{"report_id":"65560516-7044-4173-8f61-ad59e4eba215","version":6,"status":"done","tags":[],"date":"2024-12-20T12:21:29Z","url":{"schema":"http","addr":"bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/ac?gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd\u0026key=8f48bd9e2d88cbe9225491bd90f3f0a8","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"title":"Communication"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-28T12:21:29Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"bzxqqzwl.khubnzkoszudupz.top","ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2024-10-11","domain_rank":0,"first_seen":"2024-12-20T12:21:29.999118Z","last_seen":"2024-12-20T12:21:29.999118Z","alert_count":14,"request_count":14,"received_data":1012050,"sent_data":6781,"comment":"","tags":null,"fingerprints":null},{"fqdn":"auto.gardenantpro.com","ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"domain_registered":"2023-08-30","domain_rank":0,"first_seen":"2024-09-06T08:12:13Z","last_seen":"2024-12-15T19:25:55.775316Z","alert_count":0,"request_count":13,"received_data":11564,"sent_data":7120,"comment":"","tags":null,"fingerprints":null},{"fqdn":"xfems.hidefpic.xyz","ip":{"addr":"154.39.248.146","port":0,"asn":139646,"as":"HONG KONG Megalayer Technology Co.,Limited","country":"United States","country_code":"US"},"domain_registered":"2023-01-03","domain_rank":0,"first_seen":"2024-12-20T12:21:30.006779Z","last_seen":"2024-12-20T12:21:30.006779Z","alert_count":0,"request_count":1,"received_data":1447654,"sent_data":441,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2024-12-20T12:21:10Z","timestamp":1734697270,"ip_dst":{"addr":"172.18.0.5","port":53600,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.39.248.146","port":443,"asn":139646,"as":"HONG KONG Megalayer Technology Co.,Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2024-12-20T12:21:10.068453+0000\",\"flow_id\":1866802723637308,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.39.248.146\",\"src_port\":443,\"dest_ip\":\"172.18.0.5\",\"dest_port\":53600,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=*.hidefpic.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=E5\",\"serial\":\"03:94:89:20:46:D6:D1:2D:07:6D:57:96:45:10:BD:31:0F:FC\",\"fingerprint\":\"62:ad:f5:5f:83:02:ca:5a:f3:a5:8b:7b:b7:43:f3:f2:9f:30:1b:ea\",\"sni\":\"xfems.hidefpic.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-10-28T02:06:42\",\"notafter\":\"2025-01-26T02:06:41\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"fe0146829eef1917ba6c2dd4f5c08905\",\"string\":\"771,49196,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":954,\"bytes_toclient\":2600,\"start\":\"2024-12-20T12:21:09.280636+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2024-12-20T12:21:10Z","timestamp":1734697270,"ip_dst":{"addr":"172.18.0.5","port":53616,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.39.248.146","port":443,"asn":139646,"as":"HONG KONG Megalayer Technology Co.,Limited","country":"United States","country_code":"US"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2024-12-20T12:21:10.088235+0000\",\"flow_id\":1883623963041088,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.39.248.146\",\"src_port\":443,\"dest_ip\":\"172.18.0.5\",\"dest_port\":53616,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=*.hidefpic.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=E5\",\"serial\":\"03:94:89:20:46:D6:D1:2D:07:6D:57:96:45:10:BD:31:0F:FC\",\"fingerprint\":\"62:ad:f5:5f:83:02:ca:5a:f3:a5:8b:7b:b7:43:f3:f2:9f:30:1b:ea\",\"sni\":\"xfems.hidefpic.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2024-10-28T02:06:42\",\"notafter\":\"2025-01-26T02:06:41\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"fe0146829eef1917ba6c2dd4f5c08905\",\"string\":\"771,49196,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1085,\"bytes_toclient\":2599,\"start\":\"2024-12-20T12:21:09.531776+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/skina.1c5fc8.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4872e140b4ef0a26d055eaf3ee672715","sha1":"6935ac15571e4cdf56bb95225cd9f6c9bc68b464","sha256":"177def317b770b28a1e4680659ad4e2e422895e0ca173950aa8ecc4ac9a07d18","sha512":"c01fd215cf6cca09ce7705aebb34b21c239d311c7b3de85444e11abf9468045fb09b09ac938df0099b6b67f6dfdc30bcef381bd609359353d38ff045476611fc","ssdeep":"1536:Xq+PSr67oB24uh1h53R2bKl8x5NHRhGN2RS8SsfrsT9+9H4m1Nbnna0mcGeJ:Irj0qs4rNbnr","tlshash":"ce93c91ba896fc750b1664f0502f1634b2366dd9b006936cfe34ace14ea8e49613fb7d","size":91517,"data":"","first_seen":"2024-12-18T23:25:58.962198Z","last_seen":"2024-12-28T04:08:26.322985Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5074a98d39ac792355c2d2e2c62150f","sha1":"7b8d7fc5756317a7e2d443ffa96b237107024aeb","sha256":"c86a88953279105b8d42ea28ae545d0f380b4438371acdc8292000c9b2b54ff2","sha512":"d99fbe9ca7b320cc636042b174a4131fba12f0a838d748c87f3b5e9154f06e95b3317ebe08e548581e2fcaeaf4ee28012d036e36ed7335c7339a67237da6135d","ssdeep":"192:l1QZO6y+LBP1LB1Lx1LF1Lt1Lh1L5UFCO8Wwmcq:lJaLBP1LB1Lx1LF1Lt1Lh1L5UFCO8rmb","tlshash":"c0e1f988fcdc10c66828a5a046b117cf936fdbbe15137c76b1e8b1392d6aaf5af04419","size":6947,"data":"","first_seen":"2024-12-18T23:25:58.970938Z","last_seen":"2024-12-29T01:01:38.814795Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/libs/base.