{"report_id":"5f678bde-515d-4c14-aec2-5db87aa72030","version":6,"status":"done","tags":[],"date":"2026-03-07T05:39:27Z","url":{"schema":"http","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.177.150","port":0,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"title":"天美0144中出吸精小魅魔丽萨Lisa-美熟少妇-视频播放","dom":{"size":66030,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (21499)","md5":"dcc031e6b036fb2fd7b9cd1acae3cb2b","sha1":"14b72b6b379614b1fe378ea6c19f987e0581e073","sha256":"9cd1f0659897083062b5b725703429f90def5090c6190f7df3e76a0db147e44b","sha512":"02581a0b1d7fb39e20545d85362c942c4c37f3d8569d41e7bf1f801fcffdabcca8ba88e600f5b48d2bc565826e2df53e1b31e8b39eb12eb983a93335169b8bf4","ssdeep":"768:/rV6YCU0i2lFQtjDTDmaiHC3/XpoaRW5GERWTLGPG5wGYGNjV/SeE:/rV6YCbX9aLPhGPG2GYGtE","tlshash":"5753e87143e4503f612364c0d9516f88b5f3125fcf634f19f2bc2a2d9b8aec6a91768a","dom_hash":"domhash094447e9b77f155b1cb2283f82b5e383","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.177.150","port":0,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T05:39:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"img.cospu2011.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"img.cospu2011.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"video5.bpzy1.com","ip":{"addr":"172.93.103.92","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"domain_registered":"2023-07-21","domain_rank":0,"first_seen":"2025-05-22T21:48:29.340475Z","last_seen":"2026-02-22T10:02:48.868201Z","alert_count":0,"request_count":2,"received_data":409388,"sent_data":982,"comment":"","tags":null,"fingerprints":null},{"fqdn":"11224.xn--gps-8y0gm25n.xn--55qx5d","ip":{"addr":"27.155.113.137","port":443,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"domain_registered":"2025-04-18","domain_rank":0,"first_seen":"2025-12-12T01:01:33.916178Z","last_seen":"2026-03-02T14:58:30.066784Z","alert_count":0,"request_count":1,"received_data":568606,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic16.havzy1.com","ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-21","domain_rank":0,"first_seen":"2023-07-26T04:09:52Z","last_seen":"2026-02-27T07:45:30.525637Z","alert_count":0,"request_count":2,"received_data":42846,"sent_data":952,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic15.havzy1.com","ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-21","domain_rank":0,"first_seen":"2025-05-08T22:09:06.832427Z","last_seen":"2026-03-02T14:58:28.154553Z","alert_count":0,"request_count":2,"received_data":45466,"sent_data":952,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"txdy.hznunxc.com","ip":{"addr":"157.185.128.120","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"domain_registered":"2025-07-15","domain_rank":0,"first_seen":"2026-02-12T23:34:46.222479Z","last_seen":"2026-03-06T10:32:29.455701Z","alert_count":0,"request_count":1,"received_data":120302,"sent_data":436,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fsffbhd.4000522777.xn--fiqs8s","ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-31","domain_rank":0,"first_seen":"2026-02-08T15:30:41.519119Z","last_seen":"2026-03-02T14:58:29.631081Z","alert_count":0,"request_count":2,"received_data":1166240,"sent_data":976,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic16.msn87.com","ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2024-02-21T00:48:02Z","last_seen":"2026-02-24T02:48:06.384217Z","alert_count":0,"request_count":1,"received_data":20520,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img1212.syhze.com","ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2014-05-15","domain_rank":0,"first_seen":"2025-12-21T08:33:05.525239Z","last_seen":"2026-03-07T01:42:14.214173Z","alert_count":0,"request_count":2,"received_data":940974,"sent_data":892,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"dq38rjje7qjm3.cloudfront.net","ip":{"addr":"65.9.60.24","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-03-24T19:11:01.50764Z","last_seen":"2026-03-06T23:17:34.307628Z","alert_count":0,"request_count":1,"received_data":94060,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"img.meituan.net","ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2010-01-25","domain_rank":189994,"first_seen":"2017-02-03T02:36:44Z","last_seen":"2026-03-06T03:12:30.353861Z","alert_count":0,"request_count":1,"received_data":407470,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"pg888.12img707989.com","ip":{"addr":"205.198.65.15","port":5658,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-12-17","domain_rank":0,"first_seen":"2025-12-18T04:56:01.819009Z","last_seen":"2026-03-06T10:32:29.6222Z","alert_count":0,"request_count":1,"received_data":732708,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.mdynieu.com","ip":{"addr":"161.129.35.210","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-07T12:04:46.874157Z","last_seen":"2026-03-02T14:58:31.744236Z","alert_count":0,"request_count":1,"received_data":407041,"sent_data":459,"comment":"","tags":null,"fingerprints":null},{"fqdn":"xh26031.8688.console.qpo1h.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-09-18","domain_rank":0,"first_seen":"2026-03-07T04:15:04.061947Z","last_seen":"2026-03-07T04:15:04.061947Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":464,"comment":"","tags":null,"fingerprints":null},{"fqdn":"11221.xn--gps-8y0gm25n.xn--55qx5d","ip":{"addr":"27.155.113.137","port":443,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"domain_registered":"2025-04-18","domain_rank":0,"first_seen":"2025-12-03T14:43:28.608781Z","last_seen":"2026-03-07T00:44:22.321285Z","alert_count":0,"request_count":1,"received_data":596934,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic16.ysj77.com","ip":{"addr":"104.21.19.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2025-04-02T02:39:49.328025Z","last_seen":"2026-02-22T05:28:49.192053Z","alert_count":0,"request_count":1,"received_data":29139,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic13.anzise.com","ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-18","domain_rank":0,"first_seen":"2022-11-21T12:48:48Z","last_seen":"2026-03-02T14:58:29.695143Z","alert_count":0,"request_count":1,"received_data":16136,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"2026tu.myxuanxuan.com","ip":{"addr":"43.159.77.132","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2016-04-10","domain_rank":0,"first_seen":"2026-01-26T20:19:42.17682Z","last_seen":"2026-03-03T01:49:52.828292Z","alert_count":0,"request_count":1,"received_data":643927,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pic17.ysj77.com","ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2024-02-24T03:11:11Z","last_seen":"2026-03-02T14:58:28.973138Z","alert_count":0,"request_count":1,"received_data":19115,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.alicdn.com","ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2008-06-25","domain_rank":61670,"first_seen":"2015-03-04T07:06:39Z","last_seen":"2026-03-04T23:10:25.092548Z","alert_count":0,"request_count":11,"received_data":3295207,"sent_data":5397,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"pic17.msn87.com","ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2024-02-21T03:04:56Z","last_seen":"2026-02-22T07:04:40.941758Z","alert_count":0,"request_count":1,"received_data":12940,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic17.xne33.com","ip":{"addr":"104.21.90.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2025-05-02T08:56:53.910975Z","last_seen":"2026-03-02T14:58:28.967156Z","alert_count":0,"request_count":1,"received_data":24375,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.cospu2011.top","ip":{"addr":"103.114.161.125","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2024-11-16","domain_rank":3485414,"first_seen":"2024-12-01T22:52:10.13908Z","last_seen":"2026-03-06T17:00:59.459345Z","alert_count":2,"request_count":1,"received_data":508128,"sent_data":438,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d3ccefxs96519j.cloudfront.net","ip":{"addr":"108.157.232.9","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-06-30T07:13:17.425046Z","last_seen":"2026-03-06T18:33:33.366879Z","alert_count":0,"request_count":1,"received_data":96183,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"pic18.anzise.com","ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-18","domain_rank":0,"first_seen":"2022-10-19T07:21:42Z","last_seen":"2026-03-02T14:58:27.65684Z","alert_count":0,"request_count":1,"received_data":18311,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic15.msn87.com","ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-02-18","domain_rank":0,"first_seen":"2025-05-09T23:01:47.927773Z","last_seen":"2026-02-24T03:24:40.433531Z","alert_count":0,"request_count":1,"received_data":12913,"sent_data":475,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic16.seaige.com","ip":{"addr":"172.67.148.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-09","domain_rank":0,"first_seen":"2025-05-09T02:41:08.203079Z","last_seen":"2026-03-02T14:58:30.426411Z","alert_count":0,"request_count":1,"received_data":11500,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic20.anzise.com","ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-18","domain_rank":0,"first_seen":"2025-05-09T17:07:23.978784Z","last_seen":"2026-03-07T04:26:48.241313Z","alert_count":0,"request_count":1,"received_data":21458,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"d18wfmxtvthwf6.cloudfront.net","ip":{"addr":"108.157.217.34","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-10-19T14:31:41.989548Z","last_seen":"2026-03-02T03:05:13.284748Z","alert_count":0,"request_count":2,"received_data":557564,"sent_data":907,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"aqf.yrjj7.help","ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":25,"request_count":25,"received_data":1626951,"sent_data":11686,"comment":"","tags":null,"fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"img1.ah7907.com","ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-11-08T09:13:57.808607Z","last_seen":"2026-03-06T18:33:33.708453Z","alert_count":0,"request_count":4,"received_data":631360,"sent_data":1760,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic16.anzise.com","ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-07-18","domain_rank":0,"first_seen":"2025-04-19T20:44:23.656304Z","last_seen":"2026-02-23T02:48:52.668971Z","alert_count":0,"request_count":1,"received_data":27247,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pic14.havzy1.com","ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-21","domain_rank":0,"first_seen":"2023-11-22T08:46:04Z","last_seen":"2026-02-24T01:52:10.527312Z","alert_count":0,"request_count":1,"received_data":18165,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_jump_79290e.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ef7f92de587d0ec7c87fc1bff93d17a","sha1":"c83e3033430a01b0a8b2b6d927da1dc82affcf68","sha256":"8c0fc5d9db3b9ee90e835def7a39593a2c474f484c6ab16a03e76e8cf976a770","sha512":"efce27f73a1e0e4853df89997e867bafadcca8eedf12afe4930a332c46399a78463705e8fdb1bdb078a804421c3b5ac032d361327dcbda8ae8e0677eb445df92","ssdeep":"","tlshash":"1151ec8d65d730d3245371398f9f1418767a91132c4aee00be0c52203fe576aaaeafdd","size":2654,"data":"","first_seen":"2026-03-07T05:39:39.907137Z","last_seen":"2026-03-07T05:39:39.907137Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"643ed303f8a224798a66404fab968c2c","sha1":"a39db2be8c2a0cc565d9dd274c127f5d845dc3a5","sha256":"3cbfce4d6b93b2b6790e2b1c9a90a5231904e2f567abd94af0ae58ec3bc269e1","sha512":"8e72deb0999bea4527644b2214b172adf0521916d68b0adb53091672029c36c1719eff3e8b0afaa9ff361706cc2df8829d20bd65435b37017695ade0d537acf7","ssdeep":"","tlshash":"59a0128b141111210553222199473444022b007d0509640040034840387123f510768d","size":78,"data":"","first_seen":"2026-03-07T05:39:39.9884Z","last_seen":"2026-03-09T08:12:49.266276Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/jquery.lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f13257e1a6a3b2077352edf7cd7af4e1","sha1":"0fb4127a71d25438210b4045aa1170ffd1346869","sha256":"4df3b748db289d5deedc9b683734a591419ba18a61fd0e10ce188643e90e1a1b","sha512":"f84480997866800ff52170e3b81473f689fb98a11721138a7825bef3a894d1f01967d3214735a1442910c5387c23437820065438d88fbb7030b943eef8d85b96","ssdeep":"","tlshash":"813142ecbb5258b62034b76f8432c6203399e8f7ad0fd080e2949ca8f89c5716123a57","size":1725,"data":"","first_seen":"2023-03-12T18:40:49Z","last_seen":"2026-03-11T02:04:59.770248Z","times_seen":276,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/000/report_error_video/script.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b9ec7394b9b594781565f4ffc0f7301","sha1":"c5faab0ed52448c2d2af67f89d5c167c32fc9a78","sha256":"aa6ecccaab5ef50d153867b084d7df600be425b8cddea46fa79baba8e61d5247","sha512":"88a2924e5753b36a1eb551101f002b84ffa597617a9987c2c0d7ebc3dcbf832a9b3ed581ed9b5462cdefe3a323c94e2da58074dd2a3542af6bd695febf33b055","ssdeep":"","tlshash":"0a3113bb646f252245ebb15007db7a043531228fa805ed217d3dc7c40fdadb420e66e7","size":1698,"data":"","first_seen":"2025-04-18T23:46:35.112204Z","last_seen":"2026-04-04T13:29:05.046323Z","times_seen":6852,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/player/dplayer/hls.min.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6cfa29933ba9ba506ea73e084de951b9","sha1":"30004f2da2e1e06f671eb2bfda00f8bcbe69b47b","sha256":"0d925ef64b764ee2d8e362ebec98668e5fd09887ec0fb70bd82d121097c40d7c","sha512":"5e7b2ea8fd8b8edca2554f5423cde03bcc8934fb03904259baba2bb9e51ae98af837877ea0223016c71660bbb418543667ecfdfc1b4831d513d57a4ff886915e","ssdeep":"3072:pI5L1S8HY5x1kVQ5ToDOzBPCB2baeBSZ3yg:pI5xSCY31O2oDO15tS","tlshash":"53341c9db661706543c3a1a5803f061a7236b92e7409c1fcfa6bd5f61cb885e603bf78","size":241648,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T15:33:13.097228Z","times_seen":13786,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/player/dplayer/DPlayer.min.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"09d64431d4e71dd79e0293cb254a58bf","sha1":"4093ba933f60bd05c3a482433b2f2b4bf48cbd9a","sha256":"9b2262ea70b613bb5eebbd14963a84c8aa3903cf99f2e0fdd33cae11b1f046d6","sha512":"35ca04e32808ccb3dca2ba6702aa21fa9b26874fc8ceeb44d0f11821f39e1f65288ef2c72fccda8fa18248d84ba86a2a9e835e66454e127fee8ba3261fe5f218","ssdeep":"1536:mDLwEEYwSIZLZX9GSzlY6G4nX8yWLo6DJCYXoanq60IsgGvHk:+PwdJ+St+AXGv","tlshash":"28b3d7983394e071029365f4c51f16093232627de986a658b63ceeec8fb8c8d6537fb5","size":114364,"data":"","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T13:29:05.006995Z","times_seen":11083,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/stui_default.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f231ce324e1865c62c3a34ad6021b0d","sha1":"3836b4a73e15f84d7bd2d369f913e36ea3c5c6d2","sha256":"3d40f403dc3f7c8eb502e280ea289944c10fb1adb17239a88969a8c4d21e0c36","sha512":"17f95e6e9e7518484d68a9e092ed83680ca997fd655b923628f902fd0776745e57ef9cfb5166a0957cf4dff4f949fc9b3aafae8ed1100320468b3379d2c5b9b0","ssdeep":"192:oYpTSe3ochkPHqdxJDuRX3WAVb3GHgqMqh5L:FpTS03gKdx9u1WUb3d7qhJ","tlshash":"93e16509b450613a847b7379eb2f6600fa21362760824d12bc7dc6d05fb1c5ab6b9fec","size":7433,"data":"","first_seen":"2024-12-31T10:28:51.277282Z","last_seen":"2026-03-11T02:04:59.801672Z","times_seen":273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/js/jquery.