{"report_id":"88f65aed-549b-4f06-938d-f4729c19696e","version":6,"status":"done","tags":[],"date":"2025-10-09T03:55:20Z","url":{"schema":"http","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":0,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"title":"校花的贴身高手-校花的贴身高手网页游戏唯一品牌官方网站"},"submit":{"url":{"schema":"http","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":0,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-13T03:55:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T03:55:00Z","timestamp":1759982100,"ip_dst":{"addr":"172.18.0.12","port":40264,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"high","alert":"ETPRO WEB_CLIENT Likely Malicious JS Inbound","source":"{\"timestamp\":\"2025-10-09T03:55:00.391246+0000\",\"flow_id\":674074482386701,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.107.183.19\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":40264,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2831817,\"rev\":6,\"signature\":\"ETPRO WEB_CLIENT Likely Malicious JS Inbound\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_07_17\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"acc.haha33.com\",\"url\":\"/static/default/js/hh-topbar.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://xh.haha33.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2491},\"files\":[{\"filename\":\"/static/default/js/hh-topbar.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":7802,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1167,\"bytes_toclient\":4122,\"start\":\"2025-10-09T03:54:59.534285+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.40407.com","ip":{"addr":"101.47.6.112","port":80,"asn":150436,"as":"Byteplus Pte. Ltd.","country":"Singapore","country_code":"SG"},"domain_registered":"2011-01-10","domain_rank":2077976,"first_seen":"2012-08-17T03:05:35Z","last_seen":"2025-09-08T23:26:54.938754Z","alert_count":0,"request_count":2,"received_data":678,"sent_data":1008,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"acc.haha33.com","ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"2013-11-08","domain_rank":0,"first_seen":"2025-10-09T03:55:21.287766Z","last_seen":"2025-10-09T03:55:21.287766Z","alert_count":1,"request_count":5,"received_data":17140,"sent_data":2354,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"CodeIgniter","description":"","website":"https://codeigniter.com","common_platform_enumeration":"cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*","icon":"CodeIgniter.png","categories":["Web frameworks"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"im.265g.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2007-04-01","domain_rank":0,"first_seen":"2012-12-10T04:50:52Z","last_seen":"2024-12-01T10:58:13.057938Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":456,"comment":"","tags":null,"fingerprints":null},{"fqdn":"iframe.eeyy.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2004-07-18","domain_rank":0,"first_seen":"2012-12-10T04:50:53Z","last_seen":"2024-12-01T10:58:12.447278Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":445,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.07073.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2002-09-17","domain_rank":0,"first_seen":"2012-06-03T10:06:11Z","last_seen":"2024-12-01T10:58:12.650672Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":581,"comment":"","tags":null,"fingerprints":null},{"fqdn":"xh.haha33.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2013-11-08","domain_rank":0,"first_seen":"2025-10-09T03:55:21.283054Z","last_seen":"2025-10-09T03:55:21.283054Z","alert_count":0,"request_count":27,"received_data":1934314,"sent_data":9936,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.7.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T03:55:00Z","timestamp":1759982100,"ip_dst":{"addr":"172.18.0.12","port":40264,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"high","alert":"ETPRO WEB_CLIENT Likely Malicious JS Inbound","source":"{\"timestamp\":\"2025-10-09T03:55:00.391246+0000\",\"flow_id\":674074482386701,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.107.183.19\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":40264,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2831817,\"rev\":6,\"signature\":\"ETPRO WEB_CLIENT Likely Malicious JS Inbound\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_07_17\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"acc.haha33.com\",\"url\":\"/static/default/js/hh-topbar.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://xh.haha33.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2491},\"files\":[{\"filename\":\"/static/default/js/hh-topbar.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":7802,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1167,\"bytes_toclient\":4122,\"start\":\"2025-10-09T03:54:59.534285+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2415cb4c0991a6fe1e0f7dd6e04ee37c","sha1":"425313fa22a24358ee2d8311fbdac234fbcc743b","sha256":"87c7f483d7cd744807298e4ecdf3734eccce89ee1a36467e5f75871002eb82e1","sha512":"521724775672c90383e018c48bb41e7fa297426c221ad0ace4588f31b450be8f88508737bc6e4fb9262cd63ac89a5291d3322ce5153e2bcd7c4ae8f1ad24e213","ssdeep":"","tlshash":"a4011a384cb253b02d5776c5052e88201681956b2689cd1b78bce5e8cfca453d24afd8","size":720,"data":"","first_seen":"2025-10-09T03:55:36.601137Z","last_seen":"2025-10-09T03:55:36.601137Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"acc.haha33.com/index.php?c=udb\u0026m=checklogin\u0026callback=jQuery172008384305105798096_1759982100113\u0026_=1759982100117","fqdn":"acc.