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"82e1a54c6e00b518d5483aabba57ac80","sha1":"042c906489821f59269469bcbea0b879d1a54bca","sha256":"a7476aeb5c1a080fcf7b1deeddf3f784ef6677511608639e2c75ff81d69d9dee","sha512":"429fb929df0183d97d15ba0354baca17a18c2e782d9ec83eb58f8d14ca003daf1e292ffda05a9ec0313d4f1971893d03a7b312e866a63d5c1977cc33eaffe682","ssdeep":"1536:wvUBZXjRPalYaU/EUaB6pwqZSc2L6zx1CmUMQZV:hZXjouaDEND2L6zxkmUMQZV","tlshash":"8783e6c9b295707107a720e5447f510bf23b7919a80ac1e8f256e8da3dbc88d91a7f3d","size":87463,"data":"","first_seen":"2023-05-18T18:44:13Z","last_seen":"2026-05-09T01:23:18.559703Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/libs/wssBase.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ecb5ba27bd6c70cb303af812ec97af7c","sha1":"8c60680281bf2a975d7d5a825f5c130fdbe77f4a","sha256":"844b0386cc004fe0caeaa5d688d88092bcb8edad710fe9e6f352c7c1a120eb24","sha512":"33f5d77512b29bd0493b1e438fc5584bbe13eae962d808b2b3c0111a3c70418b68e32e8bdd8973c862f5370958942ec419abc2be5370e515901156b1d9d3b55a","ssdeep":"1536:HUH1kVMHFByr/r2Vj6bh39ZLZdP6k/aS2uuqMX/8ITOznfGjcLEW:0HuVMXC2V6bh3btdP6k/aSUxpQLEW","tlshash":"9183e7c5f46170a103e7a2b481bf120763b6993a640d84e4f7a4d8fa5d7c98d932bf39","size":83103,"data":"","first_seen":"2023-05-18T18:44:13Z","last_seen":"2026-05-09T01:23:18.565291Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/libs/tac.min.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c0da0a25410079211ad9ab45fa6e276","sha1":"198f5aab358fb34ef75f7a11b031548f3b03aee6","sha256":"2ebddc5392800dac27e9c39acba1bc0a8a38f2a06c4c7f8f47870cfadfb7c6d7","sha512":"8d1f8ecb1452757ab93a930efa60ceca5cebaa35d7a68e8e118ad66b5d7d66d32170920737a854038b327fe2f797f778bbda37ef7584f2d35c31cc81db32e9f2","ssdeep":"768:6BA3Nn+7WqwdDOm4+M3pGjpG842DP7esBOZy/9Q5BvzMcgDeOeKpltDd3zVcPZxR:6BgJjOmwKBUyFQ5JgDeYz3zWDsa","tlshash":"88336dbb719110b18a9204e2523b9e48f02b6ad0f50a4458fabed5e56f3ecd6d032f75","size":54789,"data":"","first_seen":"2024-12-15T19:25:59.326203Z","last_seen":"2026-05-09T01:23:18.547236Z","times_seen":41,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/runtime.bacbc1.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a64d5de6e27148838368dc1903ff19d3","sha1":"89b34fe69c35d5b082c1fdb6e93b806d9a815f9f","sha256":"7a902dea84695fc3f10692efef9050a4deb62732bbf6b239c6dd0c0dbf41d9c9","sha512":"fa9876340208bfcdac32d58dcb6aac1bea7eb5a3cdea26a193d89fa04237b18c778f91c6f9ffccb54a315071bd2afc97df1ed7f0fa909e57e51580aa0bc43da8","ssdeep":"","tlshash":"2f6197de36a8f17702636822143fa0bab6b938b2193599508359e8fcfd74d864157f21","size":3278,"data":"","first_seen":"2024-12-18T23:25:58.954555Z","last_seen":"2024-12-29T01:01:38.806609Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/common.edc80b.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"42713d0546223085d72a3edb1edb4fe6","sha1":"7666f3194c14d143856eae729a625eb59c223611","sha256":"fa9ec18829db5e9bb5b494d221cb77462931a4815bd01e660362380aa77aa3ab","sha512":"e6b4f4402173ba4adcd08af05642f81640a089fb76edc0760111670e3e4eac7dcef3e02d74d968eeba96f720c3645f47fa0d07afcb959610beafb8778f9a1ac4","ssdeep":"6144:zo4QLCmFTYSCDUU/nIW5t4SkOlskkdYh0pPqdz:zN8C1FDcW5M/kn0pPqdz","tlshash":"e55409ccbac5f0a957d335a4803f650bb1772a69f40e94d0e6a2d5d1ac7898e4237e3c","size":279512,"data":"","first_seen":"2024-12-15T19:25:59.315415Z","last_seen":"2024-12-29T01:01:38.810273Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/app.4e4d3d.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"23858e53d73f302be39fcd0c44e4c98f","sha1":"34707f6342c58ebe0f2ca5d983ba8b31844416ca","sha256":"6e981859138abcffa065d855787757180eb047471d89f600e9bc8f2e21b5d0df","sha512":"3058e8224da0d7a4fb4581c5f78e29c539d27c4ca86f84fe6ff25584e2dd4b04e6e00a96ec0ab709f931efb6708b23eee2c411a6cf820ca0e5b4754c5314963f","ssdeep":"6144:RCWpYAfxiXLkOXVnfse5fSmztq17go3wRD1VETCkkQcUp4AtJ5z0z/zSBHh79DlA:UWpYAfxiXLkOXVnfse5fSmztq17go3wJ","tlshash":"b83483cfb3f2a69d00056160cc3ea9cc15897fd08021d27a9f7f4ecbd658a1995db7a2","size":242826,"data":"","first_seen":"2024-12-18T23:25:58.963987Z","last_seen":"2024-12-29T01:01:38.811088Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"2f5a103401085abe5aa18ba44e36866e","sha1":"df0a815ea6226214c017f99e074ac97ad231392e","sha256":"52d26fa375b5bbe48c6a30d26dc5968906dbfe45ed3a38456ed432b5d9456cc6","sha512":"ecd7c08e9e53fa8f09b67cbb8da7d0ff04baa5b43111b607606b9e7967a812550c0866a6de79f30884672ea49fbaea07c80a6c04b49db18c9ce432c19e3c14d7","ssdeep":"","tlshash":"ec417b73cc249c8e2601769adf3132e8c641846d8df3ada854f6027507faeed4483573","size":1888,"data":"","first_seen":"2024-12-18T23:25:58.972272Z","last_seen":"2024-12-29T01:01:38.815997Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-12-20T12:21:03.225Z","timestamp":1734697263225,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Fri, 