30"}}},"request":{"raw":"POST /matomo.php?action_name=91UU%E8%89%B2%E7%AB%99\u0026idsite=2\u0026rec=1\u0026r=821605\u0026h=22\u0026m=35\u0026s=30\u0026url=https%3A%2F%2Fxn--d5-fk7ca.91uusp159.sbs%2F91uu%2F%3Freferrer%3Dhttps%3A%2F%2Ffucc-g8.91fls11.top%2F\u0026_id=7ef15fb243497343\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=d4rkPG\u0026pf_net=962\u0026pf_srv=350\u0026pf_tfr=54\u0026pf_dm1=655\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: xyz.youji3.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://xn--d5-fk7ca.91uusp159.sbs\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Tue, 14 Oct 2025 22:35:30 GMT\r\naccess-control-allow-origin: https://xn--d5-fk7ca.91uusp159.sbs\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":304,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-14T22:35:27.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/?referrer=https://fucc-g8.91fls11.top/ HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Tue, 14 Oct 2025 22:35:28 GMT\r\nserver: nginx\r\nset-cookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139169,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (364)","md5":"45437cbc8bf0d4fa14cd9fdc315f8448","sha1":"0edfd580329343f3b2806b2fffc62c836239b867","sha256":"00bb895b7a10aa0b9dacdc277658fae36c71128e6cd2c00a1e88d884c3b6bf93","sha512":"39b6584cefb6c2e3cb4e1b3b77b863eb987ece5079f9e526a6f960ad99191aecc950513a7a0dc696b13cc061104299abaa04200dbe9ed0571c7772daf5b44c47","ssdeep":"3072:l+MEUTIRHi3Jp9rL+ajV8Mo3zGERIoiz0CNSsk:l+MEUTIRHi3Jp9rL+ajV8Mo3zGERIoia","tlshash":"2dd3df238282873b5a9308c6b01dbb2b65f6977dd8070f82bd7d20ba6785e5b443d5cc","first_seen":"2025-10-14T22:36:05.934135Z","last_seen":"2025-10-14T22:36:05.934135Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2270,"timings":{"blocked":960,"dns":647,"connect":153,"send":0,"wait":350,"receive":0,"ssl":157},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/template/2025mb/css/common.css","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/template/2025mb/css/common.css HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"663594ca-22ea\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Sat, 04 May 2024 01:52:10 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\ncontent-length: 2222\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8938,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"06bed8d53fc7fcfab8e6c76125a194bb","sha1":"270a01ae0c4a864846bfcdf4245dc24f48c343b9","sha256":"1957c7170270e227ded0e4aad44e20369404a75e373290e1c89cc267a1563c15","sha512":"0a42363b0ac1ae310a592ca75698cb1aa1e4c6eaef961d40a15c08e46324333f064f62c35e60feed235275fe23aa7aec81c7004f21637b92b1ec1bd7d4ed38f9","ssdeep":"192:0CkFV6yNDlDUPjbebHn404yF6Fsywn2qoZr7U5Ef:tkFYjbebFF6FPLJUk","tlshash":"6c02ee538b732505b41ee1ed6fa457952339d043630fca58bfe8775c8f8a0d4a826bc9","first_seen":"2024-07-19T08:39:31Z","last_seen":"2026-03-17T14:18:16.421514Z","times_seen":51,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"polyfill-js.cn/v3/polyfill.min.js?features=default","fqdn":"polyfill-js.cn","domain":"polyfill-js.cn","tld":"cn"},"ip":{"addr":"137.220.134.176","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:29.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"polyfill-js.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Sep 2025 23:05:45 GMT","end":"Wed, 10 Dec 2025 23:05:44 GMT"},"fingerprint":{"sha1":"08:18:F2:02:F3:A5:20:BE:39:46:B8:76:39:63:9A:32:AB:C1:81:53","sha256":"F6:82:8F:89:16:CE:25:2F:AE:12:9D:04:38:26:20:77:B4:DD:8D:5E:64:D8:EF:40:B8:7F:0A:DE:AD:36:F1:81"}}},"request":{"raw":"GET /v3/polyfill.min.js?features=default HTTP/1.1\r\nHost: polyfill-js.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Methods: GET,HEAD,OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\nContent-Type: text/javascript; charset=utf-8\r\nDate: Tue, 14 Oct 2025 12:16:37 GMT\r\nETag: \"1760444197\"\r\nLast-Modified: Tue, 14 Oct 2025 12:16:37 GMT\r\nServer: nginx\r\nVary: Accept-Encoding, User-Agent\r\nX-Cache: HIT, server, disk\r\nX-Cdn-Server: cn\r\nContent-Length: 115\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"435a451090061be4c0254761f2f94e1f","sha1":"1a873f8c9a0dfb421e3213dfbbfa8aafa9960d4c","sha256":"6c68769e8470ce89a0f2270529a5d47db00917e3ef9df946dca202098f09d0a2","sha512":"0506dbdede1f984b75421ec86cdd451752ec85b44f5a6f880bc0f06bf8884f1f934f4eafad41ed89015d2118a73bd4dcb20ad4b0d2118e16f311aa25737cf1ab","ssdeep":"","tlshash":"43b012a448824f95eae305c0485602851baf5fc95405d318ce72a41cc862845b2ccc6c","first_seen":"2023-12-16T06:03:22Z","last_seen":"2026-04-03T19:31:02.037316Z","times_seen":21079,"resource_available":true,"data":null}},"time_used":2865,"timings":{"blocked":1268,"dns":605,"connect":328,"send":0,"wait":328,"receive":0,"ssl":334},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"polyfill-js.