{"report_id":"8af23498-1add-465a-b05a-23a80b5e83fd","version":6,"status":"done","tags":[],"date":"2026-05-11T00:16:40Z","url":{"schema":"http","addr":"j53g.vip","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":0,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"title":"welcome-BET365","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"j53g.vip","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":0,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-15T00:16:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"photo.365live88.com","ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2022-08-16","domain_rank":0,"first_seen":"2025-11-02T03:06:46.95373Z","last_seen":"2026-05-10T09:04:59.551126Z","alert_count":0,"request_count":48,"received_data":2077447,"sent_data":22944,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"j53g.vip","ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":532,"request_count":133,"received_data":10440095,"sent_data":68290,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"GeeTest","description":"GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.","website":"https://www.geetest.com","common_platform_enumeration":"","icon":"GeeTest.svg","categories":["Security"]}]},{"fqdn":"img.esportsdata.cc","ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-01","domain_rank":0,"first_seen":"2023-07-06T16:47:53Z","last_seen":"2026-05-08T07:21:30.712296Z","alert_count":4,"request_count":2,"received_data":66936,"sent_data":950,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"static.geetest.com","ip":{"addr":"104.17.6.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-03-05","domain_rank":196356,"first_seen":"2015-01-16T07:12:35Z","last_seen":"2026-05-08T23:33:26.746779Z","alert_count":0,"request_count":1,"received_data":21656,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-common.1777369843125.4adb46f5.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd30be8efc49091ace6b6cba1d19f85e","sha1":"dcb13a103a96a9346297f81fa22518579b7694b7","sha256":"5aeec070f92421551adae5477625ba84ca8f44c1fc9c181efb18e241c0179776","sha512":"42df127ca6094903dba8af9a2166ce68c1386c59b2d7e48071f6c33ffe1c0e81b2a3673efd413142e6699be9719f79f6172c9f5aaea6fd8d45518f8d09aef6df","ssdeep":"1536:bvBBzbgGcdWUa2UTf6oryXHuLmbErF/G7D1dMI59HTsY5kN/voVGAClVbGD3tFkK:bvBBfRTf6yjFetHTsY5s/voVGAcgD3t","tlshash":"0ff3e8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade67f1a704a436ca8","size":160123,"data":"","first_seen":"2026-04-29T03:41:13.32854Z","last_seen":"2026-06-06T14:55:48.61145Z","times_seen":356,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/config/telegram.js?t=1778458566159","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","size":116886,"data":"","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-06-06T14:57:20.969988Z","times_seen":1207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8b733e809fcd514bdf9414ce77e3f5bb","sha1":"53f38e306721e3a00f340b966ac3f7642bebb57e","sha256":"a05c0b1be0d5a6858cd22804367a5d3a2d23e45de4cc9cfea2abd9fc65766b49","sha512":"07dc77674e4408902b7243c9036e85dc45bfa8ccdf839bd0f9aebf8f38209bb773c5c58733083e52f79fc22fb034dd03664c97f2c84d68646a138ab52bdaa6bd","ssdeep":"","tlshash":"0ec022a60b287f14110310230374f3ac5431c029bc15f202321f42018f50b0d0830a80","size":190,"data":"","first_seen":"2026-02-15T23:20:06.598758Z","last_seen":"2026-06-06T14:57:21.04499Z","times_seen":744,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/7653.1777369843125.5eafcc69.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4849391ecd3ae7038c8eca5da5af6cd4","sha1":"6316de5585ce9c3c90e92da7f445df0f1eb06f39","sha256":"7ace68dcf17129b57d79ff5a5ce030178b60d463fa0b0d1027ff5a62981ae2ef","sha512":"04bf30f23c9fc4ee7df1d106f541932dec50cf5794d313087378b16ed5430d29f75a5891abf4e84657525774f2ee231ac62d9e7640000390ee29a08bf23fbae4","ssdeep":"","tlshash":"47310e98b6a171b243af5af98f3f168bf16794c064edb094d096e2e07cb420c4937d29","size":1501,"data":"","first_seen":"2026-03-20T12:57:26.686565Z","last_seen":"2026-06-06T14:55:48.615597Z","times_seen":451,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"46c37814c8d855f8d26c8922d6a21d09","sha1":"77a8a7d835aacf3d4c325605b153d011418518a8","sha256":"bf3b91fc06aeb59c3f2832583ce2b70b2b8f4dc45df941aef8611949220ddf84","sha512":"24308fb6d5a6b83f2f8a328fde19300d8ab2a8f2d8116ef4cb160275ed664391e3d52794d94de19ab1a0feadab0168bf0a5e86e2066ccad31c2af2bc0a0ffc4d","ssdeep":"","tlshash":"9531e0282eb29531d423617a1f5bf2843235e62f3148ef043f0dc7661f24d6ba6356d5","size":1702,"data":"","first_seen":"2026-02-15T23:20:06.601892Z","last_seen":"2026-06-06T14:55:48.720308Z","times_seen":677,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.geetest.com/g5/gd.js","fqdn":"static.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"104.17.6.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d7af3f3975e0fb657b71508b79515f9","sha1":"b36988028196a947b1d67af0856a79e6cf054283","sha256":"41cadd609d64b1958d25afc39e73148bf669fd94f48e848dd47494e7de5762b7","sha512":"ed69806d7f263fec8f66cccf0de8757df3b17cad5629c242e1da0d668830870d42951b8a05cb6780ecf8034800313d02531393745209a5aa3e00ac5d936e1bed","ssdeep":"384:oGm+XLBnDztmdGnnsQn4DgIzHilQVdlsGxCnXdPVcVf:dm+7B6gUKMrxCtCd","tlshash":"5d92204e6cf5a0934a43b078c9af6114b538da53041c9d597d8ce3a4ef684389bbafdc","size":21040,"data":"","first_seen":"2026-04-05T08:11:55.721652Z","last_seen":"2026-06-06T14:55:48.716308Z","times_seen":491,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/theme.config.96698fb2.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a9a87f3e8804b6c2e87c2ef64cb06ac","sha1":"b57b77abc2f2694ee5b5404a08100b3bdbae1dbb","sha256":"1597153bb2084ffdd78db4687cd9efcd0d7d54f7f460c9b717988ff3dc4f640c","sha512":"5d9bbb05a39e07f2ccf8ac572dcc12d0ae5af13998abb2a6167619b1774272761b562cbbd40b287c404261553e88a7c872e1cfd2943678f59422161d10cee15a","ssdeep":"1536:D2JREobpmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qYtlGu1Jnz45Hl","tlshash":"23b3bb7ae20c963a6177acbfb46de111c12e9c0cab1d5fdef03d60a25710669c831de9","size":108069,"data":"","first_seen":"2026-04-29T03:41:13.38605Z","last_seen":"2026-06-06T14:55:48.679031Z","times_seen":359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/65246.1777369843125.8333614a.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f72169b9753bbfd046b32e8a9c4c9d8","sha1":"76310a9e002235a02b1842b0ff3985e2bd53ef46","sha256":"26b88e6905d829b63d80a3ce48041e1fd4fe98923072fb1d19b371d117e41045","sha512":"05d8f29fd1ac787d4f27a2d8ee901437e310e0ca663822c6270d05c1de8d33a024e312797a984083b277aa054cde3c5995340a26c25bac74fa6c11b339bcfc3a","ssdeep":"1536:j2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:q+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"de73a501f78272384fa7e290220f2026e16e191505ac5bd8f179ffb93ef0954aa7d7b4","size":73494,"data":"","first_seen":"2025-12-17T20:52:09.055572Z","last_seen":"2026-06-06T14:57:20.976288Z","times_seen":1181,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"5281f83487c386b7836c0a61310eee71","sha1":"b69aa5eb7750fa2d18540f7a8f28dab10d4b2631","sha256":"5c4f27503b020517fa4d8a831ce6ea7c9b425cbda5603e8e6ce9119aa406cea4","sha512":"4d7ca7094121bc51fd7e24de7f2b9218624f1c7c2b5949e25ad2be53f4b1babc0ac6265a9e20acd2d51fec4e844baebdd7d1aa300a7f52f3b360bf36a8979ca2","ssdeep":"","tlshash":"5c8004047d5d50540000503014740c0d5c133c57403f0314340dcc013fd5c401447441","size":36,"data":"","first_seen":"2025-03-03T20:54:16.013922Z","last_seen":"2026-06-06T14:57:21.048902Z","times_seen":2929,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"49bea4e1330b9d3f17c1c143ce23cb3e","sha1":"3a8874032b5979ba1fadfe141c0ebf28baa32fc7","sha256":"07f2a8f457d336c5a0cb2267f53a4be2676d30140da225305675f4b3957eb68c","sha512":"9cf0ea9cec23fb496db40aae14fe1df1a305d4a847e23a724645052c742a5995250f9d7f3f0584d3226aa17c6af04201f72cf7fca01bf4c788df2ab4cf488ad0","ssdeep":"","tlshash":"b580040cdc5544570000501014500cc57c170417453f435f750c04451fd34700007c40","size":36,"data":"","first_seen":"2023-03-08T15:23:49Z","last_seen":"2026-06-06T14:57:21.049776Z","times_seen":2996,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ce02dcf11f1634908b4afc4e1bcc632","sha1":"f8911bd806c6ddd3daab7f3eba10081d7af38f74","sha256":"46c7be5f428c72dac25551dbcf74f494989a3cf773ff04f9e115e15ad7dc2893","sha512":"c4f56e0a143f096a106956d55a60f07405a2418d8eec9917a027d0ede74e7119884002051c598445519ff87ad5526d035c221bbcfc65ce817539e6162f157ac3","ssdeep":"","tlshash":"1901735d483748107b2225bd537f5045f1a2516f9e87cc103c1e5b00eff48a72591bd9","size":750,"data":"","first_seen":"2025-08-16T16:35:14.594808Z","last_seen":"2026-06-06T14:57:21.050638Z","times_seen":2521,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/22872.1777369843125.dbee35b5.