20 Dec 2024 12:21:04 GMT\r\netag: W/\"67617317-1b6e\"\r\nlast-modified: Tue, 17 Dec 2024 12:48:23 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 1283\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1283,"size_decoded":7022,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (7022), with no line terminators","md5":"f4d2fc7753587e250ab98cc8bcea24de","sha1":"a2c5ee5dcd7d7d477e217abcd84d36c185603850","sha256":"ce12d7e6984c808917ba7d559f864e670b96fd5f2be4a01b700ad6a2ec3bea03","sha512":"9b65a688a08e360e8d607f5f644eac17a17798102535ec6afc7ed880ae96642ff98e38514ac736d08acb3553991792aeff14308d70c7b481059331340b3d28eb","ssdeep":"192:TQZO6y+LBP1LB1Lx1LF1Lt1Lh1L5UFCO8WwmcQ:zaLBP1LB1Lx1LF1Lt1Lh1L5UFCO8rmn","tlshash":"13e1fa88fcdc10c66828a5a046b117cf936fdbbe15137c7671e8b1392d66af5af04415","first_seen":"2024-12-18T23:25:58.950976Z","last_seen":"2024-12-29T01:01:38.800603Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2258,"timings":{"blocked":1004,"dns":426,"connect":204,"send":0,"wait":249,"receive":0,"ssl":369},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/css/common.3852c5ed.css","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.710Z","timestamp":1734697264710,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/css/common.3852c5ed.css HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Fri, 20 Dec 2024 06:38:03 GMT\r\netag: W/\"67617316-3063\"\r\nlast-modified: Fri, 20 Dec 2024 06:38:03 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3913\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3913,"size_decoded":12387,"mime_type":"text/css","magic":"ASCII text, with very long lines (12387), with no line terminators","md5":"79fba90f3848b229074269cba0d61190","sha1":"a0ca36e0e5a4393d9b5ca5b00fcb5b65b71c44cf","sha256":"c34465307e5310629bdf96dfaf5bf6b5c18185ad0ca8b8f49c2d3bb86fa69286","sha512":"ebe2fd78f12d8329f77adad1b268366fe37cecb9e3d800a0510ff53c905115bb550a83b47219b6be8b40b90ad77cb3f0b1af595d1dd1d9c2f7069f42fa79a482","ssdeep":"384:3l/AR044MslJd3vbYxLxkxmxIx+xjhClwbh+:iENUxLxkxmxIx+xa","tlshash":"fb4272b6d584331c6013de12e7dab658467a872fa5723adfa231b833c387b69455f403","first_seen":"2024-05-24T13:05:42Z","last_seen":"2026-05-09T01:23:18.564418Z","times_seen":46,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/runtime.bacbc1.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.719Z","timestamp":1734697264719,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/js/runtime.bacbc1.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 01:21:44 GMT\r\netag: W/\"67617316-cce\"\r\nlast-modified: Fri, 20 Dec 2024 01:21:44 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1543\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1543,"size_decoded":3278,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3278), with no line terminators","md5":"a64d5de6e27148838368dc1903ff19d3","sha1":"89b34fe69c35d5b082c1fdb6e93b806d9a815f9f","sha256":"7a902dea84695fc3f10692efef9050a4deb62732bbf6b239c6dd0c0dbf41d9c9","sha512":"fa9876340208bfcdac32d58dcb6aac1bea7eb5a3cdea26a193d89fa04237b18c778f91c6f9ffccb54a315071bd2afc97df1ed7f0fa909e57e51580aa0bc43da8","ssdeep":"","tlshash":"0e61e8d93794f4bb03a35875443f90a6f2b43572192ad490832ed8f8fdb8d81405bf65","first_seen":"2024-12-18T23:25:58.954555Z","last_seen":"2024-12-29T01:01:38.806609Z","times_seen":8,"resource_available":true,"data":null}},"time_used":810,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":810,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/favicon.ico","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:05.984Z","timestamp":1734697265984,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Fri, 20 Dec 2024 03:30:27 GMT\r\netag: \"67617316-26ee\"\r\nlast-modified: Fri, 20 Dec 2024 03:30:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: HIT, policy, disk\r\ncontent-length: 9966\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9966,"size_decoded":9966,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"b95d2a1b39026300d1ef51d077acea42","sha1":"f35e11c059562d7e02638e2bf2f1e31083991f3d","sha256":"e45b948f76937af0b7d9a781004a516608ea4c9e230f8abd85436d9fbe9bb3d3","sha512":"44476c226911e6d8be1edd345f68826abe080e29567609c9df09da61fac9c996d9c82de9f3b6c7ba2d59d8c8904fa952649e4172d0496fdbc68ea1d0ea0c8649","ssdeep":"192:reuPA/0znqjfPPPAX37nyBtF999999auznqjfPPPAX37nyBtF999999a:rJIMrqjwX37nCtF999999PrqjwX37nC3","tlshash":"1122418470385002de5942b27d3f9ba7c86852b2cefd57296a41b78c5e3b34b8372563","first_seen":"2024-11-11T16:05:15.261349Z","last_seen":"2026-05-09T01:23:18.554495Z","times_seen":56,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/init","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:05.873Z","timestamp":1734697265873,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"OPTIONS /api/v1/v/init HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-v-token\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:06 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type, x-v-token, Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1987,"timings":{"blocked":857,"dns":30,"connect":272,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/img/icons/apple-touch-icon-180x180-precomposed.png","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:05.981Z","timestamp":1734697265981,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /img/icons/apple-touch-icon-180x180-precomposed.png HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Fri, 20 Dec 2024 11:15:31 GMT\r\netag: W/\"67617316-367f\"\r\nlast-modified: Fri, 20 Dec 2024 11:15:31 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28022,"size_decoded":28022,"mime_type":"image/png","magic":"gzip compressed data, from Unix","md5":"ccfcf30635e3535affcc6be2eb24f6c9","sha1":"49b216122a92781e58d91bd70cdde4595ede3a4a","sha256":"006889d92977c4693bbc98cb0d6b85cd074b55a2d5203f91cb8d41f1cf98d7e3","sha512":"1dedbb326f965ded665bf79eaa52bcfff1a67c8b276c5e3e733621e8b1ecd921f59f34e6d33d026b55a754937401bd6317965bf88c687df9909ef04f12df48af","ssdeep":"384:b8D2/JLGMGSC2ZEcr514HyucLsh1ihiWRzt33v56vV3TASO6dkOvml5xokYrl6cX:QoGnSpX5Y5ash1ihjRzt3lzHnK","tlshash":"f4c2a5c38094c6d7d5808c8952f06e3de24079fcc6fb9ebe685adc745aac1b157b28e1","first_seen":"2024-12-20T12:21:32.009488Z","last_seen":"2024-12-20T12:21:32.009488Z","times_seen":1,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/emojis.json?cid=11277","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:07.646Z","timestamp":1734697267646,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/emojis.json?cid=11277 HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nx-v-token: 9dbfc7f1c2634c5e93cf628dff177406\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/json\r\ndate: Fri, 20 Dec 2024 12:21:07 GMT\r\netag: \"67617316-3ee\"\r\nlast-modified: Tue, 17 Dec 2024 12:48:22 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: BYPASS\r\ncontent-length: 1006\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1006,"size_decoded":1006,"mime_type":"application/json","magic":"JSON text data","md5":"81a6deef87f247c99b2e8f6745236d39","sha1":"6593c764f294859f1df2d5573d369811a339f21c","sha256":"d73d0273153c32288c64eb257a88253fbbfa1adb89889fbcc35980a48c018ddf","sha512":"23835fa3038fe99dc6cdd8cd2f39ee0a54a675baf240bb97f3031ba2b9e723ae86064769ca33bd131a9de7e62f5315c98a66488bacd42ca485d7675750551a80","ssdeep":"","tlshash":"e5110237524c1b0f0591b02839a05c4289fbd53347a64b3ea7d94f8966cef7838539a3","first_seen":"2023-05-18T18:44:13Z","last_seen":"2025-02-10T23:25:53.037192Z","times_seen":18,"resource_available":false,"data":null}},"time_used":799,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":799,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/bc?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:08.796Z","timestamp":1734697268796,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"OPTIONS /api/v1/v/bc?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-v-token\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:08 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type, x-v-token, Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":375,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/qn/list?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:08.801Z","timestamp":1734697268801,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"OPTIONS /api/v1/v/qn/list?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-v-token\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:08 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type, x-v-token, Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1095,"timings":{"blocked":-1,"dns":0,"connect":269,"send":0,"wait":280,"receive":1,"ssl":544},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/bc?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:08.796Z","timestamp":1734697268796,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"POST /api/v1/v/bc?