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T15:48:44.569044Z","times_seen":60616,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-04T15:49:29.475967Z","times_seen":594150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"cbb3e6777079a2842354b2bdbed90c09","sha1":"9fb809aa0b98db9636412328f62d320f57353a18","sha256":"c6d24295875a6e2b67507cbbb0bc185c4ab891f144a150947b40df881628a9d1","sha512":"a9402488328108d2a19d4a3cba348c794c94cf188781de6721f24c99862ccd26343ce69d5051396bfe83712f601bb16cbc0d8b98e3c88e461e1e0194851c8552","ssdeep":"","tlshash":"3df09e573d683039dec4a1d65a8b7704a135e50234941f63882e681ec6f4cbbf22d0c9","size":507,"data":"","first_seen":"2026-03-07T05:39:39.990954Z","last_seen":"2026-03-07T05:39:39.990954Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_ui_79290e.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"de6e298dea087bc408e60a23fefc7383","sha1":"235492a4c6c580faa77da25e3521e9a4f8c64c73","sha256":"ab5342e37e737520e41c11fd4a1a6323f3a9dfffc88f058a75037e496d6d77c5","sha512":"1038a3ec607df2ed99337429df63bfed14858c2221ed20672ff4bd4be6cc31d75a13c13606705ac6ad01a907be12dc3d2f5020856d76977a26ebeca3fc84d06a","ssdeep":"96:NIrFraMEXqMwEUxg2P7rEqfEPTzg29CuPJkiTRoP5VYb5G6JS/lWrNaMasKQmX:yBgwTm2P7rTfsT8UCuPJc5VGGg+gplmX","tlshash":"fcb1b45e79e33096892370b88fff140c36329013650edd947c1d91646fa9bd466b2fe9","size":5587,"data":"","first_seen":"2026-03-07T05:39:39.909432Z","last_seen":"2026-03-07T05:39:39.909432Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"eval","is_inline":false,"md5":"5aabfeb81fda10be5ecf28e2fb952ced","sha1":"59d85764a8da7a7f048b9c3d0152ea5a84964bc0","sha256":"f796f924638ba46a6ae1d20cadaf872bc40964b402d497b52458d904f1b9027e","sha512":"e5b16f12cab53587dc9b9b0887d296d0b2f80ccef51f5d1bb9f50d74bf21cc07c400cf69bca4580420a802afd4f527087429827bdb1eb584550272ef63a8b2b7","ssdeep":"","tlshash":"f341d1493a0ae13cb08da67ec61b43086116c51bd1b5d965b83688b47cfced3b3536cb","size":2127,"data":"","first_seen":"2023-03-07T01:19:43Z","last_seen":"2026-04-04T12:57:38.49234Z","times_seen":2723,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"60fd945d3341af46ce8ea58d1f3ad7ee","sha1":"46b899c238233046d4f8d9c6a5a675bf13028f20","sha256":"016276e7070cd8676ce8298363b4e6d35f14b22fffb1b22631e7daa843073819","sha512":"153364df325da42e182cd557325ba40d952300502dd354cfa45c60b0b6abeb47c6259f3e48623a77d008bffb3eba39e97dd26763fcbeb1c1c8ba0e14b5f1d6ae","ssdeep":"","tlshash":"a1714b865fe22474f917b86ccb1f9204363bd02b468a9d90744d81dcaff843a92b5ad7","size":3627,"data":"","first_seen":"2024-12-31T10:28:51.408799Z","last_seen":"2026-03-11T02:04:59.77367Z","times_seen":273,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"57ca1679beecd06eaa00944bec96c8d5","sha1":"90d2c545a94b7fa7ea2a0bb2e79d47db91cf7164","sha256":"7c766318d776596c427c9707337cc501d4a06a8186257b80a24d129fc3b97d42","sha512":"971021ae72ea21612944d42c4b9048028e447eb31df65c34a3311c1a6246773b9d8465eb20cb52c6b34099d5a7a714d791cd2eed9323764eed0b3addd104aa6b","ssdeep":"","tlshash":"27e07d9a8841d2e6d986b3bbffe0d368e8983b193817d83207101cd6221336fd446b4d","size":332,"data":"","first_seen":"2023-11-16T12:30:34Z","last_seen":"2026-04-04T15:25:57.554778Z","times_seen":8956,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_ui_79290e.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"de6e298dea087bc408e60a23fefc7383","sha1":"235492a4c6c580faa77da25e3521e9a4f8c64c73","sha256":"ab5342e37e737520e41c11fd4a1a6323f3a9dfffc88f058a75037e496d6d77c5","sha512":"1038a3ec607df2ed99337429df63bfed14858c2221ed20672ff4bd4be6cc31d75a13c13606705ac6ad01a907be12dc3d2f5020856d76977a26ebeca3fc84d06a","ssdeep":"96:NIrFraMEXqMwEUxg2P7rEqfEPTzg29CuPJkiTRoP5VYb5G6JS/lWrNaMasKQmX:yBgwTm2P7rTfsT8UCuPJc5VGGg+gplmX","tlshash":"fcb1b45e79e33096892370b88fff140c36329013650edd947c1d91646fa9bd466b2fe9","size":5587,"data":"","first_seen":"2026-03-07T05:39:39.909432Z","last_seen":"2026-03-07T05:39:39.909432Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c4491e3128a5b3b0066c8497f3196757","sha1":"05c971aaa3e3676cac1738aa98d5e7bb02defdc9","sha256":"18d9ec0101c81be632c41e365a447f903c9022c91656e43265d5df86089c7b8c","sha512":"a890f0f811d3e3f4ccc0e69d8587574132607cbd790f45049dbe51c960ad712d0b63bcd6eb3687c183e6fbc14abe779077a2812156ed1dcd487a7ed5103ce28e","ssdeep":"","tlshash":"b9d0a7198c60e3ead852e3ddff80e7a1cc44792a36439935435018a132270afe54cb4e","size":243,"data":"","first_seen":"2026-03-07T05:39:39.993722Z","last_seen":"2026-03-07T05:39:39.993722Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:06.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 643569\r\ndate: Sun, 25 Jan 2026 16:50:48 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 2ff6309e17693598481316951e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache39.l2de4[0,0,200-0,H], ens-cache6.l2de4[1,0], ens-cache12.se3[0,0,200-0,H], ens-cache9.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 3502098\r\nali-swift-global-savetime: 1769359848\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 25 Jan 2026 16:56:36 GMT\r\nx-swift-cachetime: 31535652\r\nback_uri: /imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619468717958e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":643569,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"f5919b3ac13cce9d56f7966003e826d8","sha1":"75c040dace5ddc741ddcbda8e0bc74fcbff417bc","sha256":"739605b51e61972ae4e03385a848c5cc0561d639eadb33e424567f7f3b9d8f88","sha512":"5864eaf234c1b5816f6faeb6ef6f499154110340a9c412a742b35f4304a7cdba4cb88efbe61887c10593e96737a895d6cd466cd8fe990edce43338535123cd17","ssdeep":"12288:E2PPPsqKfJQrQrQrQFUpPnn9uVK49uVK49uVK49uVKZRV7YC:E2PPPJQc9KK49KK49KK49KKZX7H","tlshash":"c2d41338875b6ab15d82fe6c4ce1a0d980f951df53b74669e7c09c30936a31fb382b64","first_seen":"2024-10-04T10:32:36.972611Z","last_seen":"2026-04-04T13:29:05.017119Z","times_seen":8018,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fsffbhd.4000522777.xn--fiqs8s/9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818","fqdn":"fsffbhd.4000522777.xn--fiqs8s","domain":"fsffbhd.4000522777.xn--fiqs8s","tld":""},"ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:07.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4000522777.xn--fiqs8s","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Feb 2026 07:30:32 GMT","end":"Sat, 09 May 2026 07:30:31 GMT"},"fingerprint":{"sha1":"FF:0F:4B:0B:66:7A:99:CF:94:C0:49:3D:85:E5:C9:86:98:B7:37:5A","sha256":"43:BD:60:69:CF:8C:1A:A9:8F:2A:45:8B:67:9B:D8:CE:5E:AD:46:40:6D:E0:09:85:5F:16:F0:2D:FD:A5:D2:8E"}}},"request":{"raw":"GET /9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818 HTTP/1.1\r\nHost: fsffbhd.4000522777.xn--fiqs8s\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:07 GMT\r\ncontent-type: image/webp\r\ncontent-length: 596432\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EK1%2FJ6BynXDSovEwzMsOUbzOEUFiIFfpyLhWi6WBuw3FBXf5QQTqLQF%2FeKbF0hw%2Fq%2FvryO4%2FfcXJYcg1sPoLLlI2CmX%2FpWQebQn1h73x353ZSSFPuOOnvRwAOlg%3D\"}]}\r\nlast-modified: Fri, 12 Dec 2025 13:55:30 GMT\r\netag: \"693c1ed2-b42e7\"\r\naccept-ranges: bytes\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: ok, orig_size=738023\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1;i=?0,cf-chb=(782;u=3;i=?0 1954;u=4;i=?0 77885;u=5;i=?0)\r\nvary: accept, accept-encoding\r\nage: 2332\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\ncf-ray: 9d874202f9803181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":596432,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"70e27bd33ccc423d6ca629fe1a2694a3","sha1":"8f9b122d30952f553d18eb43f1a0d8fa43616f05","sha256":"2e4d5ced9b2775a2fcf90c86296064a475d629e3abfa9bc388d4c7e58a924b5a","sha512":"ccc4192c2f2d5bfdf26a698e8c1b065b607055b3c5cff1a3a3b5bbfa8cc0b1631d7d281bf5028d596a6ffd4f757b5f362015caa1b480563f58d7f8a32c3e79b4","ssdeep":"12288:o+1WCsh1cclbxyjPvVfdwCAqlH3JbHk55dJt9uMYpNlR:oush1cobxcGOHW5J5YT","tlshash":"32c42345e8fe2db59265a33cacf61a129dd700e96cd520591c9aff633ce0a4705ecf48","first_seen":"2026-02-12T00:35:26.594188Z","last_seen":"2026-04-04T15:25:57.357303Z","times_seen":2172,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":39,"dns":22,"connect":1,"send":0,"wait":7,"receive":22,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d18wfmxtvthwf6.cloudfront.net/yinhe/960-120.gif","fqdn":"d18wfmxtvthwf6.cloudfront.net","domain":"d18wfmxtvthwf6.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"108.157.217.34","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:08.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /yinhe/960-120.gif HTTP/1.1\r\nHost: d18wfmxtvthwf6.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 215880\r\ndate: Wed, 25 Feb 2026 03:20:56 GMT\r\nlast-modified: Sun, 30 Mar 2025 12:21:24 GMT\r\netag: \"c2e3bac355c689e234388104488b22e2\"\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P1\r\nx-amz-cf-id: UexlleLOVe0ibK0eYUK9T3mEOOwFjNkSn_D66U7QFqUDLzfi_Q6FAw==\r\nage: 872293\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":215880,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"c2e3bac355c689e234388104488b22e2","sha1":"fcf87563ac96adb085897c5e4b9ba62681e5139e","sha256":"3e2c70fe6b947f60c3dd5752c94d502a3443c28f781738d2e308567ad5cd90cf","sha512":"239bc5d1df9c1aa3cb7cb72bc2c5451dbaa7dc8255bc9cc348dbe22ab5752e37a11047d421769e0228f8a645981a246d0b5af00792de9dce6a6b1f8f504cd044","ssdeep":"3072:Y8szBTXPqZiXzUBgLKsbV9UnxQCBL/YYYDSMdIok1RLp8veNVhRZ2:3OBLfzUHoexXL/YDSCIfXL/hRZ2","tlshash":"ed2422faf626c923c47eabc16370eda256f7c78471e2100657c17f5ada603a0cb9851d","first_seen":"2025-04-02T02:40:05.475958Z","last_seen":"2026-03-15T13:02:26.875639Z","times_seen":10144,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":36,"dns":98,"connect":8,"send":0,"wait":15,"receive":20,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dq38rjje7qjm3.cloudfront.net/xhtd/960x120.gif","fqdn":"dq38rjje7qjm3.cloudfront.net","domain":"dq38rjje7qjm3.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"65.9.60.24","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:08.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /xhtd/960x120.gif HTTP/1.1\r\nHost: dq38rjje7qjm3.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 93540\r\nlast-modified: Thu, 11 Dec 2025 03:48:41 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Wed, 04 Mar 2026 21:09:20 GMT\r\netag: \"d17c0265bd5c40f03ea3b38db614d5fa\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4b86aafda657c1acfe85a28da19a76fe.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN52-P1\r\nx-amz-cf-id: cMXnxbobU32nGt1GKVv9d8tTXBh2_Tdb2DONfWO9xPTFMwr3hnfBWA==\r\nage: 203529\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":93540,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d17c0265bd5c40f03ea3b38db614d5fa","sha1":"86fd316dbff0105c353ce4fee261d3ffd67c18ce","sha256":"2861568da5dcad2c4d42b984f1fe980881487c41b41994d0e0783f1b574139ce","sha512":"83f8917b4b01282169bb147584c08e1195907014562a3b78d46a8209e1b817f1c1e2a53a4b566919e19d83dddee3bdbfacd55627dc9fb32b1901c921daa9da93","ssdeep":"1536:J5GRXGxtd59jNNhrDeq3zzI6ipoYDnu9/QvY1Wuqk78ks4xycnTYf2JlavtaDpv8:nGRXGxtd597Rpz0tDnc6q1RY4Ecn0kja","tlshash":"289312b791ecd5c697826c8df5e304a056069606af7cfdd71584168690feeed2ac7300","first_seen":"2025-12-12T01:02:04.573696Z","last_seen":"2026-04-04T13:29:04.988151Z","times_seen":6331,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":50,"dns":138,"connect":13,"send":0,"wait":10,"receive":22,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_block.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/stui_block.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 27296\r\nlast-modified: Mon, 28 Nov 2022 11:03:07 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27296,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (1553), with CRLF line terminators","md5":"c7c95bdef4fa11358842f739f3ba89ef","sha1":"a783f609f0c73f67621dfcf1e2f3d5af7c41005a","sha256":"6c4e9b2e4618b8b1e87651c318d38bb059d3297b0086b475f49310801675699e","sha512":"d34816e06e4585707a19f7fe9443fccfbb4bddb75c6e191a3448ffe56c408654a08c13653d620c5eaf3b3ec3f9df4d1f5d6b8bb5b0a55204e69dbb74c1209549","ssdeep":"384:dr5r9KAeS8CtnOitkDtsCLHKrGm5LT0+OkVqDKHTBm1J+bPbiiH:NRghUkZtwGm5L4+OjgTE2H","tlshash":"abc24585ea103d0cb02f6e45b6e35a8fea179056733209fab9a43c5cc68f9d740b16cd","first_seen":"2025-05-11T08:12:38.792189Z","last_seen":"2026-03-11T02:04:59.800852Z","times_seen":270,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":343,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/player/dplayer/DPlayer.min.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer/DPlayer.min.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 44172\r\nlast-modified: Sat, 13 Jul 2019 08:31:56 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44172,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (35598)","md5":"d3c6a2fc18c932411a9d5bf59de343f7","sha1":"bbfcb2564dd7643cf54c27e464de586cb3ef0b8b","sha256":"d444e7a8144bfd5ae078141c64d855c9c89cc1482dd6e8085fb5cf76dd84bc9e","sha512":"2d1d999c64131687af46743e502022e8c7a7be1e240e17a0233a32c186609f559e6d01822e99dfaa0dc43f07aee6fca5a1c36bf4e4bbfa89a6eb80d6d5f36380","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHMVHYr/hizxdUDr5+qsGif0y9g:wHYr/hizxdUDr5+qsoyg","tlshash":"5213bc1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2023-05-12T08:10:23Z","last_seen":"2026-04-04T13:29:05.026039Z","times_seen":10745,"resource_available":false,"data":null}},"time_used":647,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":610,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic16.ysj77.com/pic/20220313/808674045ffb898f1de02f746f25ce30/1.jpg","fqdn":"pic16.ysj77.com","domain":"ysj77.com","tld":"com"},"ip":{"addr":"104.21.19.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ysj77.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 27 Jan 2026 06:29:19 GMT","end":"Mon, 27 Apr 2026 07:26:51 GMT"},"fingerprint":{"sha1":"0A:1A:82:10:D0:C2:10:8B:54:7A:7F:87:81:41:4D:F7:87:59:5B:5C","sha256":"52:17:3B:A7:00:6E:E8:6C:25:9E:BF:B9:76:97:A4:6A:02:0F:9D:F4:68:9F:4E:DA:B1:D3:EB:E7:B6:1F:81:2D"}}},"request":{"raw":"GET /pic/20220313/808674045ffb898f1de02f746f25ce30/1.jpg HTTP/1.1\r\nHost: pic16.ysj77.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 28435\r\nserver: cloudflare\r\nlast-modified: Sat, 12 Mar 2022 16:36:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BIO4QaOvxIazc7l%2F9wLsb8toBf296USdsCZRx1OOFGo07%2BDSl1XRMsQmT%2FlewQAV%2FzDFToZKt%2FkUNY376%2B49mRreUitzLRm7sbaWegr2oA%3D%3D\"}]}\r\ncf-ray: 9d8741ee3d7a783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28435,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"378b30197d7d135da9db56b97bb49afe","sha1":"9601b714af58b6df9c8d8bcffa1d023bbed4890d","sha256":"cd0ddbdf77d928474759d7cd11cd317b1dd92eda63fc71810dd33e4c4097f2f1","sha512":"a4dff35969d68b2920bddacbe238338d58abf2a7b7395666e02968c36d700db19662e7fb8816b50ba03601370105375344887de7e40bab8326b4d0d2e6cc6a53","ssdeep":"384:uLp/uE0v0K+2/+ezVFbWHeJZU+BoepxpsNc1D1YtODB/QJZx6mzwFSocie8:YpJ0vX+kVdJZ5Boe/uGD1Hax6mz/Nie8","tlshash":"72d2f18afd4dd8819380ff2df01049a478e0378908abaed95187a4ea2dd77e9c44717f","first_seen":"2026-03-07T05:39:39.901553Z","last_seen":"2026-03-07T05:39:39.901553Z","times_seen":1,"resource_available":false,"data":null}},"time_used":652,"timings":{"blocked":46,"dns":7,"connect":2,"send":0,"wait":314,"receive":190,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/bt960120a.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /bt960120a.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":292628,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1073,"timings":{"blocked":-1,"dns":157,"connect":156,"send":0,"wait":153,"receive":0,"ssl":588},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/tyctyc388-960x120.