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e916996ddfb5f1c6e2f6cbf5a87b5565","sha1":"7b3812a3cf8758cd6ce5a442d899048e27d1790b","sha256":"a50d9c1f28c0948f0d468428aec46c5d300a84fb71ce27e6790ca8e0f40a955a","sha512":"c5fe69584b305477ce1b4bb12d6a9b4ce2c73ddeb07c133f14d7ec7782b743769b4f48824f326be1ea00c53835dda635e0011b055c6af3ad0876a0344d6be794","ssdeep":"3072:PHW7tB4Vgj5tNlxyUYwOW1YegxYffj7TEOiG1Zl+DJVkzEcx1nKs:PHW7tBwgttXxyUYwOW5ffjAG1T+DJVkV","tlshash":"76f30bd4f2c070f6475f85f2a2275065b26f4d92318c98b0e15ba6547f21b48c7abeec","size":158144,"data":"","first_seen":"2026-04-29T03:41:13.30041Z","last_seen":"2026-06-06T14:55:48.679574Z","times_seen":352,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/8544.1777369843125.875d684f.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"136fc52b262ec03558367f9d050dd488","sha1":"42d2e74acd67477c27524bb4b17399c3c8a5044c","sha256":"7c0850eefec0bebf32593d27d1d85e262ddea0700c9179c4a1396556d6ccf3c2","sha512":"c7c19dcaf0d7f95397efb2d6e96bf11b3e750a26bff4e9bf6a1ed4c53e3b16b75dd5a728e2d2b490b0431acc27ff1849088c26999912f191b672a683ee2b8333","ssdeep":"6144:y/rOTURxxB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:qiJjytgPJPT3p2YpHrrL","tlshash":"bb442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f295ed90be7555c927fbfc","size":261999,"data":"","first_seen":"2026-04-29T03:41:13.358323Z","last_seen":"2026-06-06T14:55:48.672826Z","times_seen":356,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/home.1777369843125.1e63fe95.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac7180fee301b4b62de750803a778412","sha1":"b70eb6223cbd147c8dc23df4d073e9dc641927d5","sha256":"25b167f413e31989cc5856e80f67902b0e84efed7087cea17ec1b5b0dcda5b68","sha512":"4fe2d812d406c786a2204a4f4b370217f4cccb1bf61cbea821e648667325ad32057d1aa30504952de28142b1f4fa0c523f55298834cb567631cc2b7cd37355b6","ssdeep":"3072:f+YNGVSIMctwiYJBuopQuFdBlGLuJuhxffj7TEOiGRlp:f+YNGVSIMctwi+PjFwzffjAGHp","tlshash":"b5140880b5f0e275576fd2b7d7371024b2271686d0ccac60e1f66b187e28796b236db8","size":193619,"data":"","first_seen":"2026-04-29T03:41:13.306134Z","last_seen":"2026-06-06T14:55:48.652706Z","times_seen":349,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/config/initGeetest4.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","size":14975,"data":"","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-06-06T14:57:20.981124Z","times_seen":756,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/45540.1777369843125.8e1e0acf.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a0e497c34e367322be5d24c3b27d661c","sha1":"05738c9aad3a5d894b6d49780014a52200ef950d","sha256":"073a44ee1f965bd3739f07604455eb8940250c073f060303550cdd02ba87109b","sha512":"ea91edbfdf72b73e3fddb4a652393cfd4c1be31242b51f7caa28ee35cf3f66eb42bafff62ffacc3a2b89cdee253e84e2d8ec5e5c5bbc9832053bd5c00df77b3e","ssdeep":"6144:JYD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:JYD4wFsYiSAKNH3TY5","tlshash":"6024e894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","size":229366,"data":"","first_seen":"2026-04-29T03:41:13.329661Z","last_seen":"2026-06-06T14:55:48.709117Z","times_seen":359,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d7029dce5d85a5da627234c9d9dec9a","sha1":"24fb150f1cc1df574ff3e2cafbaa0da15372f707","sha256":"b0ff82425661555aef2b423d91265672271ef5854e3e7b815e12f9b363fd34d9","sha512":"db505fbc49659020a42eb8e2064c9aa0aaebb166f309faf0245432a9a5ceb1d921a6cd040d445c99d38108057d3c9aa84556a5b47433b7401ae410239a28202f","ssdeep":"","tlshash":"f741027d826345a51973346a1f9e734836f340b31149e9113e5c8a802fa9a5f83b7bfa","size":2333,"data":"","first_seen":"2026-04-05T08:11:55.739213Z","last_seen":"2026-06-06T14:57:21.051501Z","times_seen":539,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-init-1656f0b4.1777369843125.32336986.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a1aee3b4fdd378acbf851a367f523d6d","sha1":"9b808ee6cd84b9e3969901470ae1c2d1df800ea0","sha256":"a20ad3a83af7751da30c420d96705aa78f39ddbf610789296ce2b47ec3788179","sha512":"71c83f283537df70e91f49c73fe8554e59830f75caf60f372888692946e7c08ca9f13519f082c45ff310ba269151a9a2955fdf6fbc37b68ca4f1e348303725bf","ssdeep":"1536:2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCifM+:2twqhOIK2nCLdyACifMur06/D","tlshash":"30d3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","size":136038,"data":"","first_seen":"2026-04-29T03:41:13.388607Z","last_seen":"2026-06-06T14:55:48.701511Z","times_seen":361,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-init-c0d76f48.1777369843125.2d292e02.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb71ab6debf3abe346c8c4d941813d15","sha1":"88116abc111aad2e9e1b1d0974de9d97cd891e0f","sha256":"3dca15bdb644d02cedbfe3adaeed7ff4c47508d664ad1ce6b361dcef7a5423b5","sha512":"eb604132673651b6a0646263fed02220557b65080b323b03513053af5662af520808cd469c00f7ad99ed16fcf9a2ab5374b89477cf8f8a9f8ed89f6a313afd7f","ssdeep":"1536:xTG5pxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3O:Mvz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"6ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","size":161198,"data":"","first_seen":"2026-04-29T03:41:13.437512Z","last_seen":"2026-06-06T14:55:48.659172Z","times_seen":358,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d053d2da6a5968d7b648d3f7360092a","sha1":"32ae5713edeb00288a3f8f3c02462a5d0ca9dbb3","sha256":"8896d194e4c39e87f52924073dd2d56b4aaab46fc9f7c56a57534545eef1d7f3","sha512":"01f9b63cd24ab6e0e097637341b78cda657192f98e37a39f0f75548f8fe0180418a86594df76858aee7d514282ac4dfb8263e1729ff325035897b841d09206a3","ssdeep":"","tlshash":"82f0a00e0ee548131963707a4c0f9201203b2513414eea08bffe9bb24f92a688a679cc","size":550,"data":"","first_seen":"2025-03-03T20:54:16.018132Z","last_seen":"2026-06-06T14:57:21.052203Z","times_seen":2993,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-svg.1777369843125.1e4dfc16.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"17dc7d24243be411dfc65e6d3bfc3fed","sha1":"040dff237c788f6720e1e7ad8903f103cb86db73","sha256":"4296d5094a19dae430c40d8315056ffcd226eafe5012f293d988d2b631c682e1","sha512":"742a36b45941527965abaaa6e1443e4668e5af5085a1166b561059df61a9f42f0096cbc9f80dd9cd845cefd166d5d84a4e6282eb16100e078d28e6c0305a6a26","ssdeep":"3072:h8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:h8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"bfa4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","size":464072,"data":"","first_seen":"2026-04-29T03:41:13.396807Z","last_seen":"2026-06-06T14:55:48.631525Z","times_seen":361,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/index-a3dad144.1777369843125.66a58dcd.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa47bc946b9df160fc4c9d0ccd247727","sha1":"2b81fb3062bb6d32ce5cb43811300ec95a0f3cc1","sha256":"907a77df793605acb0f292d7b450584a9f7cc65e76b8ed19c7ed0b72e3a9f4cf","sha512":"73daf5dd0d9b5f8325bc9fd63618ff31bc76dbcd70b12961aa5d9cdac2b0b570fb832a3815c4cdeb269ed90bd5613e681da42d6b0e668303a7660c6017ee0f83","ssdeep":"6144:DybhFOufhkHLHEY/TtesplVyrYlRlNsmq9DG:+zBuHLHEY/TtesplVyesp96","tlshash":"05742c90f76ce1bd874e55fe7a3290a4902c1b41b0c89e59d29d2944fe6b385feb04bc","size":355104,"data":"","first_seen":"2026-04-29T03:41:13.301567Z","last_seen":"2026-06-06T14:55:48.618943Z","times_seen":344,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/31098.1777369843125.4108b3dd.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"31b93b7d8dfa0ca7f3f8477f00d0366b","sha1":"734c41538b3d1db2c12b2472b43ed1e86c79251d","sha256":"30c9d4b0f76502c14b849d636bb84d74c4e5caae97b1d650febe724d0f5cf2da","sha512":"dc141065235c7f28f7e4caed203c4d4cbf749bf1c651567bad15cd8225fd297099b4330a2b3d5d810e3a07af90a7e013ed13bd03a45d5018b9d8be708da4b872","ssdeep":"1536:d+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:AKK5sY4brG7O3SnLJNpL","tlshash":"d174b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec56c446aaf8865e92857245c4da","size":352738,"data":"","first_seen":"2026-04-29T03:41:13.322286Z","last_seen":"2026-06-06T14:55:48.640871Z","times_seen":306,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/13575.1777369843125.cda1d494.