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f8613e79c080e50b9a8df6f0f5c47fb","sha1":"2b90c18e6eb3e81b3e365a41ba8bc46f164a577f","sha256":"8e7f2017d5c475153133feace4ed28236ecb27fa1a26955dbc783928ad05a22a","sha512":"71b264db71ee57f070c2b8c17d71440340d4e7fa3623163df9d1d84df8fcaa80d311d823834975e07587c3a111ffaa429e115d911cd5836e33223b41253b9a3e","ssdeep":"","tlshash":"38c02b101e70099b7c49a3788210dccc0779943dcc46311cdc7b0a0487056613b20c35","size":141,"data":"","first_seen":"2025-10-09T03:55:36.572479Z","last_seen":"2025-10-09T03:55:36.572479Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"23bc989dbd0200687579019c129420cf","sha1":"a90fd3973eef33ccbe44826dfac19364d3b55353","sha256":"4e2101ba7d5c6b8065d176c2765ac9203658aa76311b88e916a83b9e3804fc5c","sha512":"f16147dbe8e178667f72f1cb4a31919c57c6edaa171532211abd6369b188db446495907a868f9501fa0ed5e74131bb489056608f12f8c00f32986229745db2cd","ssdeep":"","tlshash":"5f700020000a3220230ea2200820c2ba2ab8a020e803230000cb0c2008888282002a00","size":25,"data":"","first_seen":"2025-10-09T03:55:36.60294Z","last_seen":"2026-02-15T07:18:34.727688Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"b2f4141b1831c5c7761f27fc9bafcc4b","sha1":"966014b809106b2495d203b3dcd88b3e9ce03498","sha256":"9faad69a2307263fda378713cd3f6ce6efc454d5582db3daaa812536284686b3","sha512":"e4d95641db913400e80678d448072ec7846edbbcca0a01615193b4215ef1f2d4142414540687d2dcb769f685021c5cf20c67908e95983bbd328756372016bf16","ssdeep":"","tlshash":"663000000000000000c000000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2025-10-09T03:55:36.604515Z","last_seen":"2026-02-15T07:18:34.735383Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d933bd2e86b25c2b2760c69b9cca404c","sha1":"6e7264d97f324d010e68634f1bc4f15e546f0c5b","sha256":"899c5b11cfc3590a8810be11aac68c1fd38225807601730d4052ee42fb33c85c","sha512":"9a9fc1d6442ee6aa0b899430f6633c816cc6d6476531da790a22f6dd2d1c216b3ee81adffa4bca05572a7f9cf520e857d0e03c35c450de22580dbeddab8cf147","ssdeep":"","tlshash":"4b500000000000cc0000000300000c00000030030000000000000000000000cc000000","size":8,"data":"","first_seen":"2025-10-09T03:55:36.606151Z","last_seen":"2025-10-09T03:55:36.606151Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T03:54:57.521Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T15:45:53.712693Z","times_seen":14742555,"resource_available":true,"data":null}},"time_used":1046,"timings":{"blocked":0,"dns":492,"connect":267,"send":0,"wait":0,"receive":0,"ssl":284},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/bg_base1_on.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.180Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/bg_base1_on.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 03:27:23 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794359b-5e21\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24097,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 233 x 290, 8-bit/color RGB, non-interlaced","md5":"abdd6c273194ff2666d20786c2cd36fe","sha1":"a3745bfab3f75089fea62a2fc272722b429ee372","sha256":"f870f09dd3edf66fed90847b40a39a515ae95cecb4ed0ab85810fbc738cd679c","sha512":"8e96f92c66cfdf3004e881a76dc1c9ce74cb523db1e03b65c15ae08a5341082795368381124bb6893fcf66e36a3fe49ed241c7fd706d17efe18364cba30bc8ce","ssdeep":"384:Hvsbt4AczUDc1aneoBzpNixwxxAYaphMm9zKO7Q+T1MUFk0dt+ErtPHZEBEoNfBS:H0LDDcyeoJpNDOphMoKGQOeUl+SiZU","tlshash":"67b2e1d12ed03725a5e1dfd918adcca3f0acd9c895ec7a4af5d8004549678fe32ca2d4","first_seen":"2025-10-09T03:55:36.535384Z","last_seen":"2025-10-09T03:55:36.535384Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2797,"timings":{"blocked":897,"dns":0,"connect":0,"send":0,"wait":271,"receive":1629,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/icon_star_on.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.185Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/icon_star_on.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 03:27:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"579435ac-58a\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1418,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 19, 8-bit/color RGBA, non-interlaced","md5":"443746c08594261b605663c023e8e60e","sha1":"ffd5412d37d76d5673e2425327d4e92327e93643","sha256":"4ae7846b24e3b5a6d16301dfbee00875b407b0d9facde673c965b9676c556e7e","sha512":"657bbe72e08c5d162c7b949d9aa0b6cfbd3b9edff556cc75634560cb6095251ec3c24303582bf10aaee6a274142840d22d0abc9e914daf1d5835aa03e9da007b","ssdeep":"","tlshash":"3221866efb5078826858ec8524fb5c22cda34480cde5f596f84ecc425df52b890aa5db","first_seen":"2025-10-09T03:55:36.53891Z","last_seen":"2025-10-09T03:55:36.53891Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1448,"timings":{"blocked":1180,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/js/jcarousellite.min.js","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.270Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/js/jcarousellite.min.js HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 153\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"706a98254456810d3e849c3957af9d01","sha1":"e461d072a6ba8f0082d6f187eba7f053343529c6","sha256":"8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229","sha512":"6fd0837b6c7485fcd783da728d9759a49f48e8a2f4757301a921735f7f41240b890b87672725c90e8295a21d039a369b203246e8bf71596cf1e2f9b543bc0277","ssdeep":"","tlshash":"fec02b2d36137c4cc5a3317432c3b080c0e6933774fa45110440800331cf2998ac7397","first_seen":"2023-03-25T23:23:32Z","last_seen":"2026-05-06T16:11:22.584789Z","times_seen":6726,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/js/jcarousellite.min.js","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.296Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/js/jcarousellite.min.js HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: text/html\r\nContent-Length: 153\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"706a98254456810d3e849c3957af9d01","sha1":"e461d072a6ba8f0082d6f187eba7f053343529c6","sha256":"8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229","sha512":"6fd0837b6c7485fcd783da728d9759a49f48e8a2f4757301a921735f7f41240b890b87672725c90e8295a21d039a369b203246e8bf71596cf1e2f9b543bc0277","ssdeep":"","tlshash":"fec02b2d36137c4cc5a3317432c3b080c0e6933774fa45110440800331cf2998ac7397","first_seen":"2023-03-25T23:23:32Z","last_seen":"2026-05-06T16:11:22.584789Z","times_seen":6726,"resource_available":true,"data":null}},"time_used":522,"timings":{"blocked":-1,"dns":0,"connect":268,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/role2.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.283Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/role2.