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json; charset=UTF-8\r\nx-v-token: 9dbfc7f1c2634c5e93cf628dff177406\r\nContent-Length: 278\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:09 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nContent-Length: 1166\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":1166,"size_decoded":1166,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"bd1ad0e8329a289e1854444496d7abf1","sha1":"5ef22ea2840d1a99a3872982ab4be1f7598f4c6a","sha256":"0109af8928b26b250e0c0608905b116199bc77262d4f220cc12181de9b13e89d","sha512":"1ac3eb20d9bf12429ea9ecf065dfdee5d832f66de0936f63704c22f2ecc2c7474ee7b4bb9f8d8644bb4f058d9dddedead4a394895ae02cdaa68bf9e0da5c00fa","ssdeep":"","tlshash":"b7219b612c14d5f7c1808dad47399e36628438e6a9b2bca8fbde8c5cb2f65f55203483","first_seen":"2024-12-20T12:21:32.014573Z","last_seen":"2024-12-20T12:21:32.014573Z","times_seen":1,"resource_available":false,"data":null}},"time_used":375,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":375,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/message/send?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:09.222Z","timestamp":1734697269222,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"OPTIONS /api/v1/v/message/send?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-v-token\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:09 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type, x-v-token, Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/skina.1c5fc8.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:07.634Z","timestamp":1734697267634,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/js/skina.1c5fc8.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 01:22:12 GMT\r\netag: W/\"67617316-1657d\"\r\nlast-modified: Fri, 20 Dec 2024 01:22:12 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25250,"size_decoded":91517,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4872e140b4ef0a26d055eaf3ee672715","sha1":"6935ac15571e4cdf56bb95225cd9f6c9bc68b464","sha256":"177def317b770b28a1e4680659ad4e2e422895e0ca173950aa8ecc4ac9a07d18","sha512":"c01fd215cf6cca09ce7705aebb34b21c239d311c7b3de85444e11abf9468045fb09b09ac938df0099b6b67f6dfdc30bcef381bd609359353d38ff045476611fc","ssdeep":"1536:Xq+PSr67oB24uh1h53R2bKl8x5NHRhGN2RS8SsfrsT9+9H4m1Nbnna0mcGeJ:Irj0qs4rNbnr","tlshash":"ce93c91ba896fc750b1664f0502f1634b2366dd9b006936cfe34ace14ea8e49613fb7d","first_seen":"2024-12-18T23:25:58.962198Z","last_seen":"2024-12-28T04:08:26.322985Z","times_seen":7,"resource_available":true,"data":null}},"time_used":611,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":611,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/ws/info?t=1734697269217","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:09.230Z","timestamp":1734697269230,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"GET /api/v1/v/ws/info?t=1734697269217 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:09 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nContent-Length: 78\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nCache-Control: no-store, no-cache, must-revalidate, max-age=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":78,"size_decoded":78,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c4305952b58efdf2177c1a448e170d5d","sha1":"973f61645cc4891fa373c705f909f514e7fcffb9","sha256":"c5e429fd5c4ee25e072ec76b193e1e8af3c67fb58044bd2c43d77db6feebe42b","sha512":"737ef4623fb5e9522cfa4ae68647bdfced491524a12bd44d61af560bdfbb29b4c71b357dfdce1d7f49ad236ae281cd558b778877a41a8b5b5c125afdacc89cee","ssdeep":"","tlshash":"5ca024dfd53d3074445c1f0307005d135c3c04ff010171f4131c751405d10110310347","first_seen":"2024-12-20T12:21:32.01772Z","last_seen":"2024-12-20T12:21:32.01772Z","times_seen":1,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/message/send?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:09.222Z","timestamp":1734697269222,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"POST /api/v1/v/message/send?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json; charset=UTF-8\r\nx-v-token: 9dbfc7f1c2634c5e93cf628dff177406\r\nContent-Length: 58\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:09 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nContent-Length: 43\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":43,"size_decoded":43,"mime_type":"text/plain","magic":"JSON text data","md5":"d89bf71bd11b76f32ac8d2ca0a2cd376","sha1":"48fa0019671fe33893f82498e5b65b33ea5606c1","sha256":"e269f67e0b9b68e0307b554eaa6f5dd93e593f53682c024d9e13761a430c25b5","sha512":"32d1191e64b74bb44ceed2c5522197a6834200d11d8afa25255323b40b9adff7772a25b4ab712158a8f6fa601cb96186b4d48eb00adfed54ac940cf21f74d433","ssdeep":"","tlshash":"599004c51c1c5743d4c3007dd50f4345007431741104d34c4c5d513dc14c1713440c3c","first_seen":"2023-05-18T18:44:13Z","last_seen":"2026-05-04T08:43:54.994979Z","times_seen":26,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/qn/list?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:08.801Z","timestamp":1734697268801,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"POST /api/v1/v/qn/list?