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"eda98cc14e8c025a359a009951750a20","sha1":"b54dc08d49209bb6953641b57cead1ec1e92d823","sha256":"636dbf0f9dbb30ed3d15582a38bbc4c1857fd1affbe8be077182666b906e7f3e","sha512":"fc6837e6c1ebb1b97998b81be6fab0614b1d30dd0494527bb2fdcaa139d3d26a16798468a172b13ad982cb3ac0651e22ed1d8af5ff62fc501babf9c04c104659","ssdeep":"1536:X17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:hjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"4a141a84764170b8c396a165322f601ae22f789650dd9c24f3789aa47f7470df26fabc","size":194938,"data":"","first_seen":"2026-04-29T03:41:13.356911Z","last_seen":"2026-06-06T14:55:48.629254Z","times_seen":357,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/configPage.js?v=4/28/2026,%2017:55:48","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","size":949,"data":"","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-06-06T14:57:21.016221Z","times_seen":1700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"25ba01da3f0b1b471747da4637862cd0","sha1":"0c5b0ce449b041467ab3bf825d2cb6c5dc9c8250","sha256":"5f9229d7d1276d1475836391ce453b7432244854be7368ae4c4c590f22789af0","sha512":"58d82418709bd36179a89dd6af167368c35512e8abc68ead43e9be0e5c5fd5027d83289b2ee30e6a211239b4d67790af51039cba61a54b4184e556741437c4a4","ssdeep":"192:K2wqx5Cvtib5XOQRzlaECoXZTAoV51nsPhwzvBa/id3+36a/E/97g6I52MdobsIc:K2VwiYwJvSoVXsp+pa/iZcVk97g6nMu6","tlshash":"8e323b69a5b71bba25673036277f301889b080630319fd947c0ff61e4fa5436629bbe3","size":11906,"data":"","first_seen":"2025-11-05T12:10:48.37972Z","last_seen":"2026-06-06T14:57:21.052845Z","times_seen":1803,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/21954.1777369843125.57c97863.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e41dd7729067b884faab37fcd9af417","sha1":"11acbef297a8f924deae47393678fb42c36ece7e","sha256":"9535e9e039663a829c5e5ffb31879f836c96c5e1f58306318b45a64f4a6687ea","sha512":"228b5a935e11e121070f4a6710af8ed39e21fe53a228c99bb4befc116c54f37693f2c9e5b08d202dd5b8375b84c4fbf63918cf013f6af5d4f71464f93524d3c3","ssdeep":"768:QPhaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:/81R6Ipyk6o","tlshash":"a7132088fac2b06dd3eb7330857f505ae66a1dc0668c5438e260d6917e7198dc1fb5f8","size":41968,"data":"","first_seen":"2026-03-18T07:07:19.558046Z","last_seen":"2026-06-06T14:55:48.712253Z","times_seen":369,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/83749.1777369843125.7bad5eaf.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d036e00b216c6886ee096346a4aa7d9c","sha1":"8b6cdea36134802a22d5ab4009f69036ef63dd40","sha256":"444030e40d34fa938300dd2cc7b218f3fe47f6a865afd399ea5c1cd5dddae433","sha512":"bab25e53e886cf51cb47125cbb1582da65677fbafa057cc9f770b7a7889ea3bc8a59f60574c16404fba3d974b876f655642a1708a9beedb20b9b47d1b5ba68b0","ssdeep":"1536:lcK/KnqHB3vmeLUw/A6+GplTwsCNgOX8JwTl0sI5pQiVFFsdt+HmQ:rB3vzowo6XTIgOXawTl0sgQi2tkr","tlshash":"6a93e7c4b5f4f5f9279ec5a297364478b02127c5a0c8ace0d2e96e147f1ab92b0758fc","size":91167,"data":"","first_seen":"2026-04-29T03:41:13.335994Z","last_seen":"2026-06-06T14:55:48.684213Z","times_seen":328,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/35142.1777369843125.e8dc7ade.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a5d97dbf77d44812ad4ab30e375fb143","sha1":"6bcf1ac84a9018203641f99e45abae922aef3e4c","sha256":"ca2b371b1bcef9e7641c24d421d68c7a3cef405f36a13597d724987a369a2727","sha512":"56bd2311e73f8ed688d893ac0c7d29d02bcda91e939a50f8cfc9bbe4435125c878b58ef47519618ca42aad8393b248455b87940c32121235c5850777aeac7b6d","ssdeep":"6144:xfhhkpltRm4iyveBHlBfb0wv1e7Ancbt83i2UfIL5LoSltLFe/fwwutUcAct37/k:xfhhkplTm4iyv0HlBfb0wv1aAncbt83s","tlshash":"26743c84b690b17483af86fb72169194d25e0e9460ccace4f27e6e40bf11746f87b5ec","size":341259,"data":"","first_seen":"2026-04-29T03:41:13.452388Z","last_seen":"2026-06-06T14:55:48.644108Z","times_seen":326,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T15:07:58.741264Z","times_seen":686639,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba4d957ec99a023d40fedffe8f2c9132","sha1":"32e9e162bad0ea93fde3f137877e95bbbb574327","sha256":"24e8b158f0130e4778f80107b4c038c9edda27db68dd815e66221cc1fb5837b0","sha512":"d0e45e79632f3ec13d043d91c87ef458d1ded7256a3aebe641b09e205ccd00b863424342238a41b73fd7173eaf8a260640fb3110c8a48422ef03050b691d5e2c","ssdeep":"","tlshash":"0311c05a59d18132665b303735bd43887724a013d184df413dcc99557f98da5cabf6c4","size":934,"data":"","first_seen":"2025-09-26T05:04:14.419402Z","last_seen":"2026-06-06T14:57:21.054195Z","times_seen":1948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T15:05:53.4464Z","times_seen":228110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/home","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T15:26:02.361466Z","times_seen":85313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"fb3170d95d9bedc14ab7f2040cccc6e2","sha1":"b5027b4597c1490ac9b325be08866c8f2284fba0","sha256":"7fe46f622e887eca8771ddb874d862f9c46b35f870c89f3e2b9a740f30ae2421","sha512":"8e44010e90b6aaf5af9399924bb35831dd12ce072c6a7df85644bb12854dc630272c99fe2d4c18f8268caf0b29ae0541fdf8d70ac5d5d1e164f9f08140a320a9","ssdeep":"","tlshash":"33a002c33f08c84151011c96c472b19da854d684f559a87461e450019226b980855911","size":59,"data":"","first_seen":"2026-05-11T00:16:59.29418Z","last_seen":"2026-05-11T00:16:59.29418Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/71400d2158c64e078baa0f64d1795a2c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/71400d2158c64e078baa0f64d1795a2c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 20396\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6050\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"71400d2158c64e078baa0f64d1795a2c\"; filename*=utf-8''71400d2158c64e078baa0f64d1795a2c\r\ncontent-md5: Zw4oQbARPpjegGJw9/v4pw==\r\ncontent-transfer-encoding: binary\r\netag: \"FjDeODM-FhVOZN2hIO22v1EcuYU6\"\r\nlast-modified: Mon, 04 May 2026 21:14:50 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 75fdFqOCg\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ejYAAADyBr4mVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20396,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"670e2841b0113e98de806270f7fbf8a7","sha1":"30de38333e16154e64dda120edb6bf511cb9853a","sha256":"5b6774fba6c0a910bde035568ccd48d63c75d101f89ead9a1c4a1d61b0950185","sha512":"6c081c1e13fb36bb2ebdec38ac87dba5e457d0a33805a087cd3a8a8028480d1fe9bc48f12465cf24ae1aa47a8c907d9c5ff738258f21a88c714bf7c06d51753a","ssdeep":"384:sHraeUOyuQaPvV+PwoF8ROR1+rVQafB62zq0rSMvIqXJmYyWZOtJn:sLy8dPoF8sf+BpBvGbqXJStJn","tlshash":"9392e167c8a5193f809fa9aa17f32440c79c7265583bb0d8ad7462ed2c06204cd9f5cb","first_seen":"2025-04-27T23:39:20.37512Z","last_seen":"2026-06-01T23:48:52.289142Z","times_seen":11,"resource_available":false,"data":null}},"time_used":2722,"timings":{"blocked":1468,"dns":0,"connect":0,"send":0,"wait":1076,"receive":178,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d71d3a550dd341868a55472334356bb0?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d71d3a550dd341868a55472334356bb0?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 16119\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 4544\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d71d3a550dd341868a55472334356bb0\"; filename*=utf-8''d71d3a550dd341868a55472334356bb0\r\ncontent-md5: psbwuj131XBRcS/R3XccOg==\r\ncontent-transfer-encoding: binary\r\netag: \"FqMxZiuaJ8qcwGghvOCcMVi08uMn\"\r\nlast-modified: Mon, 04 May 2026 21:14:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: UUFu07Eyd\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: xSEAAAAM412FVq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":16119,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"a6c6f0ba3d77d57051712fd1dd771c3a","sha1":"a331662b9a27ca9cc06821bce09c3158b4f2e327","sha256":"9c193b26bdc95546a46437d111432083800312a7352eacd7df7af6ba5d4738e7","sha512":"202814b2c4d892c453f0226c603016b41dfca6c03c705f2fe96520953085fbf34d4c8c471f3daedc6669e95b39274753306f42414084d6a441de370b378de1a7","ssdeep":"384:bkXfb66P9YpiLNq5JdfOALNaBly3mRNZpD8hWK/E7kF:cfbrlSixqdWM3mTZpD8hWK/b","tlshash":"d172c02eb3c64dd09866b755f1df7ca4e2ea84fee877837c045e0522090e415ea9354e","first_seen":"2025-08-23T16:32:36.739792Z","last_seen":"2026-05-11T00:18:41.303651Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2855,"timings":{"blocked":1451,"dns":0,"connect":0,"send":0,"wait":1077,"receive":327,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/86815b98c75f4e92b9ea30463fa34ab1?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/86815b98c75f4e92b9ea30463fa34ab1?