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/jquery.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/static/js/jquery.js HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"67d28346-169d5\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Thu, 13 Mar 2025 07:03:34 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-03T19:25:58.461115Z","times_seen":60463,"resource_available":true,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":417,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--d5-fk7ca.91uusp159.sbs/91uu/static/js/home.js","fqdn":"xn--d5-fk7ca.91uusp159.sbs","domain":"91uusp159.sbs","tld":"sbs"},"ip":{"addr":"194.147.99.49","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:28.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.91uusp159.sbs","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 00:18:42 GMT","end":"Mon, 12 Jan 2026 00:18:41 GMT"},"fingerprint":{"sha1":"C3:8B:16:48:78:6D:3C:F0:11:AF:88:D0:67:2E:41:F2:0E:4A:31:90","sha256":"BC:EC:BF:F7:2C:50:C3:89:87:CE:D9:7A:68:D3:BC:74:89:9C:22:C6:B5:4B:BD:47:03:9E:78:7E:81:08:EC:3B"}}},"request":{"raw":"GET /91uu/static/js/home.js HTTP/1.1\r\nHost: xn--d5-fk7ca.91uusp159.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/\r\nCookie: SITE_TOTAL_ID=5096b6f263aa7131f035ff26071818c0\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 14 Oct 2025 22:35:29 GMT\r\netag: W/\"67d28346-95a5\"\r\nexpires: Wed, 15 Oct 2025 10:35:29 GMT\r\nlast-modified: Thu, 13 Mar 2025 07:03:34 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38309,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2677)","md5":"97e311d35a4aa0ba09575a8dc989660b","sha1":"8166b5f8ba52aa57ab23321a8ddc8d0118f1e590","sha256":"1a52c16e5a7fc905630d52185ca457108cb0a65a4567cf6157709c1c5eceb311","sha512":"d3f4e4ef8af316fd4207a6db03e856917d5124263104ba9ebf0db1be151ce65172d26b6338d24553df9fe65b828e2a452a39bde7d1144a875c20bd5e28da9db8","ssdeep":"768:hR0cTTu8eMbZLbhpa6a/b7z9SsbhbeA5gr9GiSo5E7Iw4TQv5:hRZXde96oRiG5","tlshash":"ae03a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","first_seen":"2023-03-07T01:18:35Z","last_seen":"2026-04-03T19:07:44.615347Z","times_seen":5605,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":362,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-14","alert":"Sinkholed","trigger":"xn--d5-fk7ca.91uusp159.sbs","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xyz.youji3.buzz/matomo.js","fqdn":"xyz.youji3.buzz","domain":"youji3.buzz","tld":"buzz"},"ip":{"addr":"121.0.97.21","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--d5-fk7ca.91uusp159.sbs/91uu/?referrer=https://fucc-g8.91fls11.top/","date":"2025-10-14T22:35:29.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xyz.youji3.buzz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Sep 2025 10:21:43 GMT","end":"Mon, 22 Dec 2025 10:21:42 GMT"},"fingerprint":{"sha1":"A9:49:C2:52:E1:E3:65:C8:46:8F:F8:BF:43:1E:57:4B:9B:26:08:07","sha256":"E9:34:84:41:CA:4C:CC:7A:35:4E:08:8E:4E:1A:88:06:35:B6:13:60:15:4A:C7:A6:35:C3:33:BF:49:37:D9:30"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: xyz.youji3.buzz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--d5-fk7ca.91uusp159.sbs/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 14 Oct 2025 22:35:30 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 02 May 2025 12:19:19 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6814b847-107ba\"\r\nexpires: Wed, 15 Oct 2025 10:35:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67514,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2878)","md5":"8e15c63c0a10e6eb98666cf8dbb0c1d9","sha1":"4b7eae296c97a3ccb482166f0a71eea670e2d7f2","sha256":"dbefc0fa9b6b7680a9a1c1e5a0f0cc7c8ae3c41a7b15c206a144963cb36a073d","sha512":"4ba6fda2503491d67e565db8e94ee6366f33c6d47c8171ffa91ddcde0ea143ebd4ef7ed448924214144f92961ad2065190b69edb1b32de9f1696d4e8c95f4007","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXL0+Yv+6S9en60kLddaSiVdmQwJ4ITDXVwXFD6:AT+Z2fu7av+6S9jLddaSiVdmQePXVP","tlshash":"1163d5ca72c279398bca2075503f1187b17aada7144cc4a4f56ac4fa3c3891e957bf78","first_seen":"2025-04-11T12:58:45.765735Z","last_seen":"2026-04-03T19:18:12.640695Z","times_seen":7508,"resource_available":true,"data":null}},"time_used":1351,"timings":{"blocked":553,"dns":57,"connect":244,"send":0,"wait":243,"receive":0,"ssl":251},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}