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /tyctyc388-960x120.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 05:39:11 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71518,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":6063,"timings":{"blocked":-1,"dns":156,"connect":156,"send":0,"wait":5153,"receive":0,"ssl":589},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic16.anzise.com/pic/20220311/84cb5b5353685fe6eeb90422941d26f9/1.jpg","fqdn":"pic16.anzise.com","domain":"anzise.com","tld":"com"},"ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anzise.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Feb 2026 19:40:48 GMT","end":"Mon, 11 May 2026 20:38:19 GMT"},"fingerprint":{"sha1":"C5:FC:04:DB:35:A4:BA:50:95:D8:4C:BE:86:4F:70:E1:C8:5E:7A:79","sha256":"94:D4:9A:8A:42:B2:44:DE:41:42:4C:B8:A3:DD:65:7E:CE:85:3D:18:F8:A0:4A:F3:96:F1:09:42:BB:D4:D1:C7"}}},"request":{"raw":"GET /pic/20220311/84cb5b5353685fe6eeb90422941d26f9/1.jpg HTTP/1.1\r\nHost: pic16.anzise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26545\r\nserver: cloudflare\r\nlast-modified: Fri, 11 Mar 2022 08:33:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N1UHEmipJ%2FlH%2BBLfTf%2FdEXieS4MYTJ11VbHmoCQgtEzWyeugE3rAa%2Bd72RfirhFS1N%2BGzkMFbubIZ0o%2FhDv8h0dwQdHhC7ONctW9Cfvs7Lw%3D\"}]}\r\ncf-ray: 9d8741eecf121ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26545,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"16876dc473a2b18e3dec4654070188a9","sha1":"cabd4d8143ec755aac6b087ad06978e470d859f1","sha256":"aeb53062ab4d6fad2c927f6296869ace406166be71d83b524bd3d62ffb66cac0","sha512":"fc985e5a016c5e039ee6d5d22b7e3c7d02fa572b74bd9537b5d6540475fef19d53172aeaa1c3de1d8f13bdaa57ed4f758d8789c48435a5c86a68e24348350009","ssdeep":"384:zBz8NGpyt7cXMcsDrpxh6mkL9vC+fAgCDGX32IpJW03r2xNM00zIYgktN0uS:18NsO7c8rPpWL9dXdXnpc0ixsPgQNk","tlshash":"4ec2f1b1a3d148278c961752ab15741316f23a848807e23e6607fefb91149f6fff1ca0","first_seen":"2026-01-25T05:39:10.216981Z","last_seen":"2026-03-07T05:39:39.904577Z","times_seen":2,"resource_available":false,"data":null}},"time_used":617,"timings":{"blocked":-1,"dns":18,"connect":9,"send":0,"wait":323,"receive":191,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_jump_79290e.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /abc/fixed_jump_79290e.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\ncontent-length: 2654\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2654,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"5ef7f92de587d0ec7c87fc1bff93d17a","sha1":"c83e3033430a01b0a8b2b6d927da1dc82affcf68","sha256":"8c0fc5d9db3b9ee90e835def7a39593a2c474f484c6ab16a03e76e8cf976a770","sha512":"efce27f73a1e0e4853df89997e867bafadcca8eedf12afe4930a332c46399a78463705e8fdb1bdb078a804421c3b5ac032d361327dcbda8ae8e0677eb445df92","ssdeep":"","tlshash":"1151ec8d65d730d3245371398f9f1418767a91132c4aee00be0c52203fe576aaaeafdd","first_seen":"2026-03-07T05:39:39.907137Z","last_seen":"2026-03-07T05:39:39.907137Z","times_seen":1,"resource_available":true,"data":null}},"time_used":810,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":810,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_ui_79290e.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /abc/fixed_ui_79290e.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\ncontent-length: 5587\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5587,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"de6e298dea087bc408e60a23fefc7383","sha1":"235492a4c6c580faa77da25e3521e9a4f8c64c73","sha256":"ab5342e37e737520e41c11fd4a1a6323f3a9dfffc88f058a75037e496d6d77c5","sha512":"1038a3ec607df2ed99337429df63bfed14858c2221ed20672ff4bd4be6cc31d75a13c13606705ac6ad01a907be12dc3d2f5020856d76977a26ebeca3fc84d06a","ssdeep":"96:NIrFraMEXqMwEUxg2P7rEqfEPTzg29CuPJkiTRoP5VYb5G6JS/lWrNaMasKQmX:yBgwTm2P7rTfsT8UCuPJc5VGGg+gplmX","tlshash":"fcb1b45e79e33096892370b88fff140c36329013650edd947c1d91646fa9bd466b2fe9","first_seen":"2026-03-07T05:39:39.909432Z","last_seen":"2026-03-07T05:39:39.909432Z","times_seen":1,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 300651\r\ndate: Fri, 06 Feb 2026 11:12:05 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: a3b55ced17703763248572315e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[0,0,200-0,H], ens-cache36.l2de4[2,0], ens-cache19.se3[0,0,200-0,H], ens-cache9.se3[3,0]\r\naccess-control-allow-origin: *\r\nage: 2485620\r\nali-swift-global-savetime: 1770376325\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Fri, 06 Feb 2026 20:55:11 GMT\r\nx-swift-cachetime: 31501014\r\nback_uri: /imgextra/i3/4183327079/O1CN01Jh4YeU22AEs6UM5mZ_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619457107577e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":300651,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"8a47d4e0340db7d8001c1c2c39716b93","sha1":"0fc8202a98d51793df1755c0bdb9ed54294a8519","sha256":"4a6044bb59cb58f446ba34163ea45c5079c9c1a556c3f2bc626440f638efaf30","sha512":"7277d622b154e4756836791b83a92294ece23d66f15b7450937a0525679433e4f90622b04e6a37bc2db1aa067060c3e07fa066fbfe0660ba3c926b54ff52cb2f","ssdeep":"6144:v1p2LgPnLX3nnLXnXw3esj1ls34FfhavVHf7lYJkxmWYQAYg:v1pXXbXXw3eGXH5M7yixDY6g","tlshash":"9f5423c4f7e76f3eaf9218f3296f34883669c81d91f4813a1e86b1eb16231591434d3a","first_seen":"2026-02-07T11:16:48.410559Z","last_seen":"2026-04-04T15:25:57.319273Z","times_seen":2205,"resource_available":false,"data":null}},"time_used":769,"timings":{"blocked":338,"dns":301,"connect":7,"send":0,"wait":40,"receive":11,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/player/dplayer/DPlayer.min.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer/DPlayer.min.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 114364\r\nlast-modified: Sat, 13 Jul 2019 08:31:56 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":114364,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"09d64431d4e71dd79e0293cb254a58bf","sha1":"4093ba933f60bd05c3a482433b2f2b4bf48cbd9a","sha256":"9b2262ea70b613bb5eebbd14963a84c8aa3903cf99f2e0fdd33cae11b1f046d6","sha512":"35ca04e32808ccb3dca2ba6702aa21fa9b26874fc8ceeb44d0f11821f39e1f65288ef2c72fccda8fa18248d84ba86a2a9e835e66454e127fee8ba3261fe5f218","ssdeep":"1536:mDLwEEYwSIZLZX9GSzlY6G4nX8yWLo6DJCYXoanq60IsgGvHk:+PwdJ+St+AXGv","tlshash":"28b3d7983394e071029365f4c51f16093232627de986a658b63ceeec8fb8c8d6537fb5","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T13:29:05.006995Z","times_seen":11083,"resource_available":true,"data":null}},"time_used":814,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":772,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/data_a7a939.json","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /abc/data_a7a939.json HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 05:35:01 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300\r\nage: 244\r\ncontent-length: 9708\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9708,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ef8f567d28fedcbdd737060221a5b52c","sha1":"3bde400a63bc48a2fd2a108b6871d14e01c83df6","sha256":"5ba0a51e78e4f2c8dfa5def70a86dd49ad28b3ef20435730040647f9fceaddd7","sha512":"626930d0ed82bb2171becea146d58f613460b8db170ad6794b2553275d00e7ffb7b7a56dfb637331ced4af0b2b72cbd754bd232534550fd78e273a7c52bac0ba","ssdeep":"96:fFKqW7S7oVcvXcv0m0hffPOcPFPXTPXXWGHOQjQvMI1Mm7hhMqfzQOdIQZvdkmwf:f47Lc/c8Jf7ztNEvn8OfQrwlSfvj4Y","tlshash":"72126bb737f9697cf6b452c55b0a7f69578d3027884c938727cdec3484b81aa620b463","first_seen":"2026-03-07T05:23:33.194657Z","last_seen":"2026-03-07T08:50:55.30576Z","times_seen":17,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/846-960x60.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /846-960x60.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221348,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1056,"timings":{"blocked":-1,"dns":144,"connect":162,"send":0,"wait":153,"receive":0,"ssl":580},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:06.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 221348\r\ndate: Mon, 22 Dec 2025 06:11:39 GMT\r\nlast-modified: Thu, 13 Nov 2025 09:36:51 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.046\r\ntraceid: a3b5329d17663838996584187e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache14.l2de4[0,17,200-0,H], ens-cache7.l2de4[20,0], ens-cache12.se3[0,0,200-0,H], ens-cache9.se3[3,0]\r\naccess-control-allow-origin: *\r\nage: 6478047\r\nali-swift-global-savetime: 1766383899\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 29204837\r\nback_uri: /imgextra/i1/2207246784654/O1CN016SCogX1kFaOO1vIZt_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619464607840e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":221348,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 60","md5":"91a4c6f090426e12424905e992711b10","sha1":"a2cb6864351065d53d1c4c502877adfd11103e4a","sha256":"88584290d770ecec2239e81884a8bf52306a473d03aafbdb9a359555e3b9c439","sha512":"ce208676f2178d6a9c8498f495422167058647fabfe812391f392ada0df7088434bd33a8a718c4d24a53c7b9c77af94d83faf3815f6364c76d203f97fe9cdb36","ssdeep":"6144:k/sj3j3iWwPIu/wQFxkt8gRZI1ZpLugfoi:k/sjz3iVIgwUgRS7VffX","tlshash":"6124137ee1c01f226e0522e9a7b8bf1b05b55487ed84a47729bdf9d6c7482b3e7601c0","first_seen":"2025-10-14T12:40:30.101425Z","last_seen":"2026-04-04T13:29:04.968118Z","times_seen":8635,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic17.msn87.com/pic/20220226/9ead9e1ecbfb4a5e1c3bf6ed14128df0/1.jpg","fqdn":"pic17.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20220226/9ead9e1ecbfb4a5e1c3bf6ed14128df0/1.jpg HTTP/1.1\r\nHost: pic17.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12246\r\nserver: cloudflare\r\nlast-modified: Fri, 25 Feb 2022 21:24:01 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bnCqYHGfDXcUgzaZE4B55BBFcjttgGEHjTwFhBfhCYHIhUlMALeQWXnGXofwf04i65sravYLAt1kYRn7ZB8WPcm4SnIjiO0GCZEApsb%2FSg%3D%3D\"}]}\r\ncf-ray: 9d8741ee7e400731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12246,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 270x480, components 3","md5":"a9a64a59cc65311780c7131a1bb9459f","sha1":"03fa97241bf170b6e257838bf4270b4e481b42ff","sha256":"09dd2bd2e7b6ef9d14bc815f14faecaeae89d6240c91b1adc3a4008db81235f0","sha512":"b34010928b2eef69f49f7c2a6a128141986767f0eda407e1160e22e8b4ac2ec9e99e65b98e5490107f1b8f707c12b36af54b6405432670526e3db7ff0808b208","ssdeep":"192:9Zo+4SBJnWitxsaqoaRENoKSe6d6xm82Y/6xwhFD6Day6ZwaMeIFcNBP1lSB2sFW:lwitWDze65pY/6x6FRZwDdKNBP7qlG","tlshash":"d842d06188f1f097edd003fc16187d2289eeb6f8572826fdee04ad61681b4458532dee","first_seen":"2025-10-12T10:13:29.173414Z","last_seen":"2026-03-07T05:39:39.916082Z","times_seen":3,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":-1,"dns":6,"connect":11,"send":0,"wait":316,"receive":1,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_default.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/stui_default.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 8632\r\nlast-modified: Mon, 28 Nov 2022 10:40:46 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8632,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"de42f9c833c8e866d2ee1ad9557fb90d","sha1":"ab1787be48e1a3c380c14fb5bd4a444883a6481d","sha256":"739a867909294dd85dff62a79ec946d670d5bbc7f393c5ba6e2415a526567f54","sha512":"25ae7045ef0267aa6d05dd3c853c314e29e4be352e171cff3aa4c0f9d9717f4cfa7961b108d0668a3b2b81760414a1b18c89c086ffed174743bc9872f43a8360","ssdeep":"192:qlrWxfWoIStpFAmczoGFgqrxGdF82BO1s:VvtpbHc9GJ4a","tlshash":"7b021e545643391cb13f9f8bfaf309a97968b02eb71325eaf611687ec3c25c084f6589","first_seen":"2024-12-31T10:28:51.351676Z","last_seen":"2026-03-11T02:04:59.832551Z","times_seen":269,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":405,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img1.ah7907.com/ky61-960x120.gif","fqdn":"img1.ah7907.com","domain":"ah7907.com","tld":"com"},"ip":{"addr":"98.98.86.10","port":443,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1.ah7907.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Thu, 06 Nov 2025 07:27:15 GMT","end":"Sun, 06 Dec 2026 07:27:14 GMT"},"fingerprint":{"sha1":"EE:18:15:48:CE:4E:22:9F:18:59:AB:6E:5E:C0:0D:4E:AF:C2:86:22","sha256":"65:F5:69:07:04:80:B4:E3:E7:D0:C5:50:2E:02:11:1C:02:89:6E:83:40:00:DD:00:37:08:E9:9C:1C:A3:4D:59"}}},"request":{"raw":"GET /ky61-960x120.gif HTTP/1.1\r\nHost: img1.ah7907.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\nserver: NgxFence\r\ndate: Sat, 07 Mar 2026 05:39:11 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nlocation: https://img.alicdn.com/imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif\r\nx-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44406,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":6073,"timings":{"blocked":-1,"dns":156,"connect":156,"send":0,"wait":5153,"receive":0,"ssl":594},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d18wfmxtvthwf6.cloudfront.net/pg/980x120.gif","fqdn":"d18wfmxtvthwf6.cloudfront.net","domain":"d18wfmxtvthwf6.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"108.157.217.34","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:08.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /pg/980x120.gif HTTP/1.1\r\nHost: d18wfmxtvthwf6.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 340665\r\nlast-modified: Wed, 14 May 2025 14:12:32 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 06 Mar 2026 01:27:11 GMT\r\netag: \"b4c14c37321b858948f5616dbb436738\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 5189ed92462b822bc9c8a27ceed0cb4e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P1\r\nx-amz-cf-id: LQcYm04V4TyjqMLGqsQRWOBIrjn3Sw6iGDL3czU7kCh4JwB2PTNLJg==\r\nage: 101518\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":340665,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 120","md5":"b4c14c37321b858948f5616dbb436738","sha1":"e98847771ba3752949935dc11f4c7d4d8c14c787","sha256":"f5c79e791b436ecf1ad188dbe87ad4b35d3b9956bcf766600fb134f2a014131f","sha512":"a197f0fbc291afe3bcae5d35d05a23269e80fb7828215f41244c6136b63656c239fe6d24b4e2d6dc1ba713f06c7dfea763904a794043aba806c273f3311dc6e4","ssdeep":"6144:gFli6a0djJW4zenv4zenEO1LDyD3/wGR/Yi/wGR/Yi/wGRz3VkvJ6KI7KqmQIkX5:5p+3SSSJiD3/Z/Z/HMJ1IbI1I1kU1","tlshash":"4a741314e221ad80fe3a923b49f1c8f1a53d56f498afa9770661e7d4c6f44d0bf448e2","first_seen":"2026-02-01T06:13:19.223962Z","last_seen":"2026-03-15T12:50:18.76148Z","times_seen":1922,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":45,"dns":95,"connect":11,"send":0,"wait":26,"receive":35,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/js/jquery.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/js/jquery.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 92629\r\nlast-modified: Thu, 04 Aug 2016 14:39:10 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-04T15:48:44.569044Z","times_seen":60616,"resource_available":true,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":455,"receive":121,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/images/icon_1.png","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/images/icon_1.png HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/png\r\ncontent-length: 3830\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3830,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced","md5":"86a08d6414b3b4765c491754ec643a7a","sha1":"fd3836f342f364fd1256e4771ab8ea09e43a712a","sha256":"1747b1c6af855a759831aea9d54e1a0d580758eff12106d9ac9de432909b59f2","sha512":"254deef757a53d9974e0e2ddade4e73462fde559789aeebc836b62fca01e053217204d6d2fa48a6947c347b1a0c6ffc87c643f83884a02dff133f904308613a4","ssdeep":"","tlshash":"f0817e88a9940c1b108f05ba5abf8619802fa75456591e4cebff434f4924c103d75a2f","first_seen":"2024-12-31T10:28:51.246429Z","last_seen":"2026-03-11T02:04:59.808231Z","times_seen":268,"resource_available":false,"data":null}},"time_used":809,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":809,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic15.msn87.com/pic/20220224/8dcf95758247d065d4740cd129a5b208/1.jpg","fqdn":"pic15.