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 59144\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 18959\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"86815b98c75f4e92b9ea30463fa34ab1\"; filename*=utf-8''86815b98c75f4e92b9ea30463fa34ab1\r\ncontent-md5: JX11jFz0NFPs+wqR0YAtOg==\r\ncontent-transfer-encoding: binary\r\netag: \"Ft6R4U_JGSUPGPyycw-4lOxAPWm1\"\r\nlast-modified: Tue, 05 May 2026 21:02:44 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: yKHS3JBhV\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: EwUAAABplS9pSa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59144,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 368, 8-bit/color RGBA, non-interlaced","md5":"257d758c5cf43453ecfb0a91d1802d3a","sha1":"de91e14fc919250f18fcb2730fb894ec403d69b5","sha256":"c60f9d9513d6d579348be9f3733ab92012f2bab1c4017c76f1e4af8ceaa91f7a","sha512":"04d4b411e739aff3442acf11056c2e48afbd914af97150f5f37d6ed55ae80fa51296b067387b0911e4a2b900cce33aa31b94f2c17f8bcc29e6b5e59a8da6e327","ssdeep":"1536:yzZBupZGeUt1MQ1eM3uOQTavZO4x26n0XNkIb:y9ApS173MuvZO4Ig0XK6","tlshash":"eb430284145d62d47abaff6a6a04a4264f21ef2a5d5b1137c438e06cfd0977312ba3fc","first_seen":"2025-02-24T02:30:01.441461Z","last_seen":"2026-05-24T05:41:01.35628Z","times_seen":305,"resource_available":false,"data":null}},"time_used":3408,"timings":{"blocked":1415,"dns":0,"connect":0,"send":0,"wait":1264,"receive":729,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: BqgrpXJ+gpIEEFBOv70jUBh4s+cYuE1debVp+KZJYsHdxeZHxyHkvViDt2TXqUo5Y17ZH6qSmcLyZAkxuTKnsSI6vnBwwai7FRWYD0YxwoyxVU1Gfi99+Hh15DlyAbW47+LbMiSagHsxsTybc0vxzd9qfIq+RsVigOne1zPoksw=\r\ntimestamp: 1778458573102\r\nsign: 95m6qt2p471m5t4p\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:21:13 GMT\r\ncache-control: public, max-age=300, s-maxage=300, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439d7d5c4\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34099,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"d0e73c97cc95b1ed78f51e9a803c28ce","sha1":"083c95a13feb0813e3c1b879d67c99afb0db3298","sha256":"a2334364d0b19b0ba98299d09268adc419e9f2105d3fa6bcc42bda2dba8cd9d6","sha512":"0c55fd9c7dd1cbdbd9343377788cd1d5cddf5b15ed05d491ac56c65fd236402b61e5e1ec62927dd444d40503034ca7ae2136c55accd503c3efeada0c9f4f9a65","ssdeep":"1536:OdQmhrMg9xRvpT8O1yCGfJCwwo+mV6+yP4loyd+EM:AQmhrMWRNY5fIwKI6+yAlXY","tlshash":"5a33d0140341f3f4d3efa4fe1d1616c01626da92e6a6fe61c576c76039eb01ea39f492","first_seen":"2026-05-11T00:16:59.17392Z","last_seen":"2026-05-11T00:18:41.066643Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1647,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1647,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10174\r\netag: \"7ac42d17bfd5a06e8fc6a329b7018939\"\r\nlast-modified: Tue, 02 Dec 2025 15:07:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g3IbFxOQfI8ZZUuk%2BPL%2B7esxrQk%2B7XbwV%2BUaphuDI2Uc2z4pM%2BKXPlgYYAJ3xD%2B6Mbvt3WduIr0Pa%2FUioCe%2BIBHfcQEnfa%2BxVFs6BNPXnZCkVCo8TVB2QNydd2M%2FTvHN9LlqbyzbLerpveZT2O5itLw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054e8f7f06ff-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ecf\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10174,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7ac42d17bfd5a06e8fc6a329b7018939","sha1":"37f26ed9d40765d2f0a2436038a6c772d654e316","sha256":"23d5a3a14c318b6982e98a0e9f7ae7eb6f3658fe842beef7f26850121f84279c","sha512":"8c49c05d03fb49bc2980047e98e2d1759192aedc89ff040050b1c8e007b16007f71bff0f17eaa3584bef6c0b0db5a52b68009463bd3dd2aa43cacd757ad7367b","ssdeep":"192:O5IkarrboesyPUh4c/gp+sIR6RxWiH21vZgiClgKV16Lq1eM9h0K+B5pZrgVWPWb:5k8rboesiUec4p+sIAYkgK7eQ09B5pZz","tlshash":"3c22bfd259d648a4e1d3d63229678a89d3bf3d0f0309b6d4acec74cf9846dbdd4d0a41","first_seen":"2026-04-24T23:10:16.755505Z","last_seen":"2026-06-06T14:55:48.64223Z","times_seen":252,"resource_available":false,"data":null}},"time_used":4261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2453,"wait":1205,"receive":603,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/css/chunk-common.1777369843125.32ab7c45.css","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /css/chunk-common.1777369843125.32ab7c45.css HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-33e9\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ebdd589\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13289,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13289), with no line terminators","md5":"c564fca03e3163e6f230cfce16abd0b7","sha1":"f711dd11fd523e3299c13d9ed37d504671ed824d","sha256":"802bcd434c500feaf5a28cbd6adac354ef122e595965c6f9c440ecfd987d1cb6","sha512":"12d14dbdf4f1c1c446aceb866146eff40a66c77f74b8f331d3e9c4fc7c3f01c849b051a31020b2e2b5134fc2c1dd5c807f9cc398eec91edbdd5c7b1d95691984","ssdeep":"192:4dQK/X4cBY4mZGX1lsUTLA7gYEbz/i//LN4hHSQZA2VxM2XwKjv0:M8oTGEbz/i//LihHBrxP0","tlshash":"c452b731d634b53ce57be226f9d09adc6024d417e2730baeea653b3ac5ca4d215332c8","first_seen":"2026-04-29T03:41:13.417048Z","last_seen":"2026-06-06T14:55:48.666677Z","times_seen":364,"resource_available":false,"data":null}},"time_used":444,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/config/telegram.js?t=1778458566159","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /config/telegram.js?t=1778458566159 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-1c896\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d597\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116886,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (483)","md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-06-06T14:57:20.969988Z","times_seen":1207,"resource_available":true,"data":null}},"time_used":1728,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1728,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: pWiPhHVTR3W1/qLJSWynkSO1AA1+wEQLoAuy3+AIDLkkemqpF1Sb6O4VNBagXZ1OBqBoKypsT+JKMN4GdJSUagxvA1DHemtgJ4/8M1/eA3eGip1TGPdkTgPgjz3n5k8KxJYOi4I2tw/XwymqwIFSdOYZssqrJMdd/Q7OY2BHH00=\r\ntimestamp: 1778458573102\r\nsign: l246782f677m2952\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:26:13 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439e1d5c7\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3828,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"0ed1044530106c56f019953b3b149a6c","sha1":"a33e57cd310b28e3513fa5f4d3e00d2b2e5f33d3","sha256":"aa1591a402f3bae37882d811535d4575b264c49bdf2e1b6e3bf0b4a4f6c500d9","sha512":"6f536773c403f6cac16d7b75e4a880b467e2691e5c3ddc788bc2ae075f96323bc9fb7d49540e9694eed58ffa7d5c33d8ed1f1ab20d609abd0aafffe20e5b41e8","ssdeep":"96:eOG3iMFIoDz+WuQEdcSssJ1OIlOC2qqk8yxtxnhfchDsjdn2+CXVXdxs3uJ8jc:VL0DJum5sJjOCnq8xtx+5UN1qd+3ij","tlshash":"dcc16d09f7a4b7a09b4743fa74d710a8921f1ebab64b6d7ac7b0c36b045761a125e304","first_seen":"2026-05-11T00:16:59.176714Z","last_seen":"2026-05-11T00:18:41.298719Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1637,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 43614\r\netag: \"f0558545ac271256cf9e2e089c4b5d7b\"\r\nlast-modified: Sun, 09 Nov 2025 14:30:08 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Gn4MBaMn7JmeT3unpbmu%2Bc7Bt5aDYWHqIX%2BDXhgPgbDIMpPoYLejVcb7vjzB0t8uYfGm3RD7wP0kUOw3eoC7zZMWBjNnMbPNBzBAVimleXpgyELf1qwtdAIUWd8tm8wjP9JleXWE4z2WsjZjts6VWLU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054e99970f18-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13eda\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43614,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f0558545ac271256cf9e2e089c4b5d7b","sha1":"9594bc20fca63f0cfc8d31eeda8158bab7c54139","sha256":"cdd8fa33c321da25e96a0fff96453673d60d6c59c309aa7a2048e32b78f29e75","sha512":"e9a34139f7f091d9269ef1b87c11fa7900523ac4d286fddb7843e64afb1ea084064441c836ca8460185a800378cfe5153141613f0807d84e0687a1ef41f027b6","ssdeep":"768:c8urDr4gpwG3TMvUToCKvqwP9bDPCqO45+V0D63GQu54vlb:c8urDr4VGj9KPPh3+y2Dvvlb","tlshash":"b41302a684b210b1cc6db573dda010661bb07cb8ad6d5d1e0690e60fadbcdf12ca3e90","first_seen":"2026-04-24T23:10:16.765262Z","last_seen":"2026-06-06T14:55:48.67445Z","times_seen":257,"resource_available":false,"data":null}},"time_used":4540,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2432,"wait":1206,"receive":902,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 35520\r\netag: \"cd3987864cb3f095323f43e0248e2180\"\r\nlast-modified: Wed, 10 Dec 2025 10:48:07 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MSOO9%2FvbmKNIjVCJbeXxEKgJW6WH5gLkf2400rjWgBc5FR3uwFIk95pfhgulTQRu%2Bu6NTR6HkydWzTPKM%2Brazqej4im8DhFnUfgZsTUJC34tSrCU0604AZ0Txs4QfUMMfgEDU1aymzlqm3dhnUhn15k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 50271\r\ncf-cache-status: HIT\r\ncf-ray: 