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:02 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 07:42:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794714b-326dd\"\r\nExpires: Thu, 09 Oct 2025 04:55:02 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":206557,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 460, 8-bit/color RGBA, non-interlaced","md5":"2cfbff5a3426eb44bb4137bd35ed3c38","sha1":"c15eaf4f71e10c12a596ae8bc61e9ab41b340e05","sha256":"f8506c98e712a6185a0930b88d40a54b9afb76df20b7de1e1a3d21a1781a06b7","sha512":"12c02c00a49fe49488c4cf437ce374fbf5c2c2eaf2bc398dd606d03f1e6bf1a6bd177c59a90e61830d418d956cc74f2d99b0a6707836fe1eecffdf24d7bf15ef","ssdeep":"6144:wUVDHl+rWDOuRjxFlAUHI3MEjs9rVBGU/:PlK/CtFl/IaxN/","tlshash":"351413c6b382ac6296151f9cecfcc3c6095668673c4219973ac40d5786d88b9cafef4d","first_seen":"2025-10-09T03:55:36.543089Z","last_seen":"2025-10-09T03:55:36.543089Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3043,"timings":{"blocked":2783,"dns":0,"connect":0,"send":0,"wait":248,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/skill3.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.287Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/skill3.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 07:46:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794726d-b26\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2854,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3","md5":"154d981d45baff21f994190113faa5e7","sha1":"62f2c0ebc92a77667d6b2d143ef56750c5841da5","sha256":"93623882aff8df0a78b1e21f19eeff50a2b1c3fb0f608e60022982adf2622ccc","sha512":"ef2236cc1be7b8f2a1550839bc6b287bc3cec860eb6a481f961a4eb8b5d9973f9f9afe6b0ac07c20b70646f155be8bd9a601305d3efb0d0bf4b8ca2dc0c06e70","ssdeep":"","tlshash":"5251fb3ab993df02dd43947c2cfbe5635b56a48054e199e6ee7e8c021829377941d0ce","first_seen":"2025-10-09T03:55:36.545842Z","last_seen":"2025-10-09T03:55:36.545842Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1094,"timings":{"blocked":823,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/skill4.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.291Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/skill4.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 07:46:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794726d-bf4\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3060,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3","md5":"ee28d97695b979caa569fe157caced12","sha1":"64e4500b00fde0600be6ed456c1f0811ae993256","sha256":"edba51f6d4311e9fa75398f639dd4bbc651fff8bbbf4b66b541ce836dadc0528","sha512":"d61089c3e594ceb81b97ee84289b8e5971fc1192c0ce88c7c1e29034750646e55fc875d42b1d7688771dfc289ad8c517c881655eb5ec1e2aa6777c940d7e3c44","ssdeep":"","tlshash":"b3511a0ee223bf46d49891f524f7543f85132870e4d4dd5498b2852a2f29062615e7a3","first_seen":"2025-10-09T03:55:36.548336Z","last_seen":"2025-10-09T03:55:36.548336Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1056,"timings":{"blocked":782,"dns":0,"connect":0,"send":0,"wait":273,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/skill5.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.294Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/skill5.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 07:46:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794726d-daa\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3498,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3","md5":"f0313bf6caa44266d2acc9ea52921336","sha1":"7364fd837bbeedea16d1ce9ac7182fc907327e2a","sha256":"149ce52d27d919801ed444190cd864f6564a2bc9687db52042620056d5cfe0e2","sha512":"6696fe93c4389c799270f39b2a95d7209959a2e74423fda58bd5dbe0844a122e378182bdd3217ef1bb52e9bb2c4756d0ade4a707a10c25f8f95b10922aeea3a0","ssdeep":"","tlshash":"ed716b557bc19740e97c68b728f7816b5b86798661e0fb47dcbfc4874d0207089391e2","first_seen":"2025-10-09T03:55:36.550944Z","last_seen":"2025-10-09T03:55:36.550944Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1803,"timings":{"blocked":779,"dns":0,"connect":0,"send":0,"wait":1024,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/js/xslide.js","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.295Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/js/xslide.js HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sun, 24 Jul 2016 03:27:43 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"579435af-139f\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5023,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"f71b30e9d263bcda605c4ebab3301a7d","sha1":"897de7b545eba97fdb89f64612b2c952fd57a46f","sha256":"ac7c4f6e23025a575c5d973dee33a6347d20234121862c94e3a3bf7077fcc6bf","sha512":"2de626cfe38f6d096c4c18c5eb999e0d2a7d89a27ac8c18ce28499d2030c67387a21af34b7b64cd086adfa29641bb6c052c2aa324d2e2ba47950734f179845a5","ssdeep":"96:Gu+wct8tktVdeXcDnHmiqAfwJEVQaEPq0WjXKf:edMmY0iPwg","tlshash":"56a1cd09b20029ae39b7352e3b6b608cefa361175411ef00bebd42840ff455ec616f6d","first_seen":"2025-10-09T03:55:36.553457Z","last_seen":"2025-10-09T03:55:36.553457Z","times_seen":1,"resource_available":false,"data":null}},"time_used":535,"timings":{"blocked":-1,"dns":1,"connect":267,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/skill1.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.281Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/skill1.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 07:46:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794726d-c68\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3176,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3","md5":"3b781c10e649235e5976d5205f3a5b58","sha1":"6830d0a4275b5b1bcce9b00f28a0ac5d231b7707","sha256":"d52bc80deef515666fc73c3775614a3ee92772bc6c1dfc00e08560c3d6d6b27a","sha512":"25e80a4b1716e190f9a2cf9e267a33f97eec98505f4f6fcaf35d9d22bb119bae03003235cd67c87c7ee538eef89f779f8a857d8acae7ab77062e90e3665714e5","ssdeep":"","tlshash":"fa61181af8b13f03c9adad7024f3d46b847d848588cad55bbafec81725500f81a2a3c3","first_seen":"2025-10-09T03:55:36.556287Z","last_seen":"2025-10-09T03:55:36.556287Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2534,"timings":{"blocked":2287,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/role3.