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20220224/8dcf95758247d065d4740cd129a5b208/1.jpg HTTP/1.1\r\nHost: pic15.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12205\r\nserver: cloudflare\r\nlast-modified: Thu, 24 Feb 2022 09:16:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fZsCm2ZfdFF%2FRHmQP%2BPvFDmbZ0v2LREv9%2Felhap3pO3D%2BwNpYOM%2B59WKH0RXN0%2FCBbGcWddY%2BHecrFtmBsKlouJkfjyBG8dLhvlq%2FVsqFQ%3D%3D\"}]}\r\ncf-ray: 9d8741eebea70731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12205,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1144x1143, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 270x480, components 3","md5":"fcecedfbcd09e3bdc0ff1f4bb5b5ba95","sha1":"53e0403f7fed3e742e7bbd0c388ea1b421ed3842","sha256":"1a4b008cca80e6a617c871514f6bf44d89f510280cd25ce194a144cc8667fc44","sha512":"79b437dbdd66a5906270a05ec6f959b890dfedda963a3e7444fec59ae4ca6ba11970e5be1a145d605429edf6dddfa7d255acb94021aec31eb455ae40c9d96733","ssdeep":"192:JpdXxkQJS2eqqWR1TweHYpphBrjtbGLW1/HCzu2LR2aKDMkPB3KaJUYxno:jkQQ2jTwoYLfgLWBiy2d5KV1rno","tlshash":"9d42b053d432fbbb4e597835010c22603eec7b7c416a7edda6f8a4d44dcc6839a95548","first_seen":"2025-12-02T06:26:34.633638Z","last_seen":"2026-03-07T05:39:39.922235Z","times_seen":2,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":8,"connect":15,"send":0,"wait":320,"receive":1,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic15.havzy1.com/pic/20220310/0a1b4e3b7543ecf50f08a15d24bd29a1/1.jpg","fqdn":"pic15.havzy1.com","domain":"havzy1.com","tld":"com"},"ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"havzy1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Feb 2026 03:08:02 GMT","end":"Fri, 22 May 2026 04:05:50 GMT"},"fingerprint":{"sha1":"F8:F0:5D:3C:27:DF:61:88:1B:63:7C:E4:DD:9E:76:58:BC:00:84:BF","sha256":"0D:BC:79:FF:18:85:1C:90:D2:8D:88:9D:C5:02:5A:B9:A8:CE:B1:56:AC:3F:EC:7C:A6:51:72:44:4D:13:07:1F"}}},"request":{"raw":"GET /pic/20220310/0a1b4e3b7543ecf50f08a15d24bd29a1/1.jpg HTTP/1.1\r\nHost: pic15.havzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 31329\r\nserver: cloudflare\r\nlast-modified: Thu, 10 Mar 2022 15:25:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vNx01s%2FbmyVHa99LViY21zhYoyaOCulPJj9zs0x8xFCadWz8AZz75%2F4QQugG4M8F7DYZgaewwTqT%2B0oeHIkhAIwHFmZnOUTzhDf8S7jmnU4%3D\"}]}\r\ncf-ray: 9d8741eebb3c8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31329,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"d180501b6bf1ffad3798131ebb667612","sha1":"cf59ef61f34f267be76da13c6ebdbd26972320e2","sha256":"b9c12914c2a9a599be7e1095204a7b5147a21526cb4b300505691f703c8f4cef","sha512":"248e47361fe33a2b728fa241ce7023319e7d5c42993672cf46ae11ed68078ce7ace1730be7a14f5454bdef937a4c96053e28945b245d48841bee4ec2ba97a8cf","ssdeep":"768:n+QlpCvaJhYgd7BD4Q1VumeKBr4PgINgD+J:n+UpCvaJNd7BDpVwKi4INgD6","tlshash":"46e2e13d5fcad28726d5c4e5ccb378fa34a51b701181615e1fda6dab048cd68b0b6e0e","first_seen":"2025-10-23T21:00:23.990356Z","last_seen":"2026-03-07T05:39:39.924883Z","times_seen":3,"resource_available":false,"data":null}},"time_used":670,"timings":{"blocked":-1,"dns":4,"connect":15,"send":0,"wait":321,"receive":202,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.meituan.net/portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif","fqdn":"img.meituan.net","domain":"meituan.net","tld":"net"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:06.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.meituan.net","organization":"北京三快科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 03 Jun 2025 10:52:10 GMT","end":"Sat, 27 Jun 2026 07:00:02 GMT"},"fingerprint":{"sha1":"0C:29:B8:8B:74:6A:6C:C5:4B:6B:8C:7E:F5:C5:E8:A7:B1:26:B8:CB","sha256":"40:B3:D3:3A:FB:0A:FF:94:27:86:35:5E:B7:62:00:AE:DE:30:88:34:15:60:5F:60:9F:C0:E2:9D:2E:BB:5C:83"}}},"request":{"raw":"GET /portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif HTTP/1.1\r\nHost: img.meituan.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: image/webp\r\ncontent-length: 406836\r\nserver: openresty\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,OPTIONS,HEAD\r\naccess-control-allow-private-network: true\r\ncache-control: max-age=5184000\r\nm-traceid: stnbw2foodf7203m9zij\r\nlast-modified: Fri, 05 Dec 2025 07:15:26 +0000\r\ntiming-allow-origin: *\r\nx-via: 1.1 PS-HKG-04JZz35:6 (Cdn Cache Server V2.0), 0.0 PSrdsdgemSTO1sw92:8 (Cdn Cache Server V2.0)\r\nx-response-cache: edge_hit\r\nage: 1\r\nx-cache: HIT from cache.51cdn.com\r\nx-ws-request-id: 69abb9fa_PSrdsdgemSTO1sw92_16044-16096\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":406836,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"34578e43aadd0f0be311cfc623f3391e","sha1":"895f4361fbcd073db0535c831ba4424822b131a9","sha256":"b762e8d34521fe2e17fbbf032cc05edb46f8b217bbcf7bf030c6b98a50d66760","sha512":"a9cfe1c1e668f7de244195d0b606c8adeaad8f2a940629a72c1d552b6c238797219dc0e05fa423bec6fb3580686e402e4f352b2f1983b04e48b03642dc445cdd","ssdeep":"12288:v1HhfMhcKYspUXuT184HQIOO+EP/WvWG7/:dBfI/dwIIEWvWG7/","tlshash":"448423aadb664e34d5904c2fc1fb890fc4c476e9e3f716e69b36a9098bf7253448e040","first_seen":"2025-11-06T09:50:46.694344Z","last_seen":"2026-04-04T13:29:05.000019Z","times_seen":6868,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":130,"dns":79,"connect":21,"send":0,"wait":24,"receive":74,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/000/report_error_video/styles.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /000/report_error_video/styles.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 2307\r\nlast-modified: Sun, 16 Mar 2025 04:12:46 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2307,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"c2b40ccda364f88807713e8129d00893","sha1":"2ae21bb81176f74ecbe66b9601b95a960c52baf9","sha256":"fb42142839c81e66c9197a1e374984211ed61acfa8c35099941d2d90a3f9cc74","sha512":"13f89afb453bad6705aa362e902b8a5ad2cd33022d8d9823e6b1d61b5a7973b352291349bf0a53f7ba9b7586740b2da3b80684f05b0669236c79f5cc0e6ba868","ssdeep":"","tlshash":"fe414020d1df9d46b183c1a80bb1da4173ba554bd505fe3c7e8277c04f4a288e0366c3","first_seen":"2025-04-18T23:46:35.101766Z","last_seen":"2026-04-04T13:29:05.03985Z","times_seen":6570,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic17.xne33.com/pic/20220303/3ba754e1264c0a8699783f84918997ef/1.jpg","fqdn":"pic17.xne33.com","domain":"xne33.com","tld":"com"},"ip":{"addr":"104.21.90.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xne33.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 17:57:28 GMT","end":"Sun, 26 Apr 2026 18:56:05 GMT"},"fingerprint":{"sha1":"CD:6D:9A:D4:27:3E:9E:81:D5:F9:C2:C6:9B:88:E5:26:70:76:2B:1C","sha256":"8D:E6:4E:9D:58:29:6B:D8:F9:2F:6C:27:84:A1:9E:61:33:61:74:6D:26:9C:98:08:65:DF:C2:52:2B:09:8D:29"}}},"request":{"raw":"GET /pic/20220303/3ba754e1264c0a8699783f84918997ef/1.jpg HTTP/1.1\r\nHost: pic17.xne33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23665\r\nserver: cloudflare\r\nlast-modified: Wed, 02 Mar 2022 20:01:01 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T%2F%2F5%2BJyGKe%2FdnfVxoo13FKIz02cRAfrxOUbt01Jxm1vthQwBt%2BIBUSmpjURieQjgCkXM%2F5R%2BltAi13w8UX4N6uP5O7%2FDRmbCcmseRM%2BubQ%3D%3D\"}]}\r\ncf-ray: 9d8741ee6e01783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23665,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"51b9ad9d7817785ad43f923814fbf712","sha1":"d96f905ed863fb59348c243f1ad93078f9e408c3","sha256":"f93169b96bcca8c689aef9da19d49559be7120e0508dd027891be3e85ec6e28d","sha512":"9b891361bf5bd019e8d0554195f05743105f4feb4dd0b4376d0bbe711ff8c4182a899533d9ef84e3ef6d46235b6f85eece9727431436f50b2ec5bcdaaebd6d58","ssdeep":"384:D/cFOgocBP1XezSsDYGgDT2JtC6pJlA9TlkuSn1Ptf3jXQTGV2KdzT3XZNnih+GO:oFOgFPQGsDnllWkui1PoGV2MNQsz","tlshash":"f7b2e116d06448b51ba48de4e3aa7c8d72caefa8cb1a59b4dcc1c47bb4f04c94726717","first_seen":"2025-10-28T08:34:03.219522Z","last_seen":"2026-03-07T05:39:39.930081Z","times_seen":6,"resource_available":false,"data":null}},"time_used":682,"timings":{"blocked":66,"dns":5,"connect":8,"send":0,"wait":318,"receive":176,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic14.havzy1.com/pic/20220312/40fbdd28ebe92955068cff5febdf2a3d/1.jpg","fqdn":"pic14.havzy1.com","domain":"havzy1.com","tld":"com"},"ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"havzy1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Feb 2026 03:08:02 GMT","end":"Fri, 22 May 2026 04:05:50 GMT"},"fingerprint":{"sha1":"F8:F0:5D:3C:27:DF:61:88:1B:63:7C:E4:DD:9E:76:58:BC:00:84:BF","sha256":"0D:BC:79:FF:18:85:1C:90:D2:8D:88:9D:C5:02:5A:B9:A8:CE:B1:56:AC:3F:EC:7C:A6:51:72:44:4D:13:07:1F"}}},"request":{"raw":"GET /pic/20220312/40fbdd28ebe92955068cff5febdf2a3d/1.jpg HTTP/1.1\r\nHost: pic14.havzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17463\r\nserver: cloudflare\r\nlast-modified: Sat, 12 Mar 2022 14:53:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FsVvn7f%2ByGoXw5Njd3rfaol6RxqrmdzowZBpQ%2FrpAbGlwPcOSjzNdllrgkIzhQE19LIr%2Bqd7evvx6DKCuErx4HjS9IzS%2Fcec%2FB6ev%2FYe30A%3D\"}]}\r\ncf-ray: 9d8741ee8ac78be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17463,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"8cc37922f28ebb0faf3aecdc5c59c3a6","sha1":"0be1851103594b82f5906b43c1b1c55cc013b098","sha256":"fa10c79ae3dbb774db7747531e5249d0f804c455925b7517c337c4a624b9a8da","sha512":"9eeca469379f040391076324cc0c611dec57bc2bcde0b566d89af6ee36526eeca0039bfbd0685fef65e1e7f64b98ebb070eabec193e2219837a1fd16124cb0c4","ssdeep":"384:EE97tDZt2gaNi71DRo/LzIyb/C7K2DvvPo7LA4Db1k:EE/Ha871DOLzra71jwnA4DbO","tlshash":"8472c03507e60feed8e8783d549b9fa5971ab0bfe9304f190b10ae88a531bd8f59401c","first_seen":"2026-03-07T05:39:39.932493Z","last_seen":"2026-03-07T05:39:39.932493Z","times_seen":1,"resource_available":false,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":5,"connect":11,"send":0,"wait":328,"receive":162,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic16.havzy1.com/pic/20220223/1bba4e1184e35de53f4a6d8057ff54ef/1.jpg","fqdn":"pic16.havzy1.com","domain":"havzy1.com","tld":"com"},"ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"havzy1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Feb 2026 03:08:02 GMT","end":"Fri, 22 May 2026 04:05:50 GMT"},"fingerprint":{"sha1":"F8:F0:5D:3C:27:DF:61:88:1B:63:7C:E4:DD:9E:76:58:BC:00:84:BF","sha256":"0D:BC:79:FF:18:85:1C:90:D2:8D:88:9D:C5:02:5A:B9:A8:CE:B1:56:AC:3F:EC:7C:A6:51:72:44:4D:13:07:1F"}}},"request":{"raw":"GET /pic/20220223/1bba4e1184e35de53f4a6d8057ff54ef/1.jpg HTTP/1.1\r\nHost: pic16.havzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18998\r\nserver: cloudflare\r\nlast-modified: Wed, 23 Feb 2022 00:42:03 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LR%2BU5tbmOzk1M7HvRe1bZS8DhW%2BV7fGMx6EaWHaDJ9eF%2BNrKfbiab%2FpNaxd1xfzLcRvcxRiAGCz8Zj121GcI6nLRZRKIGx78LdVLMFpjOz4%3D\"}]}\r\ncf-ray: 9d8741ee5a558be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18998,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 203x640, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"a52710e9f1303d0ca6b286e417bcaadc","sha1":"17c504694cc37398344680c806f902af2953a6d7","sha256":"ad6725b66a7bc07b3ce2560ae868e03cb676af120563bc668c19f1d1573191ef","sha512":"cbec78fd74e2f01bbda3c8892f71d2bbe4d6a230f5741085667dfc3e648b69047c09caf89aa2f4b5f5b08a93b8216b01e214cbdb88dac9745380c80f169b486b","ssdeep":"384:UaNx9HiwFzaZVDKzEIcUndsJdHfJ/AqtdJ2Dk8D0oafAdGm9pYCZV7i+bS:tNx9lFeZ/IcMdsTfJIKmDkc0BfyGm4C+","tlshash":"6c82e0999c5ee11cd5ded87c6086b0d21f80b208fd19ddbfb25257206e1f782c4b588e","first_seen":"2025-10-23T21:00:23.997132Z","last_seen":"2026-03-17T06:16:37.782308Z","times_seen":5,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":23,"dns":5,"connect":22,"send":0,"wait":325,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/000/flink/analytics.php","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"POST /000/flink/analytics.php HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nContent-type: application/x-www-form-urlencoded\r\nContent-Length: 9\r\nOrigin: https://aqf.yrjj7.help\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"referrer="}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 05:39:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cMs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 442163\r\ndate: Tue, 03 Mar 2026 08:23:21 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 2ff6309f17725262013815622e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache1.l2de4[0,0,200-0,H], ens-cache27.l2de4[1,0], ens-cache16.se3[0,0,200-0,H], ens-cache9.se3[7,0]\r\naccess-control-allow-origin: *\r\nage: 335744\r\nali-swift-global-savetime: 1772526201\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 03 Mar 2026 08:36:44 GMT\r\nx-swift-cachetime: 31535197\r\nback_uri: /imgextra/i4/4183327079/O1CN015le7R022AEsJ5jGju_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 7\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619457057574e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":442163,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"a959dff57b5058e20b52d9eee9856451","sha1":"f429b441579c13a080de49602a836dc091809ed6","sha256":"b55482457dcd5b1a75ccd8af9902c9d9ccf11451e79300f43b4bef9a94260474","sha512":"cb38c08e2b12d580f0a3425f51b2d1af7914d8914881fd188915ad897d7d150000c7c807edf0ee7c4e003333ae6491a1693f369c2932d220549d896a00154db5","ssdeep":"12288:MbOF/O5B0GXiLvxLv9Qu2R3J0rKuDmQvmQP8AtpW6:sb0xdQJ0zdv4sW6","tlshash":"6c9423bb6dfb9054a8130fa829e7061ccb80de8446ec2a79a9571ff7189872cbd1c855","first_seen":"2026-03-07T00:44:39.681251Z","last_seen":"2026-04-04T15:25:57.392955Z","times_seen":1787,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":367,"dns":351,"connect":7,"send":0,"wait":14,"receive":66,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic16.havzy1.com/pic/20220315/53cdc49a5a29b5630c2d451bc4b818bc/1.jpg","fqdn":"pic16.havzy1.com","domain":"havzy1.com","tld":"com"},"ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"havzy1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Feb 2026 03:08:02 GMT","end":"Fri, 22 May 2026 04:05:50 GMT"},"fingerprint":{"sha1":"F8:F0:5D:3C:27:DF:61:88:1B:63:7C:E4:DD:9E:76:58:BC:00:84:BF","sha256":"0D:BC:79:FF:18:85:1C:90:D2:8D:88:9D:C5:02:5A:B9:A8:CE:B1:56:AC:3F:EC:7C:A6:51:72:44:4D:13:07:1F"}}},"request":{"raw":"GET /pic/20220315/53cdc49a5a29b5630c2d451bc4b818bc/1.jpg HTTP/1.1\r\nHost: pic16.havzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 22458\r\nserver: cloudflare\r\nlast-modified: Tue, 15 Mar 2022 08:07:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CPUva0dFR35P240d5Awui4kS55BL0lEk9x6HyQs9gJUZg4e%2Ft6LwKuVkvxAC2PRSAzKDzG8OOopfugt45lm6ASWaRvilynEZPMo26kBj9XE%3D\"}]}\r\ncf-ray: 9d8741eecb4a8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22458,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 720x406, components 3","md5":"632ef2b4dc0374beee2121bfe3c1c8e0","sha1":"983d151104cdbcdf88f6d983fa52a8b0875b4186","sha256":"9b63a14d6db1375670fe686bbf7b7587416472cf6565406292fdb840f1d8f884","sha512":"5c13df2eb612d1160a6602d06652e89a0f753f66f56eb252e704a9ed9e3f8bd83e3a979db3c64a2cebbb3eb49c6338273671e04f4be4caf933f704a83be8f37c","ssdeep":"384:ojHQNoKA+Bl20FGME40GUj916vqN6Q63sVk2HOwUAkYj28rS3YuCNa:ojwNoKA+BlPkJGUj916SO52Ht4iS3ka","tlshash":"f3a2f156ef2d05e8b118de5fb66ac4f34120112110c1efb612de2b7ec61903aedfa629","first_seen":"2025-10-28T08:34:03.129126Z","last_seen":"2026-03-07T05:39:39.942137Z","times_seen":3,"resource_available":false,"data":null}},"time_used":599,"timings":{"blocked":-1,"dns":16,"connect":6,"send":0,"wait":323,"receive":169,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"video5.bpzy1.com/video/20211029/9dca708fcf67a4c88e91cb24168fb469/index.m3u8","fqdn":"video5.bpzy1.com","domain":"bpzy1.com","tld":"com"},"ip":{"addr":"172.93.103.92","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bpzy1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 11:02:10 GMT","end":"Mon, 06 Apr 2026 11:02:09 GMT"},"fingerprint":{"sha1":"6C:DF:03:7E:27:4D:65:45:B0:4B:31:E1:73:66:D3:AC:4A:12:91:AB","sha256":"E8:9E:55:BA:43:7B:A5:BF:EB:B8:0D:1A:42:97:80:1E:75:7A:4D:D8:6B:B4:44:A8:B4:86:7B:12:3C:60:7D:2B"}}},"request":{"raw":"GET /video/20211029/9dca708fcf67a4c88e91cb24168fb469/index.m3u8 HTTP/1.1\r\nHost: video5.bpzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aqf.yrjj7.help\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/vnd.apple.mpegurl\r\ncontent-length: 770\r\nlast-modified: Thu, 28 Oct 2021 21:02:11 GMT\r\ncache-control: public, max-age=2592000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":770,"size_decoded":0,"mime_type":"application/vnd.apple.mpegurl","magic":"M3U playlist, ASCII text","md5":"4a2b399082bc4d099d90634531d58403","sha1":"d9558eddc1bb7db7b002c7b88e21ee2b6f35bdea","sha256":"563da1a4f697a3e472fab563539519925eb50b757df6c9366d010e2c9fdd4524","sha512":"8892911d13b90396266b245a8df1938d8e2160db412c02c4d9ecc672643553923c78ff9f3ddff843893d8e9cc0b3a5abc1422cba73fb7f983fedea7fc92a24ec","ssdeep":"","tlshash":"4201bec1a14e719dcc1d5e6586d239bad3d3be2e6cdc68c118c096811eb26ca57cc225","first_seen":"2026-03-07T05:39:39.944431Z","last_seen":"2026-03-07T05:39:39.944431Z","times_seen":1,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":211,"dns":14,"connect":92,"send":0,"wait":90,"receive":0,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pg888.12img707989.com:5658/8888/pg507/pg120.gif","fqdn":"pg888.12img707989.com","domain":"12img707989.