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json; charset=UTF-8\r\nx-v-token: 9dbfc7f1c2634c5e93cf628dff177406\r\nContent-Length: 36\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:09 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nContent-Length: 4489\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":4489,"size_decoded":4489,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"ce9de585e070f4aa89002315d5fd0edb","sha1":"cf6a45a232714aa145e7c5a3485f04622f18371a","sha256":"de4c3649ae8e1df62092c3d02a63753675f1babdfb3c1769b91dbad7cbcc6efe","sha512":"057fac0b980f669a6f0d45b8aef59bf2828e1e89d3d41ac5b4808f194113f286908d52b7d66de9ff64ea0748905115dfb454f8845661c14dd7774cb18ba2694b","ssdeep":"96:S49SEHS9/YJ49SIQNJkQQEdE52LjcyKxOUPXMTUWxP9w:S4jJ4Vag","tlshash":"0591c0c3d299ca2a395285cd5161d73f278465cc6b804bcefe7641f58eeca0670f2ac5","first_seen":"2024-12-20T12:21:32.020858Z","last_seen":"2024-12-20T12:21:32.020858Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1095,"timings":{"blocked":-1,"dns":0,"connect":269,"send":0,"wait":280,"receive":1,"ssl":544},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/leave/list?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:10.078Z","timestamp":1734697270078,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"OPTIONS /api/v1/v/leave/list?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-v-token\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:09 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Methods: POST\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type, x-v-token, Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/leave/list?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:10.078Z","timestamp":1734697270078,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"POST /api/v1/v/leave/list?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json; charset=UTF-8\r\nx-v-token: 9dbfc7f1c2634c5e93cf628dff177406\r\nContent-Length: 42\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:10 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nContent-Length: 43\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":43,"size_decoded":43,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"d89bf71bd11b76f32ac8d2ca0a2cd376","sha1":"48fa0019671fe33893f82498e5b65b33ea5606c1","sha256":"e269f67e0b9b68e0307b554eaa6f5dd93e593f53682c024d9e13761a430c25b5","sha512":"32d1191e64b74bb44ceed2c5522197a6834200d11d8afa25255323b40b9adff7772a25b4ab712158a8f6fa601cb96186b4d48eb00adfed54ac940cf21f74d433","ssdeep":"","tlshash":"599004c51c1c5743d4c3007dd50f4345007431741104d34c4c5d513dc14c1713440c3c","first_seen":"2023-05-18T18:44:13Z","last_seen":"2026-05-04T08:43:54.994979Z","times_seen":26,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":282,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/conversation/history?cid=11277","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:09.227Z","timestamp":1734697269227,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"POST /api/v1/v/conversation/history?cid=11277 HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json; charset=UTF-8\r\nx-v-token: 9dbfc7f1c2634c5e93cf628dff177406\r\nContent-Length: 56\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:10 GMT\r\nContent-Type: application/json;charset=UTF-8\r\nContent-Length: 45\r\nConnection: keep-alive\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept,x-v-token\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":45,"size_decoded":45,"mime_type":"text/plain","magic":"JSON text data","md5":"d54b975e1420fad1294ffebc783ba5f4","sha1":"e4a6149ca2901be9e7122484c68e4cb13eb109b1","sha256":"c27d89d3114fac65fe85546b23c98024ddc113beec58c571db9830fa76ee5e09","sha512":"40655c178b6f1da1598dcfd009a7c711169b4ea50a1da097ccf05aed82480f214969b81e10ccbc2dbd3cecc941464b646b5cfcea19ed514059786b34025b8a98","ssdeep":"","tlshash":"1d9002891c18464294830165950a6605002c3163150496584c5d972580981706040828","first_seen":"2023-05-18T18:44:13Z","last_seen":"2026-03-22T09:22:15.18616Z","times_seen":17,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"auto.gardenantpro.com/api/v1/v/ws/596/ghzn1o2y/websocket","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":0,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-12-20T12:21:10.613817345Z","timestamp":1734697270613,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"GET /api/v1/v/ws/596/ghzn1o2y/websocket HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: RCFW4BIO3SdgIWmmVkd/Uw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 101 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:10 GMT\r\nConnection: upgrade\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: FzjW7zn9HXrKTIe0DdsjgjMH4vE=\r\nSec-WebSocket-Extensions: permessage-deflate\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xfems.hidefpic.xyz/i-chat/conf/11277/32921_m_21b43dd74a934fdc866590d4c1efbd02.png","fqdn":"xfems.hidefpic.xyz","domain":"hidefpic.xyz","tld":"xyz"},"ip":{"addr":"154.39.248.146","port":0,"asn":139646,"as":"HONG