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.285Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/role3.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 07:42:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794714b-3ba1c\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":244252,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 460, 8-bit/color RGBA, non-interlaced","md5":"4eb87659f9cc47df9a9c2e2c53c141b7","sha1":"98723c3a994da4587b6a78247119d53380122487","sha256":"81d0609ce5905f2c16b5d9affaa327a2cfe609ddc17fe0cb0edd555556da012d","sha512":"43b27b5d06e5bcf7e417f8627734c29126d5771844df1529521b225227b9c007ab6e5893ec329f3a4dedf1a4b914a9551be6ae9fa8d32af3e4993c221581f6e7","ssdeep":"3072:xGp/+RffmysNw2mq385kZElUI/gJlNvw5/8k/tK32eglK8BjWfJIxDen8+/GmFm+:Ipm50G/ky/s2M8BjWBIxgOmFmLB2akL9","tlshash":"bf3412c318f18bfa47ecd6eaf04e41a35ea0f96a3c9e596c683374d4635429224d4de3","first_seen":"2025-10-09T03:55:36.558888Z","last_seen":"2025-10-09T03:55:36.558888Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2035,"timings":{"blocked":788,"dns":0,"connect":0,"send":0,"wait":248,"receive":999,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/role4.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.290Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/role4.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:02 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 07:42:03 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794714b-20c53\"\r\nExpires: Thu, 09 Oct 2025 04:55:02 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134227,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 460, 8-bit/color RGBA, non-interlaced","md5":"a436dddfe823928945c7c0d061faaebd","sha1":"8f0a4b7fb809d09055c728ce17b6aa6f0c08ec1b","sha256":"1da38eb7688093ff4578f9dd555e9b3794999f870dd62ae0b5a4834c09990450","sha512":"62d0dad71f4f6a98890654f51ff5af7ce4b17fdfd6b431a3f67f39f1f976c0e0d8a7eb32254b1322e211e999b50ca2d4e608e5cabbfb730f98730770cb6e0db3","ssdeep":"3072:ac8RZUBHiz4uiRLqoL5q5/wIZbeDfdH/CtzyX6uB0zNoV6p:ac8RYC3iJqoL5MxMDlqNq5MNzp","tlshash":"9dd3121cde169f4a3fe75271a445142006b4d13ee9df341dd48ccafe3ae22b099ae65c","first_seen":"2025-10-09T03:55:36.561725Z","last_seen":"2025-10-09T03:55:36.561725Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3363,"timings":{"blocked":2844,"dns":0,"connect":0,"send":0,"wait":255,"receive":264,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.40407.com/plus/nested.php?short_name=xhtsgs","fqdn":"www.40407.com","domain":"40407.com","tld":"com"},"ip":{"addr":"101.47.6.112","port":80,"asn":150436,"as":"Byteplus Pte. Ltd.","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.171Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /plus/nested.php?short_name=xhtsgs HTTP/1.1\r\nHost: www.40407.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://www.40407.com/plus/nested.php?short_name=xhtsgs\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T15:45:53.712693Z","times_seen":14742555,"resource_available":true,"data":null}},"time_used":1326,"timings":{"blocked":539,"dns":304,"connect":241,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/base.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.188Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/base.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 03:27:22 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794359a-40f55\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":266069,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1000 x 2000, 8-bit/color RGBA, non-interlaced","md5":"68c30fb3a5d51afa8dd7fde65e298efb","sha1":"90d2d18c98bdf681e50e3222cd5a4359bbaaece8","sha256":"8e6265965e06a74a34153107e0c1f52aa3fc5e44be1be5abcc60492f7d3bb6d8","sha512":"ea159d2e71a2bd5f7e73f8a3814a5229d0f194faf98931134c7dafd536ac58c51a00f1c0c4b3b444bc75617d8b7f3967e2bbdcefaf45249e7685dd479ae11626","ssdeep":"6144:LjJdDWVxnGp8xkaqDY4XCLOqkg8eLMEDZ9kjgWWmJB:LjJxCGsEY4yLDv8KM4Z9ksWpB","tlshash":"c644f180a7b06b57e93c473742d356056fb2040260f3c609ba9ea55d8f70b2e9f5bec9","first_seen":"2025-10-09T03:55:36.564692Z","last_seen":"2025-10-09T03:55:36.564692Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3067,"timings":{"blocked":1446,"dns":0,"connect":0,"send":0,"wait":271,"receive":1350,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/css/style.css","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.262Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/css/style.css HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: text/css\r\nLast-Modified: Fri, 09 Sep 2016 08:56:28 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"57d2793c-92c6\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37574,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"b9cc2158d7a48c75bda7686dd7d6b4c4","sha1":"23dd5ba0c9f37490ca8726ae5a6a3a4864af6e31","sha256":"f316f9983060a5ae47e59528d2621c863f7cbc2e9554f8a454ab8998bd7ba786","sha512":"0edc230c19eefa66cef1897a0b26a9f3306aa78ec41caf4a12c38775f8bd8a958098e4f93516da9ece084ec563747f27c8caa6120c5eb54fe9d89d51563cb5b3","ssdeep":"768:dMyAmMJDRgpLPP+oHZIeBeHZIjEeFf32M3JVIAA561:y8cM9","tlshash":"79f2852547222245e13793d5fbe3eb9a0e2cd063e61309fcf9d63915d20e4992762be3","first_seen":"2025-10-09T03:55:36.567394Z","last_seen":"2025-10-09T03:55:36.567394Z","times_seen":1,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"acc.haha33.com/static/default/css/top-bar.css","fqdn":"acc.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.264Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/default/css/top-bar.css HTTP/1.1\r\nHost: acc.