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":5658,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pg888.12img707989.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 16 Feb 2026 04:24:03 GMT","end":"Sun, 17 May 2026 04:24:02 GMT"},"fingerprint":{"sha1":"A2:78:04:63:2B:CA:BE:C2:FB:3F:31:EE:5D:22:4F:D0:20:B7:2D:A4","sha256":"D3:2A:FB:29:36:10:8B:B7:D5:60:5A:68:5E:02:82:D8:14:1F:89:6A:00:EA:73:6D:19:85:46:E9:F3:1A:D2:F1"}}},"request":{"raw":"GET /8888/pg507/pg120.gif HTTP/1.1\r\nHost: pg888.12img707989.com:5658\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 732135\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Mon, 05 May 2025 10:11:05 GMT\r\netag: \"68188eb9-b2be7\"\r\nexpires: Mon, 06 Apr 2026 05:15:40 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":732135,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d812f0151d7042065067e76fe039facc","sha1":"a48f9c692fa3916903db45819d4050f52d747a33","sha256":"849c1d8c67e9a3151b4a14d3b70e23e4abc3649dcac2e397587afedc70dcf25e","sha512":"a082dff74f4a12e121b6f185ba58d228399af7fa6f50df9d8a891c42d01724d7381842985926980c2e35d1f4b352ff7b425000682f6bdbb0038153d9893ff43f","ssdeep":"12288:RzuTwzuTwzuTwzuTFs9yJuVwrVwrVwrVwrV5eGrQSoSoSoSKDu4OVDu4OVDu4OVQ:RuTeuTeuTeuTFw1WrWrWrWrjeGkSoSoV","tlshash":"43f42339d14794a6938b0a7b9f1411a46305de26a7f220398327f987bc46793ffdb80d","first_seen":"2025-11-21T00:36:15.392801Z","last_seen":"2026-04-04T13:29:05.014896Z","times_seen":7864,"resource_available":false,"data":null}},"time_used":2624,"timings":{"blocked":-1,"dns":166,"connect":253,"send":0,"wait":511,"receive":1159,"ssl":523},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.cospu2011.top/y960X120.gif","fqdn":"img.cospu2011.top","domain":"cospu2011.top","tld":"top"},"ip":{"addr":"103.114.161.125","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img.cospu2011.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 15:57:03 GMT","end":"Wed, 22 Apr 2026 15:57:02 GMT"},"fingerprint":{"sha1":"BF:24:DA:B8:82:BC:88:0E:87:42:2D:EB:A0:FE:4F:2D:CE:39:D2:63","sha256":"F9:67:53:D9:8D:98:FD:34:0D:FA:75:70:9C:22:64:D8:A5:C0:69:42:40:E4:37:EC:D7:56:DA:08:11:3D:3C:65"}}},"request":{"raw":"GET /y960X120.gif HTTP/1.1\r\nHost: img.cospu2011.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nage: 249443\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\ncf-ray: 9d78c75788dee888-SLC\r\ncontent-type: image/gif\r\ndate: Thu, 05 Mar 2026 11:28:42 GMT\r\netag: W/\"683c6eb5-7be3c\"\r\nexpires: Wed, 01 Apr 2026 14:11:18 GMT\r\nlast-modified: Thu, 05 Mar 2026 11:28:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bq47rvZU%2Bckp7LZhFWCT4FStITcJr1JDqhvUPd0tajtDF2rub1ZNXXYp7LzcZEXeC2Sc3%2FyUQWRXiCFLGT%2FWNVSYXErMrWg3rnkCIA%3D%3D\"}]}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nx-cache: HIT, server, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":507452,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"3bec09084540598f4b2fb5a82e7f83ee","sha1":"649abfe15dc290a8e980f3a89b510ad5c92be502","sha256":"78e0600415ebe1b1271184e55edfc41ada78dc75318782d42e02d9c23138d79f","sha512":"945a037a9bbb2a6e9ba301fadc3ba65455c00df0701460e63424da040977c35cf0808126495ca01f89128eea3c5f749390dfe22169d8f8000c539cb14f2a29e3","ssdeep":"12288:n7q/aQvxRWlHJIVIPjgSj0enFFf8Pds+GKyyPoxdbyD8avcINot:n7gWLYITH4PdpGNA8d+XUIC","tlshash":"e5b4239c5511a8fadf0583be8da5897b0a3f9f3c2e45af7905c584f009842df06e06af","first_seen":"2026-01-21T01:08:52.400545Z","last_seen":"2026-03-19T16:38:45.174852Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1264,"timings":{"blocked":-1,"dns":850,"connect":135,"send":0,"wait":135,"receive":0,"ssl":143},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"img.cospu2011.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"img.cospu2011.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d3ccefxs96519j.cloudfront.net/MGM/980x120.gif","fqdn":"d3ccefxs96519j.cloudfront.net","domain":"d3ccefxs96519j.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"108.157.232.9","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:08.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /MGM/980x120.gif HTTP/1.1\r\nHost: d3ccefxs96519j.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 95663\r\nlast-modified: Fri, 08 Aug 2025 06:03:40 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Fri, 06 Mar 2026 02:04:31 GMT\r\netag: \"5a8005b75112b36916f21318ae457043\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 917c6054ae6e10a98fc566c655129e8a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nx-amz-cf-id: LQmU-wlRDo4gHj9ZGfpWSr__GCfcfnCpkR_fW2ETKzIWrmWc7o79ug==\r\nage: 100889\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":95663,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 120","md5":"5a8005b75112b36916f21318ae457043","sha1":"180f1ab095baa331066bf1708261d848d55789bf","sha256":"21b3d38760be3d6aaa1088bd68000cf9a0bd24b91baa7e4a93647a97f4f07e7d","sha512":"64180ea90a0dfec12e275bf1f6b3674bfcb69393177e726cbd5c6b03bc091acb7ad77429f6154f96e6071db087131f467c507c1fd95224faac5660fa71635d45","ssdeep":"1536:E2YoK+ONw4XmLHmnjNZ3CTtyO+cL2g1nB+VFS0O6QXkHv288jVG187LWL:77zONw4XqGnB1CxyO+c6cB0O6S6v288s","tlshash":"6c931279b8e135395715549e88ea6b0229ec29a1dff8d5e0fd3ffbe012400fba084752","first_seen":"2025-11-17T16:26:00.337909Z","last_seen":"2026-04-04T13:29:04.98728Z","times_seen":6316,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":55,"dns":141,"connect":13,"send":0,"wait":14,"receive":52,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/favicon.ico","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:08.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/x-icon\r\ncontent-length: 9662\r\nlast-modified: Fri, 25 Nov 2022 03:52:55 GMT\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncache-control: public, max-age=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9662,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"71529c6c1859edb1c6ce9f886b180c1e","sha1":"9c6010f7d9a41f291acede94fad9d6cd55f870d0","sha256":"730b17663255ab30eb66e884e5424d1942e62e87ac34b97a27d35c5676794157","sha512":"0609efb67e4fef36197f6ee6ba7e8775a52fc0e3091fbcf9e5f9358d26e0a81cbfefc19f736c781c6b263eab5fb0fe9a77fb9577a11197ce800602d946da3900","ssdeep":"96:9aUjFG6ePtjIr1PaqPzleIVEdmbS1ZfuY5RydchNNgSwxGXKGU9D32pb0:ctwxaq5eIVEd6I95A+hzgSMjGUhW0","tlshash":"d0122b0697349b1ac9298d358cef8dbaa3353fcbf9050757318c7a7e38a2032674518c","first_seen":"2025-05-11T08:12:38.80427Z","last_seen":"2026-03-11T02:04:59.84058Z","times_seen":280,"resource_available":false,"data":null}},"time_used":150,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/stui_default.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/js/stui_default.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 7433\r\nlast-modified: Mon, 28 Nov 2022 03:58:48 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7433,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"7f231ce324e1865c62c3a34ad6021b0d","sha1":"3836b4a73e15f84d7bd2d369f913e36ea3c5c6d2","sha256":"3d40f403dc3f7c8eb502e280ea289944c10fb1adb17239a88969a8c4d21e0c36","sha512":"17f95e6e9e7518484d68a9e092ed83680ca997fd655b923628f902fd0776745e57ef9cfb5166a0957cf4dff4f949fc9b3aafae8ed1100320468b3379d2c5b9b0","ssdeep":"192:oYpTSe3ochkPHqdxJDuRX3WAVb3GHgqMqh5L:FpTS03gKdx9u1WUb3d7qhJ","tlshash":"93e16509b450613a847b7379eb2f6600fa21362760824d12bc7dc6d05fb1c5ab6b9fec","first_seen":"2024-12-31T10:28:51.277282Z","last_seen":"2026-03-11T02:04:59.801672Z","times_seen":273,"resource_available":true,"data":null}},"time_used":581,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":581,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/jquery.lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/js/jquery.lazyload.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 1725\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1625)","md5":"f13257e1a6a3b2077352edf7cd7af4e1","sha1":"0fb4127a71d25438210b4045aa1170ffd1346869","sha256":"4df3b748db289d5deedc9b683734a591419ba18a61fd0e10ce188643e90e1a1b","sha512":"f84480997866800ff52170e3b81473f689fb98a11721138a7825bef3a894d1f01967d3214735a1442910c5387c23437820065438d88fbb7030b943eef8d85b96","ssdeep":"","tlshash":"813142ecbb5258b62034b76f8432c6203399e8f7ad0fd080e2949ca8f89c5716123a57","first_seen":"2023-03-12T18:40:49Z","last_seen":"2026-03-11T02:04:59.770248Z","times_seen":276,"resource_available":true,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":585,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/000/report_error_video/script.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /000/report_error_video/script.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 1698\r\nlast-modified: Sun, 16 Mar 2025 04:30:01 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1698,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"4b9ec7394b9b594781565f4ffc0f7301","sha1":"c5faab0ed52448c2d2af67f89d5c167c32fc9a78","sha256":"aa6ecccaab5ef50d153867b084d7df600be425b8cddea46fa79baba8e61d5247","sha512":"88a2924e5753b36a1eb551101f002b84ffa597617a9987c2c0d7ebc3dcbf832a9b3ed581ed9b5462cdefe3a323c94e2da58074dd2a3542af6bd695febf33b055","ssdeep":"","tlshash":"0a3113bb646f252245ebb15007db7a043531228fa805ed217d3dc7c40fdadb420e66e7","first_seen":"2025-04-18T23:46:35.112204Z","last_seen":"2026-04-04T13:29:05.046323Z","times_seen":6852,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic15.havzy1.com/pic/20220302/f909b1ea2b9453b6e3354ab09bdf6450/1.jpg","fqdn":"pic15.havzy1.com","domain":"havzy1.com","tld":"com"},"ip":{"addr":"104.21.64.102","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"havzy1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Feb 2026 03:08:02 GMT","end":"Fri, 22 May 2026 04:05:50 GMT"},"fingerprint":{"sha1":"F8:F0:5D:3C:27:DF:61:88:1B:63:7C:E4:DD:9E:76:58:BC:00:84:BF","sha256":"0D:BC:79:FF:18:85:1C:90:D2:8D:88:9D:C5:02:5A:B9:A8:CE:B1:56:AC:3F:EC:7C:A6:51:72:44:4D:13:07:1F"}}},"request":{"raw":"GET /pic/20220302/f909b1ea2b9453b6e3354ab09bdf6450/1.jpg HTTP/1.1\r\nHost: pic15.havzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12749\r\nserver: cloudflare\r\nlast-modified: Tue, 01 Mar 2022 23:22:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iKv0YjsLyEkYr2kwvy2Wb9VdHViqJmDha9qfhaFbN5ZAHV54WJKALp%2B4V96ziVojY89s2lNEkEf7SQlNjHPpQqOqXaxg3CcT0ypdMPXQT5g%3D\"}]}\r\ncf-ray: 9d8741ee4a458be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12749,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 406x405, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"2674935cffc6b54c8ab24c04c21b7f51","sha1":"7c683edfe23d30403edc8507556178d200aa4b30","sha256":"8feacf94341cf0a2169349790b672196147a0ee90f6b568c0e2900c9cb134dbe","sha512":"b80a27639ffcb77650c489947d78031dd83cf860feb6a1bfb07f4cab99ae471d9a9a76dcff248e9d62c43c57c501a3d820a26f8d33e6333579e71c5914cd09bb","ssdeep":"384:wVCiw1IB8PRmk+L8JBglriutV2qGukbUmYHeP9pJ:wgIB8PR7JBg4csqWADHqbJ","tlshash":"1742c0c03206ddd6cb6e91f4044f2f4a4f67b5e0141d1bae383de8e885252989da8f7b","first_seen":"2026-01-11T07:26:54.823406Z","last_seen":"2026-03-09T02:23:46.223737Z","times_seen":5,"resource_available":false,"data":null}},"time_used":481,"timings":{"blocked":51,"dns":6,"connect":10,"send":0,"wait":322,"receive":1,"ssl":79},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/ajax/hits?mid=1\u0026id=807971\u0026type=update","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /ajax/hits?mid=1\u0026id=807971\u0026type=update HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ndate: Sat, 07 Mar 2026 05:39:05 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nx-frame-options: Deny\r\ncontent-encoding: gzip\r\nage: 0\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [c sSf ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":96,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d016a4580b9e8343cdfe4e6a325520a3","sha1":"42c1d4f03584631ea5d3684cdfc7c01556188ca7","sha256":"14426ebc27e2b9f6362ddbaf252999fef76327e2cc6ee7e43f60594c9acdce3c","sha512":"3e9724246976025dc8f0427906950f58ae1afde015b4341c2e8b0f965d20b62736735e03a59dbe385b9556e699f1d5c42a0ce12a9c5bd0bc2990311adf70c783","ssdeep":"","tlshash":"f9b0124a28d903828c490014600c1301853c75001c01a2458999eb11804c8e930058f5","first_seen":"2026-03-07T05:39:39.957748Z","last_seen":"2026-03-07T05:39:39.957748Z","times_seen":1,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.mdynieu.com/images/69146317ec12e29e413cb55f.gif","fqdn":"www.mdynieu.com","domain":"mdynieu.com","tld":"com"},"ip":{"addr":"161.129.35.210","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mdynieu.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Fri, 12 Dec 2025 00:00:00 GMT","end":"Thu, 12 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A0:E7:35:D4:DC:48:E4:5E:1B:FF:4B:B6:D3:6D:0D:58:B1:F6:27:29","sha256":"D2:17:69:66:D0:31:B0:DE:3F:24:F3:24:DB:38:FC:40:63:C5:36:DC:5B:B0:8F:60:02:55:7A:68:1D:EA:44:7C"}}},"request":{"raw":"GET /images/69146317ec12e29e413cb55f.gif HTTP/1.1\r\nHost: www.mdynieu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-length: 0\r\nreferrer-policy: no-referrer\r\ncache-control: max-age=600\r\nlocation: https://img.meituan.net/portalweb/27a1e3a72fece63c3ff55f2c96c993a5588276.gif\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":406836,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1249,"timings":{"blocked":-1,"dns":72,"connect":247,"send":0,"wait":238,"receive":0,"ssl":680},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xh26031.8688.console.qpo1h.com:5478/8688/xh960x120-4.gif","fqdn":"xh26031.8688.console.qpo1h.com","domain":"qpo1h.