9f9cfe70e92d0799-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146441ffd5cd\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35520,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cd3987864cb3f095323f43e0248e2180","sha1":"57b2593c8fb12efd02723c4297cc32c426e77017","sha256":"f86c999282c8cc66a7a94042d0d117be0e025906c4bd5647298e312a2c309ca9","sha512":"ba70094c63b1d4360f2ade43b4a26c9b412fe366e805223c019a6b1418e656067f54a94daf0eed2e9fac0fce3623ef9c0dac9cf092d6503388d9400146a25f25","ssdeep":"768:S4wSvosDYmjc1AHEBOLMSkdFqvZa6Hfj/9q3uTOdbXjzZBniHc9QjK:SytDYAkByMZPqvg6Hfj/9FTSXjfiH0Qe","tlshash":"bcf2f20a3c565b1f01ff3414b7028a68004b264c603face2cd99b8ce5dbf94d859e556","first_seen":"2026-04-24T23:10:16.816486Z","last_seen":"2026-06-06T14:55:48.632055Z","times_seen":264,"resource_available":false,"data":null}},"time_used":1442,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1408,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 15914\r\netag: \"d455ee7db25284552aeaae58bb713429\"\r\nlast-modified: Tue, 02 Dec 2025 14:11:43 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=478QUOlRinoto%2FuiiR%2BbQDBT%2BBgvpOkowySOd3EDEdtRGzP4QhdeSvLswSl5HiZcm6Vw8lde3tsHTsjU6659A7YaqZ4lDuA1FvSWOsc5zitbsqUDsstZLShwbI9XObi1iKJbBxRzACbB4olup5TQPBc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054e09fa0986-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13edc\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15914,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d455ee7db25284552aeaae58bb713429","sha1":"22ea59f69e3ce33cb693d6ab7cde1f4f64bbe6b6","sha256":"20c558fe862164c2d2636a0b3aa259515f5175835dd461e5c16689338ba39413","sha512":"bc5147cbcf7ebb167eb2a75a56c140a33d81616f014f44c4976eff4525f665957e33e6d46f946d873016140af260808658915299a2004c2964be1543126a00b2","ssdeep":"384:POdbE1lYVo0UOKUjQgxN5voCgMMZUN3GcHHZUX3650gyyY44oDMWQ:P4+6+0URmQ+OMMZUNnnZUX6jyJPoD","tlshash":"8b62b051fa2b34398ea119feefcd1d195804ce608a3e6d6a6f3cd20d96b450ec46ed05","first_seen":"2026-04-24T23:10:16.815124Z","last_seen":"2026-06-06T14:55:48.613375Z","times_seen":256,"resource_available":false,"data":null}},"time_used":4562,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2452,"wait":1207,"receive":903,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 103194\r\netag: \"f704aac32ea52a31d6fc3ed2cf265934\"\r\nlast-modified: Sat, 06 Dec 2025 06:26:28 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r5wTuHX9pTRQMyvISsl7HmTg4ZXXib8N6Oa%2Fb%2FO5bDgv107Zb2YBqEoLDEYnyBVQaa7qr5uCQJiNpWt3Ny7fA8beUd7DFtWGkuRI809cdfiKEOqyaiKLz%2F3Aastco%2FFAv5wQC1yNvqK4h5N8V6pJx6E%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054deb051ec0-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ecc\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":103194,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f704aac32ea52a31d6fc3ed2cf265934","sha1":"45282832d890a7ff431a3e080bf45820996e1377","sha256":"0177775ecd75f420bfdca35ff7886a7e7c2be56137652084986057b7e1566a09","sha512":"6f0b988c4ffe01ea848e549c9856a39d00f127a59b0bee21b29601f055eb98ef5fd349d6b7290257bb3845ecc7ea55a6d103173ba7e689c1d4303fe1c0e8ff9e","ssdeep":"3072:CgsNR4fWsUvdSDU+qlX2KtmzD/CbIGM1:Cg8R4fWSVKYibIG","tlshash":"1ea312850993c5f1bb7598259f7acb20a51a7d70f392ef21cfa94f3ec0b50799a14242","first_seen":"2026-04-24T23:10:16.761671Z","last_seen":"2026-06-06T14:55:48.619914Z","times_seen":243,"resource_available":false,"data":null}},"time_used":4559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2443,"wait":1204,"receive":912,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a0a3891f29e241ee988ed15b621a5e8d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a0a3891f29e241ee988ed15b621a5e8d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 6250\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 82849\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"a0a3891f29e241ee988ed15b621a5e8d\"; filename*=utf-8''a0a3891f29e241ee988ed15b621a5e8d\r\ncontent-md5: je0druTGPbCsoYr8Buf3ZQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FkBcp8492Q8gEqEKocUwlxyDDNbz\"\r\nlast-modified: Mon, 04 May 2026 21:15:10 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: ipvTyZIgE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: YosAAAAIUG5ND64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":6250,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"8ded1daee4c63db0aca18afc06e7f765","sha1":"405ca7ce3dd90f2012a10aa1c530971c830cd6f3","sha256":"9ec122f117755d0627d939fdb76174411438448c5917add1fba3dce475d90d44","sha512":"eab0aa47ef389172570393a11837a8103af8938d883f8800283981fa318ed10828e5345f07c29c9d1be5d2137ba0676205251568d2ade8cd15bb60f166b72e83","ssdeep":"192:YqmCEtMQJ7I30XFzFMYDgG9hrODroR6kL6dbQZC:YltPlXFzJDRODrosflz","tlshash":"27d19e3a73274d4cf13b9e2648dfa6b3c0af60d412b491081226b2f6727d53603b7a6d","first_seen":"2023-09-23T06:35:08Z","last_seen":"2026-05-24T17:56:38.676256Z","times_seen":201,"resource_available":false,"data":null}},"time_used":3083,"timings":{"blocked":1424,"dns":0,"connect":0,"send":0,"wait":1269,"receive":390,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/assets/logo/favicon.ico","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:10 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 585615\r\nlast-modified: Fri, 27 Mar 2026 09:31:20 GMT\r\netag: \"69c64e68-8ef8f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458570=hwFUt6D6i2fL1UURe4sGEBvrMw/YVGR6bxvoCSzBA8SQDSvMxpWv5016KqAn0A4wS3EhcT4K1+zUBND5XfHOyCSjzJW4ww95TEGkGeLeNmxdSw0Z0fNBJ/Wq/gDvWZ26iWz8M/c0wWw3c8Vexq2v3yv4idIn0zcpE/kr27OApH2LLBPXP/uuhKvtHPSE+XNH\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642e94d59e\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-06-06T14:55:48.648798Z","times_seen":415,"resource_available":false,"data":null}},"time_used":4237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":495,"receive":3742,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/52b739d24e904f69b32b006428dc9d40?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/52b739d24e904f69b32b006428dc9d40?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 220888\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 4544\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"52b739d24e904f69b32b006428dc9d40\"; filename*=utf-8''52b739d24e904f69b32b006428dc9d40\r\ncontent-md5: iQoXrRQp9v85mX9P4h3k/A==\r\ncontent-transfer-encoding: binary\r\netag: \"Fhj68WRHEpsXIjfIxEwBLd-0kugq\"\r\nlast-modified: Mon, 04 May 2026 21:14:54 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: lJP7O92N4\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Z3YAAADYpF2FVq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":220888,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1154 x 1730, 8-bit/color RGBA, non-interlaced","md5":"890a17ad1429f6ff39997f4fe21de4fc","sha1":"18faf16447129b172237c8c44c012ddfb492e82a","sha256":"120eb5a915b4374d5dd32eb988be63c2b259bd96b71601a5582933f7e09c2dc0","sha512":"a06cc7a940ae9af9a486dd5cd2b9a916284b865306324538237d7f3503183e8ac78cb4f737b99b394609d90677b22250abd4c0a6678635fd525f80f0f98537fb","ssdeep":"3072:84QRBt63WV33N9RJr/fz4VMvkgCdDKmVBj6WrcrjroAwY86BPA4ojmLc/KQ9WTuW:RQD08NLd/fzkF/2JPwY86O4V4K7KYx","tlshash":"f52401c41ca21cb6e9f27e358d474e4433e5089fe657188ac27f025671e163a2736ebb","first_seen":"2024-08-19T15:05:16.196088Z","last_seen":"2026-05-11T00:18:41.247553Z","times_seen":11,"resource_available":false,"data":null}},"time_used":3264,"timings":{"blocked":1452,"dns":0,"connect":0,"send":0,"wait":1077,"receive":735,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 69604\r\netag: \"bf4ab4dd29a7e850bb98cc23f8aa469b\"\r\nlast-modified: Sat, 06 Dec 2025 06:31:49 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UAj0%2FDUSCTEIaGw6xD2LaOECWQ7XWaeboMyVHPwvewP9H0scBqcCu6RvMW6ZUvjfXeD35HJ5U8VfjS9DssA%2F46oiI5nulAipvZHCVDrv2450Ku4RYPiRzkTTXVl4GRj0BbvYbBSHkMrSAvNm7vOoHB4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c930697d0f00-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644286d5d4\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69604,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bf4ab4dd29a7e850bb98cc23f8aa469b","sha1":"bf8a5db8a24980c822ff470dfd5c400c3a7c9318","sha256":"2755467e92e31efad621b2e575f92ee22de6de608fa8f2fddb67db94b677b946","sha512":"21ee32c3081cdce13a032da5e97d59e0a8abd54778a0be5efadea03e95f5a9876414faeb43046ddeeeb580bc384b67ef786ac80243a9b7d10b4695ed25a5fb03","ssdeep":"1536:kzZ24Ia5yjsOfOLgsOtyLr/i7deYSzcwqzpf1btvhp61:kzZDIa5yjDMkyLr/z/cwqzpdxpp61","tlshash":"f76302aa4a11d1c8af767507133a99aa77ec93ea60d612f04077944f162bddba1f0c0f","first_seen":"2026-04-24T23:10:16.876074Z","last_seen":"2026-06-06T14:55:48.714008Z","times_seen":274,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":995,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 