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 01 Nov 2016 03:20:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"581809e5-f35\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3893,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (306), with CRLF line terminators","md5":"b45da298a429942a4d8384796d36c901","sha1":"101ec0b149532ea55839d3c8edfa517643a6e936","sha256":"39ff7e841e7671ada84e480ee84bf4709ee13b7e416e041e4282b532253cbeef","sha512":"f0c4bfc4db6bddf6809c5ad276ad8a9900fcd8ecf7bf9f914607cbdbe08dc298785d41ad2202fd4aae85c3838fe333245935fa2ac2c35c7eb23867c24e52758e","ssdeep":"","tlshash":"86815423c357152bb03b8796fda3ef458d2a5013a10155bdac606614c08e7db7aa6fb1","first_seen":"2025-10-09T03:55:36.570077Z","last_seen":"2026-02-15T07:18:34.709964Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1313,"timings":{"blocked":521,"dns":288,"connect":251,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"acc.haha33.com/index.php?c=udb\u0026m=checklogin\u0026callback=jQuery172008384305105798096_1759982100113\u0026_=1759982100117","fqdn":"acc.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.125Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index.php?c=udb\u0026m=checklogin\u0026callback=jQuery172008384305105798096_1759982100113\u0026_=1759982100117 HTTP/1.1\r\nHost: acc.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: text/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.6.40\r\nSet-Cookie: ci_session=TXIk%2FgK1FDeRMrGxY%2BRqWaE5yJG9K6H4IGcCAsiJ81CXzdUEPJ%2F22wPGavf%2F8PfpT7zTdnUxP6zcy7viN0r6OYzqoxSqefqnnXQ66Th2rEQIySQ%2F6uHyKeX1ltJK5Q7vUoYYP6AM3Tu8s6gSf7H8zzsDHODs3Oj2dnLqtC2KWredhvZoap%2BV1TFFbiSpJf0Xk2Uvds6Tcal%2B7YNHYAsqBP20C0j6yn8l8ycfboHPJ26sSzrLaLSqLiQY7hp0D0dsw5tmUKH0ZM7dmaIJ71rjRzSsDLTtmg1s1F8S7E7R7ggjmrCYN85VInJ8%2F7yLPqegcDmugGpgo6KOIuA08CYZBf3OpZ1KOWSeUV2vyRWvAHKhathEhOOSWmWXEeDx6klIzlYRwV8t04tdQF8TXIF3rIhbGEhZpfobBE59ARduU7g%3D; path=/\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"CodeIgniter","description":"","website":"https://codeigniter.com","common_platform_enumeration":"cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*","icon":"CodeIgniter.png","categories":["Web frameworks"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":141,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"3f8613e79c080e50b9a8df6f0f5c47fb","sha1":"2b90c18e6eb3e81b3e365a41ba8bc46f164a577f","sha256":"8e7f2017d5c475153133feace4ed28236ecb27fa1a26955dbc783928ad05a22a","sha512":"71b264db71ee57f070c2b8c17d71440340d4e7fa3623163df9d1d84df8fcaa80d311d823834975e07587c3a111ffaa429e115d911cd5836e33223b41253b9a3e","ssdeep":"","tlshash":"38c02b101e70099b7c49a3788210dccc0779943dcc46311cdc7b0a0487056613b20c35","first_seen":"2025-10-09T03:55:36.572479Z","last_seen":"2025-10-09T03:55:36.572479Z","times_seen":1,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/js/jquery-1.7.2.min.js","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.270Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/js/jquery-1.7.2.min.js HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sun, 24 Jul 2016 03:27:43 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"579435af-1727c\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":94844,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32769), with CRLF line terminators","md5":"6d2585d9c9ff3cbb3678c4d47afa9741","sha1":"252e3a576ac4cc735c55a01f66fd3887ca2494a6","sha256":"7484b8254917d2107643ae016518565be1cd4a16e390b402093910e8928f116c","sha512":"d3acd5bafcefeb247ff02d3bc72e95a5ee37f5c79e40871390b80236350af90669fefdca7d5ae961aca5a4ba7bab6cd4df6e1916af7da1ed2ba731f6ab442bc2","ssdeep":"1536:lYRKUfAjtledRTmtaFyQHGvCXseUOgRc9izzr4yff8teLvHHEjam7WuX3yzSiLnM:cUbYGvCD0932o2skAieW","tlshash":"3693e7d9b2d67123c7b731b850af510bb17698aa784c8c50f068d8e4be74a48907bf7d","first_seen":"2023-03-07T21:46:14Z","last_seen":"2026-05-05T21:29:33.103346Z","times_seen":126,"resource_available":true,"data":null}},"time_used":803,"timings":{"blocked":261,"dns":0,"connect":0,"send":0,"wait":273,"receive":269,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"im.265g.com/articlelist/xhgs_haha33.html","fqdn":"im.265g.com","domain":"265g.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.161Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /articlelist/xhgs_haha33.html HTTP/1.1\r\nHost: im.265g.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T15:45:53.712693Z","times_seen":14742555,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/js/base.js","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.301Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/js/base.js HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 11 Aug 2016 07:25:59 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"57ac2887-1334\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4916,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"96734b090b5642e17ce84e7191413afa","sha1":"97e10495a68e350bf430acb8d96bfa33f284aaf0","sha256":"ced6e8cb4e4cae66ec70cdb5f721de3d7092569c86e7dfd21e88da54cc7ac349","sha512":"aebdcf71dc320652612592465f39b6194b741c2ea4ac94d3f32d5aac23dba7043beefca6cf115e5e5b101d2b311c6cfbaf23f2c4617887b119fbbc2800def708","ssdeep":"96:aeRmRzX+eZbASWg7iqDG8sJN1K+PBl6uTiDGuaWW:ZRA+8nxFja/K06tpaWW","tlshash":"7ca1fe89b54a901f447a75d18efb6c04ebba491761089a00bebc44e11fb4f29b583f7f","first_seen":"2025-10-09T03:55:36.57727Z","last_seen":"2025-10-09T03:55:36.57727Z","times_seen":1,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":-1,"dns":1,"connect":247,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/bg_top_60.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.128Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/bg_top_60.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 08:43:30 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"57947fb2-4797b\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":293243,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1400, components 3","md5":"27b766641da3af179a32762212bc498a","sha1":"6b129ae31e0b5acce4c1e84a4df0dd57c5c832ea","sha256":"c45813672e5a067978e447f9f0a55bc79758e0fa9288defda4677be4d31d6b08","sha512":"d2d4a60f14cffdc31d5c106f2bceec2420f4fa1e0ca638399e66e0188e838193387dba8ae7d2069fcfc798c3c2831e8bd1600436255a4294fe27b26216bd0316","ssdeep":"6144:A7QbT0QjwRwoCqCJE7d2x7BCYBaABqGPx59Dy913SsoE2znXfQRyhYPZ:MQbT0QERwoW6qBCYfxOwHX4UhYR","tlshash":"7954ef2db56ffa60872593862a063c7b5b1863150778fc46a45ec9caf72f79310bcca4","first_seen":"2025-10-09T03:55:36.579332Z","last_seen":"2025-10-09T03:55:36.579332Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4039,"timings":{"blocked":253,"dns":0,"connect":0,"send":0,"wait":270,"receive":3516,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"acc.haha33.com/static/default/js/hh-topbar.js","fqdn":"acc.