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.470Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /8688/xh960x120-4.gif HTTP/1.1\r\nHost: xh26031.8688.console.qpo1h.com:5478\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":847,"timings":{"blocked":-1,"dns":847,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic13.anzise.com/pic/20220212/1a7dc3ea905f80b2ea04110c32bf17a2/1.jpg","fqdn":"pic13.anzise.com","domain":"anzise.com","tld":"com"},"ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anzise.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Feb 2026 19:40:48 GMT","end":"Mon, 11 May 2026 20:38:19 GMT"},"fingerprint":{"sha1":"C5:FC:04:DB:35:A4:BA:50:95:D8:4C:BE:86:4F:70:E1:C8:5E:7A:79","sha256":"94:D4:9A:8A:42:B2:44:DE:41:42:4C:B8:A3:DD:65:7E:CE:85:3D:18:F8:A0:4A:F3:96:F1:09:42:BB:D4:D1:C7"}}},"request":{"raw":"GET /pic/20220212/1a7dc3ea905f80b2ea04110c32bf17a2/1.jpg HTTP/1.1\r\nHost: pic13.anzise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15438\r\nserver: cloudflare\r\nlast-modified: Sat, 12 Feb 2022 08:10:01 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aMXRYKAhzFP%2BWMGH%2F%2BdnHg2WGPDD0ZU6vhE889GTIcwXqGQcuhcJ81FApsnWFBpsTa73cwippzpAQOZQXWddM8CfMm8B%2BuFMvexj2P9gU20%3D\"}]}\r\ncf-ray: 9d8741ee8ee01ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15438,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 136x135, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 270x480, components 3","md5":"f600524b37bcd0dfe7688673ea3d2383","sha1":"9a6cef341f7c9b1643d850f0ef6b44c244d9d73e","sha256":"38f486bf8a2b93811a747872b18f0086e05e2da5edad29b7f2306e7a4d4563e4","sha512":"13b66a8d0095bdca81435835aec80abe4f55f2fdb979c0977151271512ea5d44bf1b483dba45aaba77d0cde545fd6e8fbc0f779ce8d1d5109f021a5e69d371ed","ssdeep":"384:WjqoDnVlkyNUiUPkVOBpIsFpNuqJ/j5UdjZ5rqfZJOyKDbfP:WOQAyfVOosHoqhj2Z5rwbO5D7P","tlshash":"ac62c08853420c09d0e8bae840072dc1774473e9bc434b7ae995d9f89c0ed79a84b3ef","first_seen":"2025-10-28T08:34:03.21049Z","last_seen":"2026-03-07T05:39:39.959607Z","times_seen":5,"resource_available":false,"data":null}},"time_used":594,"timings":{"blocked":-1,"dns":6,"connect":11,"send":0,"wait":323,"receive":149,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic16.seaige.com/pic/20220227/d6499431c86ab14215987258d0153f41/1.jpg","fqdn":"pic16.seaige.com","domain":"seaige.com","tld":"com"},"ip":{"addr":"172.67.148.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"seaige.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 07:33:34 GMT","end":"Mon, 13 Apr 2026 08:32:12 GMT"},"fingerprint":{"sha1":"19:EE:9B:AB:41:95:87:98:13:6D:A8:B7:E9:1F:6D:21:D7:EA:56:03","sha256":"36:37:FF:D3:08:18:6A:E6:07:B3:60:AA:73:6D:CD:9F:1B:56:96:58:D9:C6:70:19:7E:A7:BF:36:3B:62:4E:78"}}},"request":{"raw":"GET /pic/20220227/d6499431c86ab14215987258d0153f41/1.jpg HTTP/1.1\r\nHost: pic16.seaige.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10802\r\nserver: cloudflare\r\nlast-modified: Sun, 27 Feb 2022 14:22:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=opslQTrIZKu68JGzYhXdNH%2BjLVXNDXxJmF7Fvp3Mv8l4gs%2FlW2a4cRvgunIc%2FsSUGKwn2yrcoijJDxs%2FYCdTpNP8MC4v4reKonPYAAudClE%3D\"}]}\r\ncf-ray: 9d8741eeb8a42efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10802,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 1079x1080, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x416, components 3","md5":"36b04c5e8b3dbd955a3cbbaa3e769913","sha1":"feae4afec1abad4cf26ca0f25624dcd7dad703d4","sha256":"2fa1bbe0e2227e2e4dee2c8dd58dd4de54bdb7b9b537f9df5e0a9b32e14374e5","sha512":"380467b228aaadd167352ecc1d91d133fabc32b6789a2a8de3b3a1a8b196247c82f883506cc42e7ca5ae133e618eae1c9cbc38f233802355b459d3cb7fbd7d74","ssdeep":"192:T4FKmg/YKyKUlU47wUyLaCMN/ct5yXjZfMhYuxuxuxuxuxuxuxuxuxu/:Qg/YKyKYdqget5iUOuxuxuxuxuxuxuxm","tlshash":"7122f8dad31484c6c2a5a1f30a776f4c6f452998724c00537ee66af8b5707e0bd7ea31","first_seen":"2025-09-19T02:34:23.615784Z","last_seen":"2026-03-07T05:39:39.96153Z","times_seen":8,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":122,"dns":19,"connect":15,"send":0,"wait":317,"receive":1,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic16.msn87.com/pic/20220223/5931269ea66b28f570eae99a499f15ee/1.jpg","fqdn":"pic16.msn87.com","domain":"msn87.com","tld":"com"},"ip":{"addr":"172.67.159.163","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msn87.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 13:25:18 GMT","end":"Sun, 26 Apr 2026 14:22:52 GMT"},"fingerprint":{"sha1":"17:FF:4C:48:3D:71:5D:0A:16:56:F8:C6:83:AD:79:7A:BE:15:38:BD","sha256":"A3:C2:38:F1:41:2F:F8:86:C6:10:09:51:FD:D2:4D:05:39:FF:B2:92:3C:16:EA:6B:FB:FE:ED:7C:C1:0E:6D:3B"}}},"request":{"raw":"GET /pic/20220223/5931269ea66b28f570eae99a499f15ee/1.jpg HTTP/1.1\r\nHost: pic16.msn87.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19820\r\nserver: cloudflare\r\nlast-modified: Wed, 23 Feb 2022 03:54:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UafsmsNawP5%2FEUWGb8OwP%2F6aIyP8wsGnQLtiNGs07meHgl59VJ1UJmmhXOZTKpfS52DAYarkjh%2BZZMfqWO7wLErSJtXDV%2BDipO7O7aIuMw%3D%3D\"}]}\r\ncf-ray: 9d8741eeae8f0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19820,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 10759x10800, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"3cea470777e8ae9b8857416fa6885eb6","sha1":"6bc4e92ede3e82048426d1ae8d4b7214607afe5a","sha256":"25a64336c8de1f614b92d771f43cc2ca81188819de8f819912fade7540a06f3c","sha512":"62a16a2303c3c6668c9912380a31084c0f3da7e2497b7156942c02b3cb87c4a68c0f61720ac127dc5e375af00f79ce433547c78afe28796243338155df446c73","ssdeep":"384:yQIoN5MHp/+96CfQBNvT46bRaw1nCV5LPCu7NCUkEM4C+SU:P8HA96CIjTbLpCVT7kSqU","tlshash":"3a92e1366651a2b093a6ccfc195676018b83c617ec08472a8fcc1c8dc3974413bcba66","first_seen":"2025-10-28T08:34:03.192551Z","last_seen":"2026-03-12T23:04:18.847798Z","times_seen":4,"resource_available":false,"data":null}},"time_used":605,"timings":{"blocked":-1,"dns":5,"connect":14,"send":0,"wait":317,"receive":157,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/images/bg.jpg","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:04.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/images/bg.jpg HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_custom.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: image/jpeg\r\ncontent-length: 952025\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":952025,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2019:10:26 13:53:48], baseline, precision 8, 1920x1024, components 3","md5":"bc82604928704df760442a998901fb32","sha1":"3959ebbc224dc0c9b1a02f9c74808b85759fe5ac","sha256":"c8d15a3625795e17188a1b3356679e5acdb54b9fe3e7f2862c448556fcb832e1","sha512":"8e30a5694e3e65dd1eaba7d9e8a3b329894a5e20a2d6b62c15b82001448d2675148d7f52306a8f69cc9de5f2fc3f14dd2e62102a34c40c734a1c852a4699438d","ssdeep":"12288:8vQYBAt/XUPr8y5bNDkR0qwvM5T4QTqmO07Hc8n6WwSjzMa8zQEKiw8mFB48OqmM:uy/X0HbhM9J7O8wS/8rKjxFBfdlX","tlshash":"471523e48f3b6a58d856d57e93531bcc896224735329e82078cfb49bb710316fe6272c","first_seen":"2024-12-31T10:28:51.403753Z","last_seen":"2026-03-11T02:04:59.774977Z","times_seen":267,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":227,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 218186\r\ndate: Tue, 10 Feb 2026 08:16:14 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.094\r\ntraceid: a3b5019d17707113743023013e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache19.l2de4[0,0,200-0,H], ens-cache2.l2de4[0,0], ens-cache22.se3[0,0,200-0,H], ens-cache9.se3[5,0]\r\naccess-control-allow-origin: *\r\nage: 2150571\r\nali-swift-global-savetime: 1770711374\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 10 Feb 2026 08:33:40 GMT\r\nx-swift-cachetime: 31534954\r\nback_uri: /imgextra/i4/4183327079/O1CN011SH9va22AErRbNeqF_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 5\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619457087575e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":218186,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"c746674e75d4ad03a61fdb261ee49376","sha1":"8cf71520c90c49746b49b3d4172bec815f88ee9c","sha256":"d6c1f96b8762b8f0d419fae7639ee8e519f2c0714d3a765288cd08bc58d4424f","sha512":"03a5ca97a917978cfb706777139f3cc069c6c8e06b09872c9783baa4aee2a701bc49ded5b8713748d6a90ff3f79ab0dd6aaf497e6863f44abe03e32cac5721fd","ssdeep":"3072:n9qyzDgNNsg1X0jksIxGcivXXfG2Qk6hBKofVLHhLHd6DlzLgkHEXLZ0EUHQ5JC+:nkQkTkwsmivXMk6hE8VT6z9EMHQPH7","tlshash":"dd2413479e0f1c4665c41b1ab473a3b71b32cb9cfa83506e43667e7b81a84b97207937","first_seen":"2026-02-10T10:56:09.229979Z","last_seen":"2026-04-04T15:25:57.38549Z","times_seen":2204,"resource_available":false,"data":null}},"time_used":390,"timings":{"blocked":-1,"dns":272,"connect":7,"send":0,"wait":29,"receive":12,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2026tu.myxuanxuan.com/mt2026-8qssd0z7qb","fqdn":"2026tu.myxuanxuan.com","domain":"myxuanxuan.com","tld":"com"},"ip":{"addr":"43.159.77.132","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2026tu.myxuanxuan.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 18 Jan 2026 00:00:00 GMT","end":"Mon, 18 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"89:A5:51:BC:5F:09:A7:47:86:8A:45:EC:EE:78:46:C6:17:A3:08:CD","sha256":"02:BE:A0:16:7A:20:13:EB:60:A2:1D:D0:AF:87:4C:A4:41:0C:07:C7:1A:35:F8:CA:F3:EC:E7:F0:21:5F:15:C7"}}},"request":{"raw":"GET /mt2026-8qssd0z7qb HTTP/1.1\r\nHost: 2026tu.myxuanxuan.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 05:38:54 GMT\r\ncontent-type: text/html\r\nlocation: https://img.alicdn.com/imgextra/i3/2215209493335/O1CN010JTbhN1aVU01WrBDj_!!2215209493335-1-chatting.gif\r\ncontent-length: 138\r\nx-nws-log-uuid: 15420011704854744859\r\nx-cache-lookup: Cache Miss\r\nstrict-transport-security: max-age=1;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":643569,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1443,"timings":{"blocked":-1,"dns":780,"connect":160,"send":0,"wait":264,"receive":0,"ssl":239},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"txdy.hznunxc.com/960x120.gif","fqdn":"txdy.hznunxc.com","domain":"hznunxc.com","tld":"com"},"ip":{"addr":"157.185.128.120","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"txdy.hznunxc.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 11 Feb 2026 00:00:00 GMT","end":"Mon, 11 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"90:1B:5C:BB:4A:86:94:97:1F:FD:C6:4E:1E:49:73:4B:A8:80:1F:A7","sha256":"AF:92:C9:25:B6:70:75:C0:04:EC:5E:04:B8:5F:6F:C1:11:04:3A:C3:D6:3E:61:46:65:D5:81:E5:D9:BE:03:37"}}},"request":{"raw":"GET /960x120.gif HTTP/1.1\r\nHost: txdy.hznunxc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 119760\r\nexpires: Sat, 14 Mar 2026 12:28:02 GMT\r\nserver: nginx\r\nlast-modified: Mon, 29 Dec 2025 06:33:05 GMT\r\nvary: Accept-Encoding\r\netag: \"695220a1-1d3d0\"\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nvia: 1.1 PS-ORD-04i3e151:8 (W), 1.1 PS-FRA-01uMN61:10 (W), 0.0 PS-CDG-04gzn111:6 (W)\r\nage: 1962664\r\nx-px: ht PS-CDG-04gzn111none\r\nx-ws-request-id: 69abb9fa_PS-CDG-04gzn111_40153-23300\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119760,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"149b6d51518d57a39011a6971132ffa2","sha1":"529eeaead1047e4eddd186cfad5015aa987c4e14","sha256":"72c2db6b6259e584134783af7112131d031638bd29be489d53f58d7db2a8b7fb","sha512":"2e2e211b2e27bb10b1deed4cb4460866eeaff5ae5bcac6a550d7906225add955ad68ae8efdf5133d8fb7783a29d00cb72d170af8305c4fd510b5e3ea5a0a155f","ssdeep":"3072:l/GDzsUvQAUdTbhVQ3VFYDAoY/JJM6jqYm433v1:u4UI3TbKVcYDMFQ339","tlshash":"36c3123b424b4782376d70b07bf1e6058186800eae7a3597a562ca870fb1e7585ddc93","first_seen":"2025-12-29T08:49:02.459481Z","last_seen":"2026-04-04T13:29:05.030237Z","times_seen":4444,"resource_available":false,"data":null}},"time_used":1017,"timings":{"blocked":-1,"dns":534,"connect":27,"send":0,"wait":29,"receive":36,"ssl":391},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 343870\r\ndate: Tue, 24 Feb 2026 09:21:16 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 9b66a79b17719248762374431e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache25.l2de4[0,0,200-0,H], ens-cache26.l2de4[1,0], ens-cache1.se3[0,0,200-0,H], ens-cache9.se3[3,0]\r\naccess-control-allow-origin: *\r\nage: 937069\r\nali-swift-global-savetime: 1771924876\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 24 Feb 2026 09:43:51 GMT\r\nx-swift-cachetime: 31534645\r\nback_uri: /imgextra/i2/O1CN01NVNrIJ1rGgfwg3qhu_!!2216598935604-1-fleamarket.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619457167583e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":343870,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"238239bf4773f01ca956b4660db9fc08","sha1":"b16e1c73e5b4baa750f587eb54dfcbeac7f53a13","sha256":"3ef3e2cdea8b61bd88b40faf96f6b6c2dfc326104b04ee58f1f4b1798dfb7668","sha512":"97df4878d6567c54a0bce399d2b9b59d132f45b59c839c3d0968a623d6cd2f476c06006d77bf2905e8d6a1ab28709193c01fb384630c08f0508950ea126d8dd4","ssdeep":"6144:skDFXvr1efkuVrBSJVEL0KLIN/odsqTwtZfV0KLkbMHjnFf5n1QL9CFMEk9V1:ssF/r1dudB2EYKW/o+qTAJCKobMpxn1I","tlshash":"3c7423fe483949d4316b3e6518376eff00e8fe29125962567dffb4e270c482c119b6a2","first_seen":"2026-02-24T09:59:59.873572Z","last_seen":"2026-03-15T07:53:53.560019Z","times_seen":1004,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":-1,"dns":266,"connect":11,"send":0,"wait":59,"receive":29,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 303863\r\ndate: Tue, 24 Feb 2026 09:21:40 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.002\r\ntraceid: 9b66a79b17719248998917462e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache28.l2de4[0,0,200-0,H], ens-cache25.l2de4[1,0], ens-cache14.se3[0,0,200-0,H], ens-cache9.se3[5,0]\r\naccess-control-allow-origin: *\r\nage: 937045\r\nali-swift-global-savetime: 1771924900\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Tue, 24 Feb 2026 09:43:52 GMT\r\nx-swift-cachetime: 31534668\r\nback_uri: /imgextra/i2/O1CN01vSQFbP1rGgfuXaTU7_!!2216598935604-1-fleamarket.gif_.avif\r\nvary: Accept\r\ns-rt: 5\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619457137582e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":303863,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"de72cd3f9bb03e02f5ed7c191fc47e25","sha1":"1f1da79e3ea10cc974149b4fd61236d7aaf0cbba","sha256":"88bc662ac1dc810b16d8c81e024975ec22af3497c510036158f5799da1b4b874","sha512":"be2488a9b17fc4ac4ca2e24177ed9bd673b6514929df0344fa626af305073862d30fa0bfcb290f4b09984e51dd7790dc6af53ace8b9e68a936771f982b7d3da7","ssdeep":"6144:0yBudqBvMzajcmhzfOmZIJ6MLkrN78j6Z8BdaAR50OsE8uZr:1B4qBvRjcmhCSI8ZS6CR50OsEhB","tlshash":"0254232e919b11304cd6a6383d7e66f700f6dc7509a143125dfba6cda4979bc2ce8ca1","first_seen":"2026-02-24T09:59:59.817588Z","last_seen":"2026-03-15T07:53:53.563962Z","times_seen":1005,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":255,"connect":11,"send":0,"wait":51,"receive":8,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:11.