KONG Megalayer Technology Co.,Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:09.205Z","timestamp":1734697269205,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.hidefpic.xyz","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 28 Oct 2024 02:06:42 GMT","end":"Sun, 26 Jan 2025 02:06:41 GMT"},"fingerprint":{"sha1":"62:AD:F5:5F:83:02:CA:5A:F3:A5:8B:7B:B7:43:F3:F2:9F:30:1B:EA","sha256":"2A:30:2A:BD:81:F7:76:4C:D3:B3:A6:E5:56:1D:B8:24:F3:68:FE:EF:BB:75:7B:84:0E:C8:CD:39:58:03:DA:16"}}},"request":{"raw":"GET /i-chat/conf/11277/32921_m_21b43dd74a934fdc866590d4c1efbd02.png HTTP/1.1\r\nHost: xfems.hidefpic.xyz\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:10 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Security-Policy: block-all-mixed-content\r\nETag: W/\"ffe7d9060d2f12faf85fbc511d1f9792\"\r\nLast-Modified: Tue, 27 Aug 2024 15:23:18 GMT\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nVary: Accept-Encoding, Origin\r\nX-Amz-Request-Id: 1812E1F9F5026521\r\nX-Content-Type-Options: nosniff\r\nX-Xss-Protection: 1; mode=block\r\nAccess-Control-Allow-Headers: Origin,Cookie,Set-Cookie,x-requested-with,content-type,Accept\r\nContent-Encoding: br\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1447056,"size_decoded":1447030,"mime_type":"","magic":"PNG image data, 1000 x 1000, 8-bit/color RGB, non-interlaced","md5":"ffe7d9060d2f12faf85fbc511d1f9792","sha1":"e3dc738077e54a62fc6bd3776b7266031e7f150f","sha256":"495df6ae6d3502dd24580b71afb3f9116569618e345903bf1f12b14388a3ff95","sha512":"156ed022ed7f1bb972787784c90d143553affb888f8dfc11a6432d7c61d951ad50a0d6c6b73200938d6d998e14b5c3bc4fbbc61fc9f0f9deb75d2e9913b71d44","ssdeep":"24576:nQUTOFcKH2IXBG4stmfCHXXcS98MrmuLIu94lEa6fFcDHNiZ89ZmaRLuNw:npTOFZH2IRG4stt8m/SI4lOcZ68fmaEw","tlshash":"cd653384d5e2c4bb966868d098925c9926e0b7f58173bcf3dc94dbb3e2e9c3d0294f11","first_seen":"2024-12-20T12:21:32.024506Z","last_seen":"2024-12-20T12:21:32.024506Z","times_seen":1,"resource_available":false,"data":null}},"time_used":8231,"timings":{"blocked":863,"dns":76,"connect":261,"send":0,"wait":528,"receive":5976,"ssl":524},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"auto.gardenantpro.com/api/v1/v/ws/596/ghzn1o2y/websocket","fqdn":"auto.gardenantpro.com","domain":"gardenantpro.com","tld":"com"},"ip":{"addr":"43.207.107.225","port":443,"asn":16509,"as":"AMAZON-02","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:09.516Z","timestamp":1734697269516,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"auto.gardenantpro.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Tue, 26 Nov 2024 16:02:12 GMT","end":"Mon, 24 Feb 2025 16:02:11 GMT"},"fingerprint":{"sha1":"17:4E:AA:9F:E2:2D:1A:D9:E8:5E:72:ED:89:98:E3:C3:23:D2:52:96","sha256":"41:99:8D:2F:BA:74:8C:7D:46:B3:27:37:A6:2C:C4:90:E0:6D:0B:0B:89:0D:92:01:D7:9A:00:6B:84:9A:A8:D4"}}},"request":{"raw":"GET /api/v1/v/ws/596/ghzn1o2y/websocket HTTP/1.1\r\nHost: auto.gardenantpro.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bzxqqzwl.khubnzkoszudupz.top\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: RCFW4BIO3SdgIWmmVkd/Uw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 \r\nServer: nginx\r\nDate: Fri, 20 Dec 2024 12:21:10 GMT\r\nConnection: upgrade\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://bzxqqzwl.khubnzkoszudupz.top\r\nAccess-Control-Allow-Credentials: true\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: FzjW7zn9HXrKTIe0DdsjgjMH4vE=\r\nSec-WebSocket-Extensions: permessage-deflate\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":1098,"timings":{"blocked":0,"dns":1,"connect":272,"send":0,"wait":275,"receive":0,"ssl":550},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/css/app.50d652d5.css","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.713Z","timestamp":1734697264713,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/css/app.50d652d5.css HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Fri, 20 Dec 2024 02:17:53 GMT\r\netag: W/\"67617316-382c\"\r\nlast-modified: Fri, 20 Dec 2024 02:17:53 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14380,"size_decoded":14380,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/libs/wssBase.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.716Z","timestamp":1734697264716,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /libs/wssBase.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 06:57:24 GMT\r\netag: W/\"67617316-144a3\"\r\nlast-modified: Fri, 20 Dec 2024 06:57:24 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":83107,"size_decoded":83107,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":607,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":607,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/libs/base.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.714Z","timestamp":1734697264714,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /libs/base.