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.272Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/default/js/hh-topbar.js HTTP/1.1\r\nHost: acc.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 29 Nov 2016 03:27:25 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"583cf59d-1e7a\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7802,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (348), with CRLF line terminators","md5":"eb81d4d718b20c3d50652d752c03c6e1","sha1":"57fdac9eedc904163691eb6bc0449595d44a933a","sha256":"2f266a626e61dfc9149da1a8ae303ec97fbc52faa55b63d68b444483131b1a55","sha512":"5a04691b78a50ce64c819e7db0ac2f1bc7165b41972bcf7b52ac75304685eb318a7580af0e7173d2ddef66920992b77448a69e9274c6b81eb7a5d598d31a76ef","ssdeep":"96:39R1pL7Igk1iNp9WntgkEF+Nkf3CEVt3KITuanhZvwDDHe4lBocJc0ckcncMcdct:NRDpkivWakgf7zq1ShAygzk","tlshash":"7df1330c5d4730254932ea8a66739e28fc51654b4992d526f5bc83c81fb0f3993d3afd","first_seen":"2025-10-09T03:55:36.581414Z","last_seen":"2026-02-15T07:18:34.707249Z","times_seen":2,"resource_available":true,"data":null}},"time_used":777,"timings":{"blocked":519,"dns":0,"connect":0,"send":0,"wait":257,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-09T03:55:00Z","timestamp":1759982100,"ip_dst":{"addr":"172.18.0.12","port":40264,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"severity":"high","alert":"ETPRO WEB_CLIENT Likely Malicious JS Inbound","source":"{\"timestamp\":\"2025-10-09T03:55:00.391246+0000\",\"flow_id\":674074482386701,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"47.107.183.19\",\"src_port\":80,\"dest_ip\":\"172.18.0.12\",\"dest_port\":40264,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2831817,\"rev\":6,\"signature\":\"ETPRO WEB_CLIENT Likely Malicious JS Inbound\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_07_17\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"acc.haha33.com\",\"url\":\"/static/default/js/hh-topbar.js\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"application/javascript\",\"http_refer\":\"http://xh.haha33.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":2491},\"files\":[{\"filename\":\"/static/default/js/hh-topbar.js\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":7802,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":6,\"pkts_toclient\":5,\"bytes_toserver\":1167,\"bytes_toclient\":4122,\"start\":\"2025-10-09T03:54:59.534285+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"iframe.eeyy.com/xhgs/762.html","fqdn":"iframe.eeyy.com","domain":"eeyy.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.166Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /xhgs/762.html HTTP/1.1\r\nHost: iframe.eeyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T15:45:53.712693Z","times_seen":14742555,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/bg_h3.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.183Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/bg_h3.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/png\r\nContent-Length: 1001\r\nLast-Modified: Sun, 24 Jul 2016 03:27:25 GMT\r\nConnection: keep-alive\r\nETag: \"5794359d-3e9\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1001,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 1, 8-bit/color RGB, non-interlaced","md5":"3ca9904fce16a387c800040632ef03ad","sha1":"fbc231276d60e3bce436b32a8bc99c5fd0d10a88","sha256":"7b74553101f82cf21d4bc5d14557f58a09bcca82850057b97c45a003ec233a9a","sha512":"d3fb40170ebe0ff83c1da99d3d7cd13b5668c40babba37f8988f2fa5aed5f89e4fc8fc1bc7f4694a936326b899112b839391dd05656b5e0868a0a9aca994014a","ssdeep":"","tlshash":"1311215efa507840644adcc220fe1927da128880ded1e4b1f8cfd85b5e642f5946c5d7","first_seen":"2025-10-09T03:55:36.583408Z","last_seen":"2025-10-09T03:55:36.583408Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1182,"timings":{"blocked":916,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/icon_star.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.184Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/icon_star.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 03:27:40 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"579435ac-58c\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1420,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 19, 8-bit/color RGBA, non-interlaced","md5":"c78554556ac4b93d1db11c00577e960d","sha1":"1569a665fc0c2538c8a6a5542e2f1fd1d88d5b5a","sha256":"a0a09dba67dd4d5dca9ba941bf9427a8412ca584e8e51f60370d56db12a404ec","sha512":"f2ab7487cec878948b888cdaf178e8ff5a5556e42e03a66c1df0b28edbabea466d30c37fb2aa6aa8ca074d7815190afef14eea13bfd1621182e1cce07ab4c81f","ssdeep":"","tlshash":"51217489ba903910944ed50621f65836ed470860efd5fcb1a88ac4564d682bf48795df","first_seen":"2025-10-09T03:55:36.585319Z","last_seen":"2025-10-09T03:55:36.585319Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1384,"timings":{"blocked":1137,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/skill2.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.284Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/skill2.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:02 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 07:46:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794726d-c80\"\r\nExpires: Thu, 09 Oct 2025 04:55:02 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3200,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 60x60, components 3","md5":"65de7e6acf174a0ceb082bc45f4eff8b","sha1":"62c864f3aa1dbf4b29e6ad509811b1794e18e570","sha256":"d4d33e50203fbcde787d7038cc7f63a4d6bbded9fa7306936e22db692168073e","sha512":"5055e9c144c3e5754ae70232fa5d7fc005f11e7a44f8a2805fb4c1d75166f9adb00a068b2cdbfb345b4ae5dd73fba4d7b94dd86a2c8e1a70d947a1204b0d89e8","ssdeep":"","tlshash":"5a612a14f0528f46e0887db82cfe445bd7541a90b5c6eb6960fac06a5b891b49f7b0e4","first_seen":"2025-10-09T03:55:36.586893Z","last_seen":"2025-10-09T03:55:36.586893Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3290,"timings":{"blocked":3042,"dns":0,"connect":0,"send":0,"wait":247,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/role5.