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 71518\r\ndate: Sun, 04 Jan 2026 07:16:14 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: a3b5839717675109745792448e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache26.l2de4[0,8,200-0,H], ens-cache8.l2de4[10,0], ens-cache24.se3[0,0,200-0,H], ens-cache9.se3[3,0]\r\naccess-control-allow-origin: *\r\nage: 5350977\r\nali-swift-global-savetime: 1767510974\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 30331912\r\nback_uri: /imgextra/i1/2217565595682/O1CN01JKJBL71rqPYr9sHRK_!!2217565595682.gif_.avif\r\nvary: Accept\r\ns-rt: 3\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619514331184e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":71518,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"77124bec289e16c03715536db0a93a69","sha1":"5de89ae0a04b1f38fad10253e63173c0b686ad35","sha256":"a3485681d348a07947e41b4b1f4ae28733254265db0fd08ac9db716c3733c769","sha512":"5690c31f2995495454b1e9f46b74b696c0418985c5d49d8ab68975b731876e461df8cd05bb027cf3d871191a500bd273b649d037e9e1719c890784e368206c54","ssdeep":"1536:E8dgdKUYKUsoK6sIET9wjMr/JF+aPbqiuYZtJvfDD:E+zUvwhEBwjM7+YyYZtJvfDD","tlshash":"8e630233a165d51fd223253ca591909dba377fe1cd6671f9f6c7cf478a08083c9aa828","first_seen":"2026-01-04T07:53:55.650353Z","last_seen":"2026-04-04T13:29:04.973687Z","times_seen":4020,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/home.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/home.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 21303\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21303,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (310)","md5":"76033e849ea3eaaaf2ee30234c201d42","sha1":"2ebff75cbb0f01f21541591f5b913b1ad807bc8c","sha256":"621a59634240b148bf71d280734527cf1f5bcb73cb363670d3e17a79dd2aa127","sha512":"3b626747f35232f4eb4ed0980f369f1bbb734edba096f6e4408717b925a9f0c995e7048e27dd22447140a3e068d115aa67d11a0654194feff7d178a01bc4063c","ssdeep":"384:XnyduJhhJQInrPgLZiS0Wa2N79nI1SaEAsVWkcEMtEUphhl6mPJZRBL5HvMPf:ikB5Sqq79nI1SaEAsVWkcEMtEUDhl6ma","tlshash":"efa28422d6475c0db12be5b07c6a5bae334f5067a6073bacfda73428c18d2b80532789","first_seen":"2025-04-07T20:38:33.162771Z","last_seen":"2026-04-04T13:17:57.55397Z","times_seen":2722,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/iconfont.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/iconfont.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 19902\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19902,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16467), with CRLF line terminators","md5":"39c2739b6d55e9832b6c0e7d9d41b1fc","sha1":"db0f8bb9f305d2707e4534b1cd81832d8351443f","sha256":"e008aff2fa6af8c6c807ef56e9941ec779ff610ce6cf4593b68bf428b0083bdf","sha512":"304ee57da4b65768df28a2c4444d707f215baee1785c2c9e6462845a2506955b47b021448fb639ea3444ca49491b32de4503f7c1cbda75149a6ee0a0380ad763","ssdeep":"384:ADvOCmyD64axmrZmdyES6+OZz12R1Z6EvzdmDAugHQFy:AjOCjDxakZhJuF12R1HADAugHcy","tlshash":"ec925b77894e24a21711f599f24362459f94776a9a821caff08b3d8c83fb21893c77dc","first_seen":"2025-05-11T08:12:38.776845Z","last_seen":"2026-03-11T02:04:59.815639Z","times_seen":268,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":313,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic17.ysj77.com/pic/20220305/2d9aac05889dcca3e5057ff96986722e/1.jpg","fqdn":"pic17.ysj77.com","domain":"ysj77.com","tld":"com"},"ip":{"addr":"172.67.184.92","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ysj77.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 27 Jan 2026 06:29:19 GMT","end":"Mon, 27 Apr 2026 07:26:51 GMT"},"fingerprint":{"sha1":"0A:1A:82:10:D0:C2:10:8B:54:7A:7F:87:81:41:4D:F7:87:59:5B:5C","sha256":"52:17:3B:A7:00:6E:E8:6C:25:9E:BF:B9:76:97:A4:6A:02:0F:9D:F4:68:9F:4E:DA:B1:D3:EB:E7:B6:1F:81:2D"}}},"request":{"raw":"GET /pic/20220305/2d9aac05889dcca3e5057ff96986722e/1.jpg HTTP/1.1\r\nHost: pic17.ysj77.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18421\r\nserver: cloudflare\r\nlast-modified: Fri, 04 Mar 2022 16:53:01 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uPLbzQ%2B8KPurve0w5TA6VivKnDYyCdZfuGQHNeiAP21gXUmm5hlwly5WGwa7n5Dps3asCbv069XRdzBVOEwnWqjdlG1n6Ph1i9kIZP6veg%3D%3D\"}]}\r\ncf-ray: 9d8741ee4f13b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18421,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 406x405, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"033b9a7fb1f1fa8ec5da28fbb6a4e36d","sha1":"ab3c3d6945d99de5884c7d4c93fc9bf35e4b973f","sha256":"e84ca4bdfc39359eca19a3a63bf05f6501c16f167a4093a666d466e81dd51a2d","sha512":"eab22d4c3486da061f6d3044351732f2505d5e688a5c665e00d7fbc5dca62b9c9de80283fd13e0efcee02f079f503b14bb76d79ac0e06aafe7265972da74b057","ssdeep":"384:zE/N3hFlywTyvwNEFmDNnjDa5xr+o4cHVw8yutHOZ7ymOAkk:6TlTxNEENnja6GHVlEZ7ymOAL","tlshash":"2f82d02f2d481e1bf3da4b2eed56744c8a3a5e1e57493d3103ab32ecb58e812385c42c","first_seen":"2025-08-23T07:06:02.274172Z","last_seen":"2026-03-07T05:39:39.972527Z","times_seen":6,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":52,"dns":6,"connect":6,"send":0,"wait":324,"receive":159,"ssl":87},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1212.syhze.com/8888/xm/5088/120.gif","fqdn":"img1212.syhze.com","domain":"syhze.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1212.syhze.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 05:10:16 GMT","end":"Thu, 21 May 2026 05:10:15 GMT"},"fingerprint":{"sha1":"0E:AF:BB:57:33:D9:8E:52:FC:E0:72:FB:99:E6:06:AE:75:3F:77:CD","sha256":"73:97:CE:47:3B:96:59:73:01:A9:E5:B5:E4:AA:29:99:2E:75:1A:0E:52:57:08:31:66:51:91:6E:D4:8A:EC:94"}}},"request":{"raw":"GET /8888/xm/5088/120.gif HTTP/1.1\r\nHost: img1212.syhze.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 443228\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Mon, 16 Sep 2024 13:02:03 GMT\r\netag: \"66e82c4b-6c35c\"\r\nexpires: Mon, 06 Apr 2026 05:15:21 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":443228,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"6dfeb48901b7cd79256ac55ca0e057ad","sha1":"7f5be548b85f2c58a5a75f89831a60372e1fd49e","sha256":"077c10e1c5dda6d69f6cdb1cd61bd9b88d46ab20a09a0d1cd575348b422a80f6","sha512":"eb336246e254747a2ba6cc9ce2a793aa4919f2dce04f7327f82f33fbf1b7177a0a828bb4fdb687af252189476332345f9ca15e7a1163b0c572194b8b27464c45","ssdeep":"12288:bITYwMITYwMITwzFWFbSimWFbSimWFFL851b251b251b251ba:sYwTYwTakQcQc/87272727a","tlshash":"bb9412d3e4ea2823c6a62244ca9df7d57f411156653ea3d79b6b3f100e52d22e0ced09","first_seen":"2025-11-21T00:36:15.409425Z","last_seen":"2026-04-04T13:29:05.004557Z","times_seen":8015,"resource_available":false,"data":null}},"time_used":3657,"timings":{"blocked":916,"dns":84,"connect":275,"send":0,"wait":1151,"receive":635,"ssl":589},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img1212.syhze.com/8888/mbh/960x120.gif","fqdn":"img1212.syhze.com","domain":"syhze.com","tld":"com"},"ip":{"addr":"205.198.65.15","port":443,"asn":138997,"as":"Eons Data Communications Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img1212.syhze.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Feb 2026 05:10:16 GMT","end":"Thu, 21 May 2026 05:10:15 GMT"},"fingerprint":{"sha1":"0E:AF:BB:57:33:D9:8E:52:FC:E0:72:FB:99:E6:06:AE:75:3F:77:CD","sha256":"73:97:CE:47:3B:96:59:73:01:A9:E5:B5:E4:AA:29:99:2E:75:1A:0E:52:57:08:31:66:51:91:6E:D4:8A:EC:94"}}},"request":{"raw":"GET /8888/mbh/960x120.gif HTTP/1.1\r\nHost: img1212.syhze.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:06 GMT\r\ncontent-type: image/gif\r\ncontent-length: 496600\r\nstrict-transport-security: max-age=31536000\r\nlast-modified: Fri, 30 Jan 2026 13:22:20 GMT\r\netag: \"697cb08c-793d8\"\r\nexpires: Mon, 06 Apr 2026 05:15:23 GMT\r\ncache-control: max-age=2592000\r\nserver: nginx\r\nx-cache-status: HIT\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-headers: *\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1728000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":496600,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"98f1aab916043713d1744086a4aac70d","sha1":"abbc50f57afaea6090ffec73c53bc824926db831","sha256":"4bcfe3c6ff3dcd160bd51a92164046ed60b025895dc6affc06db0d6d88b77259","sha512":"50aded0afad0a2f06bc9b5dd4ba767e64e5cf59b627ee62ce66bf3a769b0fddfa7533cb591e0ad6dfd3be42afa77d37181ea9fd7dac487946081ee0f24e837f0","ssdeep":"6144:9G4QxSTTMRTTMRTTMRfE3O4+g2CjZnFaYG/eFVVL:E0T4RT4RT4RyO4fFZFaL/Q","tlshash":"c3b423ec487fcd5dc8b22c2c3143023349a2b17879df88626793b9d7e5d6b196a82d35","first_seen":"2026-01-31T02:19:27.411392Z","last_seen":"2026-04-04T15:25:57.371862Z","times_seen":2803,"resource_available":false,"data":null}},"time_used":2628,"timings":{"blocked":-1,"dns":51,"connect":256,"send":0,"wait":516,"receive":1195,"ssl":601},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"video5.bpzy1.com/video/20211029/9dca708fcf67a4c88e91cb24168fb469/index_000.ts","fqdn":"video5.bpzy1.com","domain":"bpzy1.com","tld":"com"},"ip":{"addr":"172.93.103.92","port":443,"asn":23470,"as":"RELIABLESITE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bpzy1.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 06 Jan 2026 11:02:10 GMT","end":"Mon, 06 Apr 2026 11:02:09 GMT"},"fingerprint":{"sha1":"6C:DF:03:7E:27:4D:65:45:B0:4B:31:E1:73:66:D3:AC:4A:12:91:AB","sha256":"E8:9E:55:BA:43:7B:A5:BF:EB:B8:0D:1A:42:97:80:1E:75:7A:4D:D8:6B:B4:44:A8:B4:86:7B:12:3C:60:7D:2B"}}},"request":{"raw":"GET /video/20211029/9dca708fcf67a4c88e91cb24168fb469/index_000.ts HTTP/1.1\r\nHost: video5.bpzy1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aqf.yrjj7.help\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: video/mp2t\r\ncontent-length: 407960\r\nlast-modified: Thu, 28 Oct 2021 21:02:06 GMT\r\ncache-control: public, max-age=2592000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":407960,"size_decoded":0,"mime_type":"video/mp2t","magic":"data","md5":"3e4271e7e70a2ff72caf49bf52129c4e","sha1":"42bd257191e4c6e58fe780f61dd5169a6b811975","sha256":"c3a3cea5c85f1b5dd69f68ca1669540e25f26e62454fdd76511502e7f0db29ea","sha512":"cebdcfe05ac373c45c4f10dc3e6ce036557b4fe760a9f16270e30f21805d2fedf98b517b783991f85b4d17772fd6caaa4355159309ce16d1c6bbc6e3373a1963","ssdeep":"6144:dDjq3Sy8bJ/SIEg5X9TblGKc9vEXlxK7u28FN1M2z4o05COZEL2ROcZITc+nye:dIE7GKc92WOn4P9Z+2ROk0c+nH","tlshash":"0d84127c3b0eb872c94682b20b549af2e3601d5943463e562e48731df4fcbd6ea14e69","first_seen":"2026-03-07T05:39:39.975789Z","last_seen":"2026-03-07T05:39:39.975789Z","times_seen":1,"resource_available":false,"data":null}},"time_used":513,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":394,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/css/stui_custom.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/css/stui_custom.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 7184\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7184,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"5cf07a615feb2c7badba17568d54d867","sha1":"254a3471f5a1789ce1393fe472fd9b06bc0b5320","sha256":"33229779e47c3c87ccb6dd53e394252ead4033504adb870ca3a2d96d84d69cf0","sha512":"fe4394f3dfa32ad3e0a7aea10a4b16fc2ecb97382daab8628d7b94a78539b2ead2dc6a47d61ef518694a67ece4eda79fb2788ac910e003308de6f06739e244f0","ssdeep":"96:yx3nTMi4RkPvkgeu+WwZee8SP1fjOaICa3zzg9ygSdgznqf8eN5VRB0P:yx3nTMiGkXqT5P1fCbC/sgSYqf8wRB0P","tlshash":"efe10362de0a142a313bcaee21f2d542eae770d0f9052bbd7e632059ff4d0c9583e585","first_seen":"2024-12-31T10:28:51.280111Z","last_seen":"2026-03-11T02:04:59.769486Z","times_seen":270,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":429,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/abc/fixed_ui_79290e.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /abc/fixed_ui_79290e.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\ncontent-length: 5587\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5587,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"de6e298dea087bc408e60a23fefc7383","sha1":"235492a4c6c580faa77da25e3521e9a4f8c64c73","sha256":"ab5342e37e737520e41c11fd4a1a6323f3a9dfffc88f058a75037e496d6d77c5","sha512":"1038a3ec607df2ed99337429df63bfed14858c2221ed20672ff4bd4be6cc31d75a13c13606705ac6ad01a907be12dc3d2f5020856d76977a26ebeca3fc84d06a","ssdeep":"96:NIrFraMEXqMwEUxg2P7rEqfEPTzg29CuPJkiTRoP5VYb5G6JS/lWrNaMasKQmX:yBgwTm2P7rTfsT8UCuPJc5VGGg+gplmX","tlshash":"fcb1b45e79e33096892370b88fff140c36329013650edd947c1d91646fa9bd466b2fe9","first_seen":"2026-03-07T05:39:39.909432Z","last_seen":"2026-03-07T05:39:39.909432Z","times_seen":1,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic18.anzise.com/pic/20220317/d839b67564e008c21935bb300a92cb2b/1.jpg","fqdn":"pic18.anzise.com","domain":"anzise.com","tld":"com"},"ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anzise.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Feb 2026 19:40:48 GMT","end":"Mon, 11 May 2026 20:38:19 GMT"},"fingerprint":{"sha1":"C5:FC:04:DB:35:A4:BA:50:95:D8:4C:BE:86:4F:70:E1:C8:5E:7A:79","sha256":"94:D4:9A:8A:42:B2:44:DE:41:42:4C:B8:A3:DD:65:7E:CE:85:3D:18:F8:A0:4A:F3:96:F1:09:42:BB:D4:D1:C7"}}},"request":{"raw":"GET /pic/20220317/d839b67564e008c21935bb300a92cb2b/1.jpg HTTP/1.1\r\nHost: pic18.anzise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17617\r\nserver: cloudflare\r\nlast-modified: Wed, 16 Mar 2022 21:53:02 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tflosFtc0YEItPUxYYoJx8OVIqJ69OrFXQNHc4pp2VyqatQ6iuAvvI9qSsaqxSGt%2F29xrv6pt6HS1QpvmZl25fVkwpfrcKZrSbV7EGGf2%2Fg%3D\"}]}\r\ncf-ray: 9d8741ee6ebf1ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17617,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 480x480, components 3","md5":"9eeac8e6c000643f8f5ff82a363ada74","sha1":"63590d6c459afd46e6e14ecce1c7d200fb57aa99","sha256":"a4a9e2946cb91a08cf14ec76db6dd656fd2c2d5d12460db159f8a48711ee2349","sha512":"9f6d6b1f173552af5c7b5b056ce4dee8df3512388a1c8fe6bb27d751f33634203a5998bcf127776c268ed2c54ac71d30e3758ce3464d601ca6a6548fb7137ef3","ssdeep":"384:MjvfqbItEdEAXBUhdud941AefwkMTqRGBpVZHvlPQ:MjvCbIAXBX94/fwkXEXHNPQ","tlshash":"8c82d0160d542502e9eb782fdf43e08de54e3e07c13adb7a32466a0fde84ca1aca158d","first_seen":"2026-03-07T05:39:39.978966Z","last_seen":"2026-03-07T05:39:39.978966Z","times_seen":1,"resource_available":false,"data":null}},"time_used":655,"timings":{"blocked":65,"dns":4,"connect":9,"send":0,"wait":314,"receive":155,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"11221.xn--gps-8y0gm25n.xn--55qx5d/d/11221?_t=1766049818","fqdn":"11221.xn--gps-8y0gm25n.xn--55qx5d","domain":"11221.xn--gps-8y0gm25n.xn--55qx5d","tld":""},"ip":{"addr":"27.155.113.137","port":443,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xn--gps-8y0gm25n.xn--55qx5d","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 14:22:13 GMT","end":"Tue, 07 Apr 2026 14:22:12 GMT"},"fingerprint":{"sha1":"01:F6:A8:64:D2:BF:90:49:78:62:32:E0:6F:0D:E9:33:66:39:30:EF","sha256":"5D:E4:BC:B9:AE:B1:76:CF:D1:39:B2:34:04:CA:CA:2F:97:94:D8:E3:B1:2D:D1:41:C3:4B:27:0D:1C:BF:03:26"}}},"request":{"raw":"GET /d/11221?_t=1766049818 HTTP/1.1\r\nHost: 11221.xn--gps-8y0gm25n.xn--55qx5d\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 05:39:07 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://fsffbhd.4000522777.xn--fiqs8s/9acf3f15aa2f10616fcec1e9f8124088.gif?_t=1766049818\r\ncache-control: public, max-age=900\r\nexpires: Saturday, 07-Mar-2026 05:39:07 GMT\r\nstrict-transport-security: max-age=31536000\r\nx-via-jsl: 4c4992c,-\r\nset-cookie: __jsluid_s=489e43ef50e415364f6c6eff3a6ed7d2; max-age=31536000; path=/; HttpOnly; SameSite=None; secure\r\nx-cache: miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":596432,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":1921,"timings":{"blocked":-1,"dns":1006,"connect":286,"send":0,"wait":333,"receive":0,"ssl":295},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:06.