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 06:57:24 GMT\r\netag: W/\"67617316-155a9\"\r\nlast-modified: Fri, 20 Dec 2024 06:57:24 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":87465,"size_decoded":87465,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":405,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/app.4e4d3d.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.722Z","timestamp":1734697264722,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/js/app.4e4d3d.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 01:21:44 GMT\r\netag: W/\"67617316-3b48a\"\r\nlast-modified: Fri, 20 Dec 2024 01:21:44 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":242826,"size_decoded":242826,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"23858e53d73f302be39fcd0c44e4c98f","sha1":"34707f6342c58ebe0f2ca5d983ba8b31844416ca","sha256":"6e981859138abcffa065d855787757180eb047471d89f600e9bc8f2e21b5d0df","sha512":"3058e8224da0d7a4fb4581c5f78e29c539d27c4ca86f84fe6ff25584e2dd4b04e6e00a96ec0ab709f931efb6708b23eee2c411a6cf820ca0e5b4754c5314963f","ssdeep":"6144:RCWpYAfxiXLkOXVnfse5fSmztq17go3wRD1VETCkkQcUp4AtJ5z0z/zSBHh79DlA:UWpYAfxiXLkOXVnfse5fSmztq17go3wJ","tlshash":"b83483cfb3f2a69d00056160cc3ea9cc15897fd08021d27a9f7f4ecbd658a1995db7a2","first_seen":"2024-12-18T23:25:58.963987Z","last_seen":"2024-12-29T01:01:38.811088Z","times_seen":6,"resource_available":true,"data":null}},"time_used":806,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":806,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/css/skina.c5540aa7.css","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:07.631Z","timestamp":1734697267631,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/css/skina.c5540aa7.css HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Fri, 20 Dec 2024 05:34:16 GMT\r\netag: W/\"67617316-2a98c\"\r\nlast-modified: Fri, 20 Dec 2024 05:34:17 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":174476,"size_decoded":174476,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/static/js/common.edc80b.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.720Z","timestamp":1734697264720,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /static/js/common.edc80b.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 02:17:53 GMT\r\netag: W/\"67617316-443d8\"\r\nlast-modified: Fri, 20 Dec 2024 02:17:53 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":279512,"size_decoded":279512,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"42713d0546223085d72a3edb1edb4fe6","sha1":"7666f3194c14d143856eae729a625eb59c223611","sha256":"fa9ec18829db5e9bb5b494d221cb77462931a4815bd01e660362380aa77aa3ab","sha512":"e6b4f4402173ba4adcd08af05642f81640a089fb76edc0760111670e3e4eac7dcef3e02d74d968eeba96f720c3645f47fa0d07afcb959610beafb8778f9a1ac4","ssdeep":"6144:zo4QLCmFTYSCDUU/nIW5t4SkOlskkdYh0pPqdz:zN8C1FDcW5M/kn0pPqdz","tlshash":"e55409ccbac5f0a957d335a4803f650bb1772a69f40e94d0e6a2d5d1ac7898e4237e3c","first_seen":"2024-12-15T19:25:59.315415Z","last_seen":"2024-12-29T01:01:38.810273Z","times_seen":9,"resource_available":true,"data":null}},"time_used":810,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":810,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bzxqqzwl.khubnzkoszudupz.top/libs/tac.min.js","fqdn":"bzxqqzwl.khubnzkoszudupz.top","domain":"khubnzkoszudupz.top","tld":"top"},"ip":{"addr":"23.99.114.0","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd","date":"2024-12-20T12:21:04.717Z","timestamp":1734697264717,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmdwyvaw.khubnzkoszudupz.top","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 11 Oct 2024 01:39:59 GMT","end":"Thu, 09 Jan 2025 01:39:58 GMT"},"fingerprint":{"sha1":"37:52:AA:1E:FA:CA:71:69:14:2E:72:10:FD:4D:AA:A8:89:B9:41:8E","sha256":"F9:EA:FC:3B:51:F2:AA:79:08:7B:EE:DD:9C:75:0E:A1:D7:67:87:75:CA:FF:14:8B:D0:DC:07:C6:7C:EB:8D:1D"}}},"request":{"raw":"GET /libs/tac.min.js HTTP/1.1\r\nHost: bzxqqzwl.khubnzkoszudupz.top\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bzxqqzwl.khubnzkoszudupz.top/index?key=8f48bd9e2d88cbe9225491bd90f3f0a8\u0026gid=1abdc69d896f0dcd409fc05e2a8b26e6\u0026sa=3d7680aa0f26fd86bf1f7654b358cbfd\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Fri, 20 Dec 2024 05:34:15 GMT\r\netag: W/\"67617316-d605\"\r\nlast-modified: Fri, 20 Dec 2024 05:34:15 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":54789,"size_decoded":54789,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-09T15:38:22.40258Z","times_seen":14902800,"resource_available":true,"data":null}},"time_used":608,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":608,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2024-12-20","alert":"Sinkholed","trigger":"khubnzkoszudupz.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}