78902\r\netag: \"5cae9008e22ccc62c09f38e52e664de6\"\r\nlast-modified: Wed, 10 Dec 2025 11:49:58 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2JRCD9clITVD%2FoSmV8K2fU7X1x7jBtYvq2cfmdnMT2Z5OOoDJah1TSU4H87TvlsjOQKsxLhxboYTGGCYcT7KeVEcNu3rE0ezQylKMDpSjWEbSYd83BTxc0rrHOhTgJ5WwsBK0YpQW4MYAKBnH2wvwrs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9307cb55dcf-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5ea\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78902,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5cae9008e22ccc62c09f38e52e664de6","sha1":"a1f17e80566874fe9706d17a46a2d46f82bb4334","sha256":"3148a6d8c30b8b20d81c8e0873dc24170d6be114b7e3570870da05e12202d770","sha512":"49b2777a4621bd265be1b02773561be3504f5d1dd0c104f8ddd0781e36791a1f12be3093743baa2a7d21c70766e76f7d5d475efe312d725a1959acf4a1625551","ssdeep":"1536:blYjfVyd06MgAmxW/kYHFfuwKFhzwOxl3juR+GfDIroclZ:bc606u75s1wMGlfTclZ","tlshash":"5673012aa243088ae0f71039184a6be7f90d11a1e7e85fef84e7570bbe0df413d65e50","first_seen":"2026-04-24T23:10:16.877965Z","last_seen":"2026-06-06T14:55:48.643454Z","times_seen":255,"resource_available":false,"data":null}},"time_used":2042,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1574,"receive":468,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c4bfa7d72151468eabcc16b6331a4f05?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c4bfa7d72151468eabcc16b6331a4f05?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 46945\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 19803\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c4bfa7d72151468eabcc16b6331a4f05\"; filename*=utf-8''c4bfa7d72151468eabcc16b6331a4f05\r\ncontent-md5: 9EFZqSVDuQPdMMcw0LGqDg==\r\ncontent-transfer-encoding: binary\r\netag: \"FiADs4ZHR-6LY09Fwa6Cuv0N-wOk\"\r\nlast-modified: Tue, 05 May 2026 21:02:43 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: qjnxiEAPQ\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: VpIAAACWfI-kSK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46945,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f44159a92543b903dd30c730d0b1aa0e","sha1":"2003b3864747ee8b634f45c1ae82bafd0dfb03a4","sha256":"cb9bb0108aeef8d252d9df1839bd18ad202d1c911d349617bf2309274043b4f0","sha512":"94fc14787ef85a93ae4c05ae116cd88145adeb165c447568109cde99f5da7257f3a3d25481eb53bbb5ef9718c8af94434f1a5a99647248a0f77682bb24443437","ssdeep":"768:7l7LN+rpt0j1OGJa71door96KDMguzYkZCtuAS33qlChYC6fbluBhHZku:B70rpa017Z4gu8kMuLqlCV48Bhn","tlshash":"b423f1449218b1fbc54acb8f3eaa540c4ab156fe01b6b17f9965e4a5e23c0c848bdde4","first_seen":"2025-01-29T13:39:14.803522Z","last_seen":"2026-05-17T16:34:28.590415Z","times_seen":297,"resource_available":false,"data":null}},"time_used":3269,"timings":{"blocked":1415,"dns":0,"connect":0,"send":0,"wait":1265,"receive":589,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-common.1777369843125.4adb46f5.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/chunk-common.1777369843125.4adb46f5.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2717b\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec3d590\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160123,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fd30be8efc49091ace6b6cba1d19f85e","sha1":"dcb13a103a96a9346297f81fa22518579b7694b7","sha256":"5aeec070f92421551adae5477625ba84ca8f44c1fc9c181efb18e241c0179776","sha512":"42df127ca6094903dba8af9a2166ce68c1386c59b2d7e48071f6c33ffe1c0e81b2a3673efd413142e6699be9719f79f6172c9f5aaea6fd8d45518f8d09aef6df","ssdeep":"1536:bvBBzbgGcdWUa2UTf6oryXHuLmbErF/G7D1dMI59HTsY5kN/voVGAClVbGD3tFkK:bvBBfRTf6yjFetHTsY5s/voVGAcgD3t","tlshash":"0ff3e8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade67f1a704a436ca8","first_seen":"2026-04-29T03:41:13.32854Z","last_seen":"2026-06-06T14:55:48.61145Z","times_seen":356,"resource_available":true,"data":null}},"time_used":1108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/undefined","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /undefined HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146431a8d5ad\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GeeTest","description":"GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.","website":"https://www.geetest.com","common_platform_enumeration":"","icon":"GeeTest.svg","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24409,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"de12f9ef6903679d754b67293200edd6","sha1":"fd38488a0db4f56c62536cbdb4c5957ca9091148","sha256":"735a322de1f2ded527f569184d7c6c57ddaca2726df1b527386667704e130688","sha512":"6e460e29f99686c44c928a124be7cdc3b1633d6584c9d7e0256c69a1d328ec0cbe7f401d79385a18d16d458606e132567e8f7fa5e4e7ce56a3ffadc6c7b63b95","ssdeep":"384:Eo3ERrxqNBPJ+96junwIX2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:EpRVqrJ46junwIXiNYiKop/E6wkpcu2T","tlshash":"62b2185a9df349762523303a1fbfb20879b0c0274209ed443e4de7594fd59aa42e3be6","first_seen":"2026-04-29T03:41:13.317002Z","last_seen":"2026-06-06T14:55:48.665267Z","times_seen":357,"resource_available":true,"data":null}},"time_used":1311,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1311,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 52382\r\netag: \"d82815d2e1685b08148f834895263ba3\"\r\nlast-modified: Sat, 06 Dec 2025 06:31:00 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nfv6Lq%2Fig0N9SJiqANyzXIALkdnUzjVijaZjysTwnNFiSllMbP9hw%2FW26Ox8Sl98tFxupOffN4ItSM%2FYl4ZILfXC4LgrfM6vb2Q5Wddq4m2zZ8PM4ngFDVSChXtcQDD4ynaOCcPI7BNcrs%2BOHxq89f4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9305e805c88-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e6\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52382,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d82815d2e1685b08148f834895263ba3","sha1":"77d1ecea682ed9c5c6be0f1644f2314eb3db64e2","sha256":"4dfee4506bce2de57a4d8d608edd295e0f8233b44b869f6d94481d17931a42d6","sha512":"9941cf4ea9abb6631c519ddd7067d21ac74afd06329b64581be00aa28b89e4ae7dd9750fcec2913df15a4f5fd7209a2049ae62bfec1c802d304a710105ed5d0c","ssdeep":"768:i2/E0Y/tLxLsxLHzZGHtzwzzxgHi5hUOjl7pE1+J1r5k+A8okW8winHfG1HL:xEHVNshHzIIxEuh7q4JxqXPin/G","tlshash":"a13301689c11db25d8805a2dd62fbfce984330e2231f0bca5b13d95e0bf1a852f44c9e","first_seen":"2026-04-24T23:10:16.886375Z","last_seen":"2026-06-06T14:55:48.700119Z","times_seen":266,"resource_available":false,"data":null}},"time_used":1567,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1564,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/vs.21f89f73.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/vs.21f89f73.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-51a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 63103\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec9\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1306,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 28, 8-bit colormap, non-interlaced","md5":"41cff06a80e61ee3fcd32f7c29a6493e","sha1":"bb70bb0a3a0fde7a132788777aee629392c756e9","sha256":"3240fcea2e4168dc863b8aea602750e6a1fe11a557c18ac6a381781ef487746b","sha512":"fce7ff9f62b51c4f8994f0a8ec4a56f21570d0cd163471d99b357eb0a9a735c800b389c4a8a611ba441b208cea7eb483140042f5d11ef110b591c1c1898bbb8d","ssdeep":"","tlshash":"e921eaffe15b2c75ccb59bb3bc6c12656809582970866b137125e7588c539217f0c461","first_seen":"2025-08-29T11:05:53.184813Z","last_seen":"2026-06-06T14:55:48.669396Z","times_seen":1511,"resource_available":false,"data":null}},"time_used":3182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":1978,"wait":1204,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 37528\r\netag: \"906ab41cba21ba54bbb80ed3dacbb04b\"\r\nlast-modified: Wed, 10 Dec 2025 10:48:21 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LcpfGiUbpo2NZ41wxiVYi4XahSRTJv2yx0KhPX9FoNcfgedJePYK66B1vmgl3HJkSBvIdL90U2INd6KJYEOTdslAyzDdBoM1rEztR%2FBGn%2F%2BUc5I1EA8cBjV3EqMqSURj961BrU48oJ6l03msYjYThYQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 50201\r\ncf-cache-status: HIT\r\ncf-ray: 9f9cfe70dac30946-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644204d5cf\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37528,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"906ab41cba21ba54bbb80ed3dacbb04b","sha1":"e08f7dbbfa8dbd35da5d1dcd0f053655549ab960","sha256":"a1ab44f6e154a62ec1ef0e0298fd9b4844f915511f4f611b7c0249fe0c18cf96","sha512":"e2f606f28782502ed4817ea9526830bb828b6519748e5ffb9877151958d0e4b971f028c39fe42c321df89af615265f25fce12495edfc0a668b07032b17b38f1e","ssdeep":"768:FlLwXc9bK7xo/wY1n6usZ+BDB6rZgXCEMyLjPzfQ/rbRe:XLwc9e7xoR5BDCgPMQfU3I","tlshash":"56f2f12f58773be86d763b7184e94068b008659b7f4b0c56087f338b866f73617e11a6","first_seen":"2026-04-24T23:10:16.777817Z","last_seen":"2026-06-06T14:55:48.633222Z","times_seen":264,"resource_available":false,"data":null}},"time_used":1430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1184,"receive":246,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/0bbca54a79b606e5f794f331c2f63eb4.