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 292628\r\ndate: Mon, 05 Jan 2026 06:12:44 GMT\r\nlast-modified: Tue, 11 Nov 2025 08:55:36 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.062\r\ntraceid: a3b58aa117675935639996215e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache40.l2de4[0,8,200-0,H], ens-cache40.l2de4[10,0], ens-cache1.se3[0,0,200-0,H], ens-cache9.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 5268382\r\nali-swift-global-savetime: 1767593564\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 30414502\r\nback_uri: /imgextra/i4/2207246784654/O1CN014PyHeq1kFaOP6Xhwn_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619464627842e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":292628,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"3a29654deae45805d8794954abbb5044","sha1":"42691fc8287fde23d6f03fb34434deabb343df14","sha256":"cc2627b8bf79a940675f68df3fcdb91bf14a94b98c1938dd334c2bfc62538bb3","sha512":"b272db82b275b8f2f0fe414b1f339432bc2663520931f602714e2ede08e8b655f766060cff98dda94f176180b3bcdc53a6e382c4faa10ce67ca13e8008f65353","ssdeep":"6144:Nq0IoTY/D/9IDmn8IDVS+jIDmn0JVr3AW9DuCDP:LTcNl5H03QuDuCDP","tlshash":"3c541216e3668b1f117098c1a1f16d7efaedaa1736f5aef1450c4c42053f9e8a339c62","first_seen":"2025-11-09T02:30:37.967304Z","last_seen":"2026-04-04T14:12:03.450832Z","times_seen":7806,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fsffbhd.4000522777.xn--fiqs8s/ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375","fqdn":"fsffbhd.4000522777.xn--fiqs8s","domain":"fsffbhd.4000522777.xn--fiqs8s","tld":""},"ip":{"addr":"104.26.6.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:09.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4000522777.xn--fiqs8s","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 08 Feb 2026 07:30:32 GMT","end":"Sat, 09 May 2026 07:30:31 GMT"},"fingerprint":{"sha1":"FF:0F:4B:0B:66:7A:99:CF:94:C0:49:3D:85:E5:C9:86:98:B7:37:5A","sha256":"43:BD:60:69:CF:8C:1A:A9:8F:2A:45:8B:67:9B:D8:CE:5E:AD:46:40:6D:E0:09:85:5F:16:F0:2D:FD:A5:D2:8E"}}},"request":{"raw":"GET /ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375 HTTP/1.1\r\nHost: fsffbhd.4000522777.xn--fiqs8s\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:09 GMT\r\ncontent-type: image/webp\r\ncontent-length: 568104\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V20eQXvc5iPCI89vWSqyX2Zx10Ayw9xT5FO2dhdu9eFGFGyEJqdrFv07wom80SJ5lmUC9jiTweY%2FXWNpWT084y3fs1CbtDcFW8Vo1SPJYppHwMzgX643OavxZoo%3D\"}]}\r\nlast-modified: Fri, 12 Dec 2025 11:26:10 GMT\r\netag: \"693bfbd2-abcad\"\r\naccept-ranges: bytes\r\npriority: u=1;i=?0,cf-chb=(782;u=3;i=?0 1954;u=4;i=?0 75633;u=5;i=?0)\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: ok, orig_size=703661\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept, accept-encoding\r\nage: 2334\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\ncf-ray: 9d87420eaf1b3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":568104,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1925ddbac61bd86167e56762d9865272","sha1":"3af84806b787154f360260c48cd5dcb428c26f88","sha256":"d85767c20babde062fe404802a0e76670418dcbc3d1dbae7e07c9809deb1c5aa","sha512":"1d3f0b1ff9e05269e1842604c29e236cd598cb2af33daa07916cfad00591377d58ac51a385ca7d688e98fdd38f7b61eeb9fc7eb58ce6013a2764182198954399","ssdeep":"12288:U70AA6kUL5fzQs1R6fQQpOFpO0qidVKdSLIJ6UXErHh0Ob9Mu:RAA6kUFMs1nQiFqGVIJxXEV0ObWu","tlshash":"d3c42312f3d1f034f1f4b22986aa0786ad58999f1d4466412bb0f8edb2da1d5d1b0cdb","first_seen":"2026-02-10T10:56:09.274713Z","last_seen":"2026-04-04T15:25:57.460988Z","times_seen":1105,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:11.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 44406\r\ndate: Mon, 22 Dec 2025 05:59:10 GMT\r\nlast-modified: Sat, 08 Nov 2025 08:42:46 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.026\r\ntraceid: a3b5329d17663831508126739e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache36.l2de4[0,12,200-0,H], ens-cache23.l2de4[13,0], ens-cache14.se3[0,0,200-0,H], ens-cache9.se3[2,0]\r\naccess-control-allow-origin: *\r\nage: 6478801\r\nali-swift-global-savetime: 1766383150\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 05:44:22 GMT\r\nx-swift-cachetime: 29204088\r\nback_uri: /imgextra/i2/2207246784654/O1CN010a6y4d1kFaOOgMqmk_!!2207246784654.gif_.avif\r\nvary: Accept\r\ns-rt: 2\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619514441191e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":44406,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"7fe888844a25455b732401ff74cfd8ab","sha1":"8d19e04de42c10ba020a85c53ce0a89e68228df8","sha256":"f85ce364be6d1d2dd090b2fc02ab3e6dc3013b61a85576e4c0eb4ad8fa408e31","sha512":"a046e5c42fbd73895fe7f7add8d2511b9f5aa297d99ec108c8f47cd4546a16af813bfc54314c865b4c13a74c7be17429c341d1ecc327ee344074221732ba2d2e","ssdeep":"768:/6Qbzz7QUHPIskU5/Eg59QCK5Py43ZKFbVeI0D0gwKjewJ+Tsxfz0JWOyndv7mzv:ykQnskU9lXFK5P3ZKFbV10YRKjdfzOgW","tlshash":"3813013d7682d0410e2e367675f0c638fb9ad9dac96d34dbba795528644403c7c0939b","first_seen":"2025-11-09T02:30:37.980535Z","last_seen":"2026-04-04T14:12:03.402512Z","times_seen":7887,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/807971.html","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T05:39:03.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /807971.html HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/html;charset=utf-8\r\nvary: Accept-Encoding\r\nx-frame-options: Deny\r\ncontent-encoding: gzip\r\ncontent-length: 7931\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncache-control: public, max-age=3600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":33408,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (21749), with NEL line terminators","md5":"029168c718c599e3b1153e335d6da14d","sha1":"db050eb53f5b725cb54fd8ea97c2fc1551513ba0","sha256":"a6b6c49ff28ccdd04359f99ac5272b0f29cd07d2c1bb054248a796f9e9ae9b65","sha512":"e837af1326c32bc3a19cabba074c35e236b5c3bad5653c2e33240272be5691b4fbe29bf29fa6abab7c24b4b475427088f66328f1cfb9733ffd5a8e2c9aefb34d","ssdeep":"768:3rV6YCUJHC3/rpoaRW5G07AIvcNoqU6P2Wj:3rV6YCzDzIvcHU6PJ","tlshash":"59f2d5314595a33be3b398e824917b98b1f312cccbab0f197bfc1ae95bc1e84611454e","first_seen":"2026-03-07T05:39:39.982586Z","last_seen":"2026-03-07T05:39:39.982586Z","times_seen":1,"resource_available":true,"data":null}},"time_used":862,"timings":{"blocked":350,"dns":43,"connect":149,"send":0,"wait":161,"receive":1,"ssl":155},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/template/112vip53_wtpl/js/lazyload.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/template/112vip53_wtpl/js/lazyload.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 3627\r\nlast-modified: Wed, 31 Aug 2022 08:26:04 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3627,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"60fd945d3341af46ce8ea58d1f3ad7ee","sha1":"46b899c238233046d4f8d9c6a5a675bf13028f20","sha256":"016276e7070cd8676ce8298363b4e6d35f14b22fffb1b22631e7daa843073819","sha512":"153364df325da42e182cd557325ba40d952300502dd354cfa45c60b0b6abeb47c6259f3e48623a77d008bffb3eba39e97dd26763fcbeb1c1c8ba0e14b5f1d6ae","ssdeep":"","tlshash":"a1714b865fe22474f917b86ccb1f9204363bd02b468a9d90744d81dcaff843a92b5ad7","first_seen":"2024-12-31T10:28:51.408799Z","last_seen":"2026-03-11T02:04:59.77367Z","times_seen":273,"resource_available":true,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/css/a_pc_wap.css","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/css/a_pc_wap.css HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: text/css\r\ncontent-length: 2876\r\nlast-modified: Mon, 24 Oct 2022 09:16:10 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2876,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"74a8b81d486fd0fab0c1e1a21faf815c","sha1":"3671d10e96160cba777510eafe225a6fab98dbdf","sha256":"db0fd01915d66b5e8e03851256f02c85422be168cf9b2b68ab776878447f9e1c","sha512":"9399229eae7fd56b29d69e0cacc7b2a439aa45fb392df8549e04ed3fd81ee280694bf2a96acebdfc759862fb7a863fcba5e4adc4228c40bb25ac75fbca504226","ssdeep":"","tlshash":"2e515a162b6f2488a80ba1b85fb567686a294053bb0fcc2975547324ff4e78d09b2789","first_seen":"2023-11-16T12:30:34Z","last_seen":"2026-04-04T13:29:05.031653Z","times_seen":9226,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aqf.yrjj7.help/cn/home/web/static/player/dplayer/hls.min.js","fqdn":"aqf.yrjj7.help","domain":"yrjj7.help","tld":"help"},"ip":{"addr":"154.26.176.147","port":443,"asn":906,"as":"DMIT","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.yrjj7.help","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 03:22:07 GMT","end":"Sun, 24 May 2026 03:22:06 GMT"},"fingerprint":{"sha1":"FE:80:5C:67:19:7F:C7:64:14:D5:30:72:50:98:FD:FF:3D:E1:D2:11","sha256":"07:D0:5D:0D:F5:FE:8F:75:3E:A3:4F:94:F5:F7:B1:8D:C2:5C:56:6E:32:EE:3C:1B:F3:3C:CD:4D:8F:1A:A8:48"}}},"request":{"raw":"GET /cn/home/web/static/player/dplayer/hls.min.js HTTP/1.1\r\nHost: aqf.yrjj7.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aqf.yrjj7.help/807971.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: https://www.xzylm.com\r\ncontent-type: application/javascript\r\ncontent-length: 241648\r\nlast-modified: Sat, 13 Jul 2019 08:31:56 GMT\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cRs f ])\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":241648,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"6cfa29933ba9ba506ea73e084de951b9","sha1":"30004f2da2e1e06f671eb2bfda00f8bcbe69b47b","sha256":"0d925ef64b764ee2d8e362ebec98668e5fd09887ec0fb70bd82d121097c40d7c","sha512":"5e7b2ea8fd8b8edca2554f5423cde03bcc8934fb03904259baba2bb9e51ae98af837877ea0223016c71660bbb418543667ecfdfc1b4831d513d57a4ff886915e","ssdeep":"3072:pI5L1S8HY5x1kVQ5ToDOzBPCB2baeBSZ3yg:pI5xSCY31O2oDO15tS","tlshash":"53341c9db661706543c3a1a5803f061a7236b92e7409c1fcfa6bd5f61cb885e603bf78","first_seen":"2023-03-07T14:15:35Z","last_seen":"2026-04-04T15:33:13.097228Z","times_seen":13786,"resource_available":true,"data":null}},"time_used":792,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":646,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"aqf.yrjj7.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.180","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 403606\r\ndate: Fri, 13 Feb 2026 05:15:30 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L3-HIT\r\nrequest-time: 0.001\r\ntraceid: 2ff602a017709597307166529e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[0,0,200-0,H], ens-cache16.l2de4[1,0], ens-cache16.se3[0,0,200-0,H], ens-cache9.se3[6,0]\r\naccess-control-allow-origin: *\r\nage: 1902215\r\nali-swift-global-savetime: 1770959730\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Fri, 13 Feb 2026 05:18:23 GMT\r\nx-swift-cachetime: 31535827\r\nback_uri: /imgextra/i1/4183327079/O1CN018KuqHz22AEs9TacwK_!!4183327079.gif_.avif\r\nvary: Accept\r\ns-rt: 6\r\ntiming-allow-origin: *\r\neagleid: 9b66d79d17728619457127579e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":403606,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 120","md5":"d0bbd6e83f13d75dfd204a1757309ff3","sha1":"e038ef39d13d339f32a585f16bb2c65ba607093e","sha256":"9a3c716b0b97716ba8136b243a3468b50aa62cc130b43e213a54a5ba7ec584db","sha512":"43143383b5711607d3ae0f52732f519740355a23c0c4d2675828f1d6833b94e9be3f08b3fea365f4d2d38310a887306992a9ff7318f7e50128cfcc47052c9fb0","ssdeep":"6144:z+H10Njx+v7YjWPE8zi+PEoTXoSzqoSNEyzNaJG97ztF8M7zMM9e3ZXKGLSgLnZt:zo6VxLzZoTdVygU9Xz8MXe64z9t","tlshash":"c584235252134f3e81aa071ed92e5c883c6ad886d612eb23977fc875b7019dd9234eb3","first_seen":"2026-02-13T06:47:10.3791Z","last_seen":"2026-04-04T15:25:57.512951Z","times_seen":2181,"resource_available":false,"data":null}},"time_used":848,"timings":{"blocked":333,"dns":350,"connect":11,"send":0,"wait":50,"receive":35,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"11224.xn--gps-8y0gm25n.xn--55qx5d/d/11224?_t=1765444375","fqdn":"11224.xn--gps-8y0gm25n.xn--55qx5d","domain":"11224.xn--gps-8y0gm25n.xn--55qx5d","tld":""},"ip":{"addr":"27.155.113.137","port":443,"asn":133774,"as":"Fuzhou","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:05.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.xn--gps-8y0gm25n.xn--55qx5d","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 07 Jan 2026 14:22:13 GMT","end":"Tue, 07 Apr 2026 14:22:12 GMT"},"fingerprint":{"sha1":"01:F6:A8:64:D2:BF:90:49:78:62:32:E0:6F:0D:E9:33:66:39:30:EF","sha256":"5D:E4:BC:B9:AE:B1:76:CF:D1:39:B2:34:04:CA:CA:2F:97:94:D8:E3:B1:2D:D1:41:C3:4B:27:0D:1C:BF:03:26"}}},"request":{"raw":"GET /d/11224?_t=1765444375 HTTP/1.1\r\nHost: 11224.xn--gps-8y0gm25n.xn--55qx5d\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 07 Mar 2026 05:39:09 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://fsffbhd.4000522777.xn--fiqs8s/ea980b9daf2cbb13355e4431bbc43384.gif?_t=1765444375\r\ncache-control: public, max-age=900\r\nexpires: Saturday, 07-Mar-2026 05:39:09 GMT\r\nstrict-transport-security: max-age=31536000\r\nx-via-jsl: 4c4992c,-\r\nset-cookie: __jsluid_s=d47dd6dae43b93bff4f1a4d96b4c4b22; max-age=31536000; path=/; HttpOnly; SameSite=None; secure\r\nx-cache: miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":568104,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":3831,"timings":{"blocked":-1,"dns":1004,"connect":317,"send":0,"wait":337,"receive":0,"ssl":2170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pic20.anzise.com/pic/20220327/5c73461e32ab4b6420d90e15dbccbfc7/1.jpg","fqdn":"pic20.anzise.com","domain":"anzise.com","tld":"com"},"ip":{"addr":"172.67.222.208","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aqf.yrjj7.help/807971.html","date":"2026-03-07T05:39:03.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"anzise.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 10 Feb 2026 19:40:48 GMT","end":"Mon, 11 May 2026 20:38:19 GMT"},"fingerprint":{"sha1":"C5:FC:04:DB:35:A4:BA:50:95:D8:4C:BE:86:4F:70:E1:C8:5E:7A:79","sha256":"94:D4:9A:8A:42:B2:44:DE:41:42:4C:B8:A3:DD:65:7E:CE:85:3D:18:F8:A0:4A:F3:96:F1:09:42:BB:D4:D1:C7"}}},"request":{"raw":"GET /pic/20220327/5c73461e32ab4b6420d90e15dbccbfc7/1.jpg HTTP/1.1\r\nHost: pic20.anzise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aqf.yrjj7.help/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 05:39:04 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 20762\r\nserver: cloudflare\r\nlast-modified: Sat, 26 Mar 2022 21:05:03 GMT\r\ncache-control: public, max-age=2592000\r\naccept-ranges: bytes\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvia: http/1.1 traffic_server (https://www.xzylm.com [cHs f ])\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WT8szQ8n8lp5jACAoXOx3M%2BUaV2jZ5A0Iz%2FIHGJmpd1yQYOodNylk5YIsL%2BWfxodsxLyoDJagkNbv8NoYaGPHkwi0AVRJgbFAUI3VnqTaJU%3D\"}]}\r\ncf-ray: 9d8741eeaeed1ae6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20762,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, aspect ratio, density 22127x22032, segment length 16, comment: \"Lavc58.134.100\", baseline, precision 8, 720x406, components 3","md5":"764987ef450d271892eca28f1992820b","sha1":"7df47bc21ea342664c2f8c7006a641f948f2ce66","sha256":"640e0f56c0cba8b5f90cedef0c30f81f59ce2b194851d5784ec9397c1bd0e746","sha512":"6464c8f93bbe0c0cce4f5b03f1201bf362ee60a06672f7b461ad1f9cc503d57099164307496292e54c939db16ad9aca5e5ead8697a25b37bc3741b5dbf5e0325","ssdeep":"384:2QOllSp4PEJArk77OPO+ZxTEmkIgsNaSC1iT6k6KwfJlmqt:PpHJA9ZSmkIgswSKdJlmqt","tlshash":"1e92d0dbde227157db4e5428bdb180fe3db54be2d53cc69525abc187e5328ea0218132","first_seen":"2025-10-23T21:00:24.054994Z","last_seen":"2026-03-07T05:39:39.986644Z","times_seen":2,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":7,"connect":11,"send":0,"wait":319,"receive":168,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}