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.293Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/role5.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 07:42:05 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794714d-4e7fa\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":321530,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 460, 8-bit/color RGBA, non-interlaced","md5":"7ca55ef9ea6d71c2818de96bd943e6c4","sha1":"ed1865cfff28cca82d65d70e0d0ff4e7527ae658","sha256":"d7054cf3ac0fe3848137abc831b31a288f29529073165a58b72caff544cf05be","sha512":"460fedbc7b57a39b42163d85f454b3d72fe3f612c0698df1a8a5c28dd2b313884f96fa6d373c8e88b57477a910a274b2d94661a3a1c4ef21dcd10bb20174e51a","ssdeep":"6144:AL12iChVEvHoe8fFV1i+rvYsOpl9eL+qcjR3v/UQ6ieURV9dUOdtJG/:A12zcHo/96KvYsOr9eitf79S4JG/","tlshash":"406423e3bc953420e39f801155d8c9fddf1bf2b2298dcb276adaa24771226c0d11669a","first_seen":"2025-10-09T03:55:36.588397Z","last_seen":"2025-10-09T03:55:36.588397Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4623,"timings":{"blocked":781,"dns":0,"connect":0,"send":0,"wait":257,"receive":3585,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"acc.haha33.com/theme/service/js/loginer.js","fqdn":"acc.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.299Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/service/js/loginer.js HTTP/1.1\r\nHost: acc.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:59 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 29 Jul 2014 02:20:10 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"53d704da-bb0\"\r\nExpires: Thu, 09 Oct 2025 04:54:59 GMT\r\nCache-Control: max-age=3600\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2992,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"56d65a62b6175b91b7a2992a5095fcdd","sha1":"b0f7ea84a376ac6be37c7e8b26844a8aa6f60d66","sha256":"ca679ed7a8c238f22023f06ee0913ee4fdef2d901a59c7543eff7757e91b8769","sha512":"c193620be4198e66aae0f058efa4812a64a04993ea168cf151645f071b8d61499367c78e2f2065eb3ed820845f1ea4f0752ebe03a811f69e58eeb4137341cc47","ssdeep":"","tlshash":"ee5155896d166024cb31b6d984574f19ee369a4b0654e10bb9fcd0d05fb1938b342eba","first_seen":"2025-10-09T03:55:36.590109Z","last_seen":"2026-02-15T07:18:34.699589Z","times_seen":2,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":270,"connect":257,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/bg_csc.jpg","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.189Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/bg_csc.jpg HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Sun, 24 Jul 2016 03:27:23 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794359b-4473\"\r\nExpires: Thu, 09 Oct 2025 04:55:01 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17523,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 337x217, components 3","md5":"307374d1f1a9f7d75b83e7806ff59160","sha1":"34fbe0910ae9e5ad87fb96c090e6d5c88d81aa45","sha256":"5d569fd47e15e77664b4e1d13aff1a3f97afd2d19f077cad9e3f7520768a3cc9","sha512":"ba853a6905e2812cb2f4b6135213c56a3567a8713ece32261e75997a4e387eebaf366998b920ef11febd9829940f5a42572805c5639090c9b652cde35fd33384","ssdeep":"384:MVXVFUIU/bCgzUqcJNbbPla54KPIByGOHKM3kY7uFyeWFlY:6FkZQqcJZbPsysIBITkYqFgY","tlshash":"5972ada8950e3b4ddf8e602b2cf7cb34f01658717be8d556ac3d5cdb1d186a04a08f2a","first_seen":"2025-10-09T03:55:36.591747Z","last_seen":"2025-10-09T03:55:36.591747Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1877,"timings":{"blocked":1628,"dns":0,"connect":0,"send":0,"wait":248,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/bg_base1.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.179Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/bg_base1.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/theme/css/style.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 03:27:23 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794359b-676d\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26477,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 233 x 290, 8-bit/color RGB, non-interlaced","md5":"bbeef5d3b7e479ca806a127d302ea9fc","sha1":"afbd7e7f22affd90c63a5bfd5bc0d8ac82f83565","sha256":"7be7489429e03f45df1cac0e7e484c6abee89995ad1ddb94d5d38667125cf5a5","sha512":"0793c0c27b386eea5167cf10c59f1a1ca6cb116486634c44311b266e183f28f0babc4f3b55c154220dd8cb8ae57c1491236812ba4342bcf9603631ffcdd37dee","ssdeep":"768:FKvjOgRJ62QBBvjwmv4m6HJwJjaKKiDb0Ymtf:FKbzD6BvFvv6HJ4OKKcb0Vtf","tlshash":"41c2e19250429fdbb76c90357abab3edb71011a77c6014e629a58835148cffa08f53d7","first_seen":"2025-10-09T03:55:36.593464Z","last_seen":"2025-10-09T03:55:36.593464Z","times_seen":1,"resource_available":false,"data":null}},"time_used":899,"timings":{"blocked":359,"dns":0,"connect":0,"send":0,"wait":272,"receive":268,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"acc.haha33.com/index.php?c=udb\u0026m=checklogin\u0026callback=jQuery172008384305105798096_1759982100114\u0026_=1759982100544","fqdn":"acc.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.548Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index.php?c=udb\u0026m=checklogin\u0026callback=jQuery172008384305105798096_1759982100114\u0026_=1759982100544 HTTP/1.1\r\nHost: acc.