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/0bbca54a79b606e5f794f331c2f63eb4.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 43742\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"b7be2f5ba4fbb78b954da58b76286d8c\"\r\nlast-modified: Tue, 05 May 2026 03:30:29 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18AE412363B35829\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 2497\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wMaStrCkLTxm51upcS2JWVdWb1dhcDSQge8gsD%2BdvEO9EWA%2FZMGYH75DT3KSaB3B4vRcPqJ5eIWHWvuzeTqTjd5Cn2vfxV3JAKiP5nTSEOMzvMNohR7pd7beAYunZSMN80ERjw%3D%3D\"}]}\r\ncf-ray: 9f9cfe738e40b4eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"b7be2f5ba4fbb78b954da58b76286d8c","sha1":"df282d3e1c7d98fd2ed5f878ef651bd78266768a","sha256":"644077c48141a59ddd30c3e15b6aeb242a0eea91272111f707dc9e5793afe2b3","sha512":"c222753c3f674d1e976af4678c4e93e0f24a32b746eff57ae76d0e5329d449f772988e0eea5edd3830a853d8ea2c85d7b126681dc65bbee8d54b342f98fb05e0","ssdeep":"768:cJexd2n5WRwQeQ+gjZFiVWA6aOhp5J50irzIl6QeM+zxxQQv1pDCM2tHrXBzuhP2:cJ425ZTgjZwVL6aOhp5JuIZQX+sQQ18U","tlshash":"8713f1a2396c7d022b92974602f29aac6f89fbc7177068cb0da6bf9f17d54c35273041","first_seen":"2026-05-10T16:58:50.23723Z","last_seen":"2026-05-11T00:18:41.174622Z","times_seen":9,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":4,"connect":1,"send":0,"wait":8,"receive":3,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-init-1656f0b4.1777369843125.32336986.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/chunk-init-1656f0b4.1777369843125.32336986.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-21366\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec3d58f\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136038,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44088)","md5":"a1aee3b4fdd378acbf851a367f523d6d","sha1":"9b808ee6cd84b9e3969901470ae1c2d1df800ea0","sha256":"a20ad3a83af7751da30c420d96705aa78f39ddbf610789296ce2b47ec3788179","sha512":"71c83f283537df70e91f49c73fe8554e59830f75caf60f372888692946e7c08ca9f13519f082c45ff310ba269151a9a2955fdf6fbc37b68ca4f1e348303725bf","ssdeep":"1536:2twqIPBoVbzfsO9ZuqpiXXIOU6Qgpp6KkB2EnBDsAxdrkm4SgiqvHynjM5TCifM+:2twqhOIK2nCLdyACifMur06/D","tlshash":"30d3ec54b7d0b4b442cf13e6711b2475e3a61ca22058e8f0e31dee647f35689d26faac","first_seen":"2026-04-29T03:41:13.388607Z","last_seen":"2026-06-06T14:55:48.701511Z","times_seen":361,"resource_available":true,"data":null}},"time_used":1107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/loading.da46bff6.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/loading.da46bff6.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-7384c\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65101\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5c0\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":473164,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"ac7ca483f10bc73cffa89f639f6ffa56","sha1":"03873b9607c635752526968af31773498d259afa","sha256":"a054b81d2850fe2da5b4f97a1c50c05ee59a24c37f1c700e5cc45fe6079598b6","sha512":"caa6b3e243f02c86ccaf71aafd0e716834a7a0cf07305c5c7cc0a1b9d637cc2802caa067b0010c7c3c064e3fe8f7881b26992f57137f98477266653342257760","ssdeep":"6144:NFoYczeWIF3Q/IUPYhuF0KX38I4z/tcKZPehCIjAl/CS+b:rLczeTUPpF083CBdeh7MlvI","tlshash":"79a423929b411988e1096432215fab4d23993b6458ab5fbf78843d88893cf059ff763f","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:20.959683Z","times_seen":1557,"resource_available":false,"data":null}},"time_used":1157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: BqGdnoJbnBR5+Nc0f5XRuix79UBkrmtZQuXdQY0JfmvwNsGud/jm55qYffS7shwYbWIQz1HpgX3ZP3osY6Ti2RKO+y0hhLumOMSVUTToIXOvyWRPrkKD7b4n5omQCPy/6OmAmeFnuilLClz9TBPXicRl8UHCHaFheJkspDMqioU=\r\ntimestamp: 1778458573102\r\nsign: 4p5v4t117a3r5012\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:26:13 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439e5d5ca\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7331,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"f9cf5fd42c45394708799f681cdf5fdb","sha1":"d680e17d8b539a313433e2dd4f8929e9b6ab8636","sha256":"b01e8f777ca001d055a0f7954f406e01c5c2b770262b7ef76738d953dde626db","sha512":"f71f2eea855bc5cf5368a3bc5a2038ae3d3be70f0f93dc4c5fa7e0023d3d79c0286b10d3022e73876ea586098fd92fe89a4915d3064af5e3eca089ce92bdcc98","ssdeep":"192:VcXaHYh7BkWN/DwxL4jipSGv3AY5roc3GrLI4irw9bdWanVAa7aqr:GqHYjkk/DwrpSGv3AY5rT3yw4dWanVTz","tlshash":"fe32be570b52e3a0269cd4f8e5236dc11aab9acc80bdabd5d274c4902fde7d075cc8b6","first_seen":"2026-05-11T00:16:59.188576Z","last_seen":"2026-05-11T00:18:41.230049Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1634,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1634,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 15760\r\netag: \"dbd5bbca2ac98b7327bec49ec9e17a87\"\r\nlast-modified: Tue, 02 Dec 2025 14:11:52 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a3ypPNesf38%2FECUK3U8uDHpJxGFAlu1Q4fQflReRUiG4jRx20oxqY0lYqDDuggA1mjt1lDY%2FnWOS1ALx03auOxkU3v0QZeIYpexWs3Cygc0MI2tjucJu3mmDsXo7ZKyIqLzUz6FqxbXfBIGmZq3qMIw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054e8e685ddc-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13edd\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15760,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"dbd5bbca2ac98b7327bec49ec9e17a87","sha1":"7ad876b6c3f6922c1cff9db452948604cfc691cf","sha256":"12e3a0e3de790b5f640b48e4fede8f5d1c881e23b4d710d1971282362277eee3","sha512":"c96a4f88a602c4bd5d8ccc3a0ae44ca9d85d5a75175b8b8c219c527d2ed1338b8d65e9bc52e9c1e844f34aa76e6d0d1d81c4eea6b28592de710a4f4922b11701","ssdeep":"384:z25GXKCP2DdvL8cWHImH7LKcCZzFwu/6unzgL4X9:S55Ce/xsln46un88","tlshash":"f462d0149f5537278cc4787941315fbf7f601c42b208e45296ffa86bba2c2957a146f3","first_seen":"2026-04-24T23:10:16.813188Z","last_seen":"2026-06-06T14:55:48.663818Z","times_seen":256,"resource_available":false,"data":null}},"time_used":4568,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2458,"wait":1207,"receive":903,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 15438\r\netag: \"a1349a63a048224ad8e87814e87bb73e\"\r\nlast-modified: Tue, 02 Dec 2025 14:12:01 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GsCkRXszMlm6vcBnm67ks240b0ZUStYLx8hmSc7b9XATtwXaU7xIyvwBgow4JpO0g7rb%2FmAaYp4%2FedkEzPfwq5IpFkY0H99ENdtt1N%2Bl4%2BrEqUSjK7U%2Bu0nC2qIet%2BD%2B4OoUKrmjnHOCK%2BH5JzTDuAA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62620\r\ncf-cache-status: HIT\r\ncf-ray: 9f9705b21af85df6-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c863ec1\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15438,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a1349a63a048224ad8e87814e87bb73e","sha1":"0e04bbeddf14327f501a7d2c6df6e05795879d8e","sha256":"07dea36c21de6e1a3b038a16fee3fe652275f33b1757c12ef30396e4dcabd2e8","sha512":"6e92d8f202db95f03407b4594b217cc15dd52e187fd69f779d45407cd9644095929c9a657b49fc030e7a2f4b1dc1f92cecddbdf72ceddba23cf33b759b782c11","ssdeep":"384:8033ZoVI43DY5WxPnFK9OMJuFUzYc4Ig30k8E2:PobD3xtwn+jc4IgV8E","tlshash":"2d62d0402ecaf0713ba1781ebb7df58804b89937b45a724758b70471b66d4ae13964f3","first_seen":"2026-04-24T23:10:16.871482Z","last_seen":"2026-06-06T14:55:48.668709Z","times_seen":251,"resource_available":false,"data":null}},"time_used":4583,"timings":{"blocked":1525,"dns":1,"connect":300,"send":2450,"wait":307,"receive":300,"ssl":611},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/82eca3fbf873216c0c4a37236c1707e2.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/82eca3fbf873216c0c4a37236c1707e2.