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nCookie: ci_session=TXIk%2FgK1FDeRMrGxY%2BRqWaE5yJG9K6H4IGcCAsiJ81CXzdUEPJ%2F22wPGavf%2F8PfpT7zTdnUxP6zcy7viN0r6OYzqoxSqefqnnXQ66Th2rEQIySQ%2F6uHyKeX1ltJK5Q7vUoYYP6AM3Tu8s6gSf7H8zzsDHODs3Oj2dnLqtC2KWredhvZoap%2BV1TFFbiSpJf0Xk2Uvds6Tcal%2B7YNHYAsqBP20C0j6yn8l8ycfboHPJ26sSzrLaLSqLiQY7hp0D0dsw5tmUKH0ZM7dmaIJ71rjRzSsDLTtmg1s1F8S7E7R7ggjmrCYN85VInJ8%2F7yLPqegcDmugGpgo6KOIuA08CYZBf3OpZ1KOWSeUV2vyRWvAHKhathEhOOSWmWXEeDx6klIzlYRwV8t04tdQF8TXIF3rIhbGEhZpfobBE59ARduU7g%3D\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: text/javascript; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.6.40\r\nX-Frame-Options: SAMEORIGIN\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.6.40","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":141,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"85305e4879f43582daa20a793824b2a3","sha1":"870f61c24c2e436affb26e62dff4c379a47a7e63","sha256":"bfb2bf9976c1add5cbe1f2f9810c997bc648eabf236f78f09806f68b27214bf0","sha512":"74d4ba9d534467474afde3a5738099a8e574702c8ccc538bc70c3b9c95de25abc38236ff942a1255e56de20c4ddfae931d0ba27dfa38d7aaaea48fc6ed601596","ssdeep":"","tlshash":"55c02b101e700a9f7c49a3788210dccc0779543ecc46312cd87b0a0483065616b10c35","first_seen":"2025-10-09T03:55:36.595406Z","last_seen":"2025-10-09T03:55:36.595406Z","times_seen":1,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/favicon.ico","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:03.559Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:03 GMT\r\nContent-Type: text/html\r\nContent-Length: 153\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"706a98254456810d3e849c3957af9d01","sha1":"e461d072a6ba8f0082d6f187eba7f053343529c6","sha256":"8351c0267c2cd7866ff04c04261f06cd75af9a7130aac848ca43fd047404e229","sha512":"6fd0837b6c7485fcd783da728d9759a49f48e8a2f4757301a921735f7f41240b890b87672725c90e8295a21d039a369b203246e8bf71596cf1e2f9b543bc0277","ssdeep":"","tlshash":"fec02b2d36137c4cc5a3317432c3b080c0e6933774fa45110440800331cf2998ac7397","first_seen":"2023-03-25T23:23:32Z","last_seen":"2026-05-06T16:11:22.584789Z","times_seen":6726,"resource_available":true,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-09T03:54:58.587Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:54:58 GMT\r\nContent-Type: text/html\r\nLast-Modified: Mon, 10 Apr 2017 02:12:04 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"58eae9f4-9456\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.7.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":37974,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (394), with CRLF, NEL line terminators","md5":"a32de31958fa1fe522a6341269f3c432","sha1":"103952943508e3cb131a1d8de9ac2c2ebca5fc6f","sha256":"200dce3dfc31ab50ca70d3a8aaba68b50429e0013360efd4f3e2b16a51ef9265","sha512":"e9c4e89905497d815829ed7e3aece2d7bd0bffb46bf7f6558dc904fa9a34a9438749831a8d4720c8f2bfd48a6e2011d646675891cc79ea59289cdc9627361afd","ssdeep":"768:SpCt1DW+QkF61d0y9KRwfRXt3lhgv886tZ:SEt1DW+QkF61d0y9IK","tlshash":"4b03e82477de97370a3352d718b8a318d26fcdb2d6820862b7fe09b72bc6a517903457","first_seen":"2025-10-09T03:55:36.596927Z","last_seen":"2025-10-09T03:55:36.596927Z","times_seen":1,"resource_available":false,"data":null}},"time_used":754,"timings":{"blocked":250,"dns":1,"connect":250,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"xh.haha33.com/theme/img/role1.png","fqdn":"xh.haha33.com","domain":"haha33.com","tld":"com"},"ip":{"addr":"47.107.183.19","port":80,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:54:59.280Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /theme/img/role1.png HTTP/1.1\r\nHost: xh.haha33.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0\r\nDate: Thu, 09 Oct 2025 03:55:00 GMT\r\nContent-Type: image/png\r\nLast-Modified: Sun, 24 Jul 2016 07:42:06 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"5794714e-2eca0\"\r\nExpires: Thu, 09 Oct 2025 04:55:00 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":191648,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 420 x 460, 8-bit/color RGBA, non-interlaced","md5":"ebe2af9068f8a0a37952c2dd91bc3229","sha1":"70d808ed5f797844d7c6de0e2fccb8c300bb0ecc","sha256":"392b6196f962f847d5a5104c8b669d2708e23ad6366a6dc2e19506ec18c6f15b","sha512":"491d505599370a02efb466c9d5f92379e28b386b10d3b4892bd6b3578aa7d0c205bdb183c84892c7cc06708400d6dd138a115ed590c67a187dc7be180df4872d","ssdeep":"3072:+BMLuj/OGnJ/YezcYFmI2UMZVxO3vtVMR2iq5NqC9IvWv5a2Ev1s+ytzEwXErbem:+2qj/tnamzmI8Xxst/qC9I+jFBKwXYb7","tlshash":"d114128b70d11fcc51853e14ce3493982afaeda0baa3bc14fe42b8d556679790f1924e","first_seen":"2025-10-09T03:55:36.598752Z","last_seen":"2025-10-09T03:55:36.598752Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2853,"timings":{"blocked":793,"dns":0,"connect":0,"send":0,"wait":273,"receive":1787,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.07073.com/plus/2015_qt_2.php?g=30963\u0026psize=3\u0026tmp=if_2015pt\u0026width=630\u0026height=90\u0026bg=\u0026color=606060\u0026hv=\u0026hlc=\u0026sort=40\u0026lh=24\u0026ln=1\u0026fsize=12\u0026mtop=0\u0026mleft=0\u0026mright=0\u0026bbc=","fqdn":"www.07073.com","domain":"07073.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.156Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /plus/2015_qt_2.php?g=30963\u0026psize=3\u0026tmp=if_2015pt\u0026width=630\u0026height=90\u0026bg=\u0026color=606060\u0026hv=\u0026hlc=\u0026sort=40\u0026lh=24\u0026ln=1\u0026fsize=12\u0026mtop=0\u0026mleft=0\u0026mright=0\u0026bbc= HTTP/1.1\r\nHost: www.07073.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://xh.haha33.com/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T15:45:53.712693Z","times_seen":14742555,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.40407.com/plus/nested.php?short_name=xhtsgs","fqdn":"www.40407.com","domain":"40407.com","tld":"com"},"ip":{"addr":"101.47.6.112","port":443,"asn":150436,"as":"Byteplus Pte. Ltd.","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://xh.haha33.com/","date":"2025-10-09T03:55:00.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.40407.com","organization":""},"issuer":{"commonName":"RapidSSL Global TLS RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Mon, 31 Mar 2025 00:00:00 GMT","end":"Tue, 31 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"18:F5:76:B2:54:86:24:E3:EE:C2:E8:45:41:FE:73:FC:0A:3D:15:AA","sha256":"89:86:C1:7A:C1:49:7C:58:89:EA:79:1E:4A:A4:F1:E3:7D:9B:F6:98:5A:61:95:66:16:AD:2E:BA:15:FA:BC:A2"}}},"request":{"raw":"GET /plus/nested.php?short_name=xhtsgs HTTP/1.1\r\nHost: www.40407.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://xh.haha33.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Thu, 09 Oct 2025 03:55:01 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-06T15:41:40.353575Z","times_seen":504433,"resource_available":true,"data":null}},"time_used":1917,"timings":{"blocked":823,"dns":0,"connect":272,"send":0,"wait":272,"receive":0,"ssl":547},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}