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 21298\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"af59dbb33b970551729bb931fef649a1\"\r\nlast-modified: Tue, 05 May 2026 03:30:29 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18AE412361A48200\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 2497\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8fKd3ZE34P27BhHk7XQeC44tsxaJ4UfWxHL5Fz%2BCSu95DXr9Gh4M03UepiRAG4HiGobjEnltUb6Vieyf1POIyzaLwXrmaiIityFdDkRDblWyUoJQojAEMWccyT8RPb7kCFwIKg%3D%3D\"}]}\r\ncf-ray: 9f9cfe738e41b4eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":21298,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"af59dbb33b970551729bb931fef649a1","sha1":"cfbe95d0b647e553753e939d63f20953aa34e495","sha256":"dba0007483b885fa799d13a9a19b04058e02b94cb5d5b82b8434507758bf4c35","sha512":"c2c4897a0de05746e29249cdb4ac712cc1a3c6a1dcd34942a0b493f11ff53cdee83b82fffbca4fb6b14c38283c8ef5d6e7cac16e819d9b429f1cea2c71d6380e","ssdeep":"384:nZ7G/fzKpMiDcB2Jlf8KcIoTtsAkYhxLH5LJe:9S8JlEKEsAkQRZLJe","tlshash":"07a2cf32e809aa1dd92ee8f918537b1c3f9549c44b05f704b861627af2ed97b0018dfa","first_seen":"2026-05-10T16:58:50.172569Z","last_seen":"2026-05-13T08:34:11.919072Z","times_seen":11,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":3,"connect":3,"send":0,"wait":10,"receive":2,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: lGIfY+Laz07s6ebGqaiCy2Kw3PnjnzjbarmLfOInqiLD0T/snHmxD9+hcJIJEFzwrA0SQ8dRNBNAtWdM1imkl1PB3Ty08pAg93JatRU9mgYuKUqfW/TnZ7XFoAuFBj/hyIGU5D27wqFVZFzxpIqwVeeVCAHv2dxPcPH+Cyt4rAE=\r\ntimestamp: 1778458573102\r\nsign: h5u1t133s1o4t63i\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:26:13 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439d8d5c5\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2132,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"d422b6f82f4d7f1b164d3e8a570352d4","sha1":"378313fc9e0fa06b92983684170300277d2c55e9","sha256":"2b78e7d21ba55a23168bf9197eea5e91f3dc02bbd2b886ac8e6affa8e143b07c","sha512":"2165977e2fcfb68f657c2f6b0bbaf663e2d494313f4e98cb35fa8f2a390b9cf3909db63dd6ece0c1fa43eb19e8ab99bb07083f0ff5f24bf88f09a3a33dc5d6f7","ssdeep":"","tlshash":"af616d136a9db309da2a8e71d4728dd92d6cc22d779cf8e3c9a04f1586d734370ad540","first_seen":"2026-05-11T00:16:59.191334Z","last_seen":"2026-05-11T00:18:41.241806Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1645,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1645,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 105348\r\netag: \"e55c87e5077d7d737d02e9a373cf6a5b\"\r\nlast-modified: Wed, 10 Dec 2025 11:55:39 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c38i4w5ktGiHmoEXFsuQkl%2BuUSzA9MkL6yo%2F3%2FwMGU%2FiKK%2Fv%2Fn%2Bj8CqDELVMUYedIpcG8xCzQB1auGS90A2ivbiCAubY%2FLg7l8wMFjIy4FivOZmoqcjfG4Cfh6DqnWv7RH2YgR0rm3q0s7MfLQqG0jU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62620\r\ncf-cache-status: HIT\r\ncf-ray: 9f9705b22a2720e1-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed4\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":105348,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e55c87e5077d7d737d02e9a373cf6a5b","sha1":"21898eb8dc994254eb1a125a5f6310fcf94b08c2","sha256":"e2a9d5843140eddeabf22fd2e092ea761500c7b0cbf432c3de4f0e5fda23d2d5","sha512":"b17785a3c181a357def9c7bdf608f2ceb1df6b17339a0b2756e8fef4930f04fbc2fc70d2a4f22cefec30adafa5d9d1b0d259594b97dfa6a7c1fd650322e27f41","ssdeep":"3072:aJ/fAaUQyCHbeJiOjCkW/cRnU/xMT2Wfw//CVX2W:a1oaRyCPYCJe2WfwoX2W","tlshash":"42a3123992169346e97329aa30f80f4dde9874557e26204d78c8d64e45122f2fe78fca","first_seen":"2026-04-24T23:10:16.778762Z","last_seen":"2026-06-06T14:55:48.656001Z","times_seen":243,"resource_available":false,"data":null}},"time_used":4592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2473,"wait":1205,"receive":914,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 46184\r\netag: \"c0ef8343c60fc9c02bde9fb0823e1ef6\"\r\nlast-modified: Sat, 06 Dec 2025 06:26:38 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ONq4bI%2B0tG7bTfRzssC2mOGmLsB1SOcBji7%2BZKvq1%2FioxDjOcdfv92KLl%2BZr5iy5U269kBDiiivyMYrwXVd4NYu61NIOH3iWRbfWk%2F9WJIODuwZfcR4qxqfM0Sgu8u3TY%2Bv3db8qKSi06zz4qyeu3tM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054e09f704dd-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ecd\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46184,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c0ef8343c60fc9c02bde9fb0823e1ef6","sha1":"3a5e1c7a0e16e4df0a591749d4a8a1d01b381277","sha256":"1042e3632605c2e70706209ece9e2b341695afc4e57d5512818e458078c55040","sha512":"950b59f182c21e7d78ac56d6c1cb0f22a295ede2a579f9513c69166b2c227d5ebc4a8e16d5528f530488d5c36d8b88d9c29bb251820627d596156f90445a90f6","ssdeep":"768:fs+YB8yjw8RTKT4uT+QCkrgAEnaCA/RE4qehyRcQsII+IYJxT8sJk2RaA2b:fsDjxR+LT+vkrgAZ/R1hyqQ5IeJxTbR0","tlshash":"182302b81bd5a7b7cec731f89ce2890a4d17c2d5e183b0667d686bd6aa114c1f4c0ed1","first_seen":"2026-04-24T23:10:16.848247Z","last_seen":"2026-06-06T14:55:48.607566Z","times_seen":256,"resource_available":false,"data":null}},"time_used":4253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2448,"wait":1204,"receive":601,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/96dd935861df4da1b623a6d6db122c54?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/96dd935861df4da1b623a6d6db122c54?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 9807\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3728\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"96dd935861df4da1b623a6d6db122c54\"; filename*=utf-8''96dd935861df4da1b623a6d6db122c54\r\ncontent-md5: Tql3rKGYj4xcTEjkDnXtFA==\r\ncontent-transfer-encoding: binary\r\netag: \"Foa4Oc2F5oJkBNWHREcHxf9qVzUq\"\r\nlast-modified: Tue, 05 May 2026 21:01:56 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 6Vhzpi7Pj\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: J-AAAAC0sV5DV64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9807,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4ea977aca1988f8c5c4c48e40e75ed14","sha1":"86b839cd85e6826404d587444707c5ff6a57352a","sha256":"121714c1157ffe689c31ac488b3cc102757bb913d6c7cb4ff483477b2470e34d","sha512":"b0a1704529c15f04aa86f6dea507348f8485a6eea219803deacef21660b72cf76b8124c087e8f1ad6d374413fc91fad025a444d81283c6f537829f1f07f29e94","ssdeep":"192:P1TKEDJ7Ixs6gKCpl55hHTGpqHHmJAeKzvEEnLHymip75+l2MD5tB1:dz7K5Cn57H6IHmVKDEEnLHgalvN1","tlshash":"04127ccb9ad907bcc7847574cee4b9578763d46ede63ac8ea7135240d6007e465ca600","first_seen":"2025-04-01T11:41:17.987696Z","last_seen":"2026-05-11T00:18:41.318314Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2866,"timings":{"blocked":1446,"dns":0,"connect":0,"send":0,"wait":1078,"receive":342,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/933e5d39004a4d0b91b0d2abfe8ab2a0?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/933e5d39004a4d0b91b0d2abfe8ab2a0?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 21058\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 82849\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"933e5d39004a4d0b91b0d2abfe8ab2a0\"; filename*=utf-8''933e5d39004a4d0b91b0d2abfe8ab2a0\r\ncontent-md5: Lol7aS71rDzjVql+/JeBVQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FsPDZtMNgZfipLk4aaCnciQsqlXS\"\r\nlast-modified: Mon, 04 May 2026 21:15:10 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: qPaRYyrIL\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: lYUAAACuY25ND64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21058,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"2e897b692ef5ac3ce356a97efc978155","sha1":"c3c366d30d8197e2a4b93869a0a772242caa55d2","sha256":"d3742a3cce357d29da6451e753a26e330b482e202ce4597995c548ab4aa20576","sha512":"70c20e77d24c48ae08efdc8e9dd25d145ba58c38b8ab9bbf4e06b701094e7740a058ec07581cc448017fd64fd823e86d2bbf9c3d0b07c47289b472c1cc6cc33d","ssdeep":"384:aP+GAvOU52W5lzxw4/l39QbA1mKYHNt/PKe1mkYtPLdwaXXAuJ:ucvd5l5L9lNIAHYHj6e1mkojxHA+","tlshash":"9a92e02e01be9092d41f6cdd42f994c191604066bad5c67abd4ef2b4cc50a4bfd30bbc","first_seen":"2024-12-13T03:40:21.320187Z","last_seen":"2026-05-11T00:18:41.253072Z","times_seen":172,"resource_available":false,"data":null}},"time_used":3088,"timings":{"blocked":1423,"dns":0,"connect":0,"send":0,"wait":1268,"receive":397,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/away-bg.00d4ba2a.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/away-bg.00d4ba2a.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-f2b\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 63103\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec2\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3883,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 277 x 80, 8-bit colormap, non-interlaced","md5":"ce3e5a71ef5dcf15c030882243e12315","sha1":"d4fdd1329ecac30941a67bd5108bad525c791c12","sha256":"3c2aad01ce2fce6463d6ed3bde348515922dd019d8a670b07b53d66b39c68d3d","sha512":"f6a55d8c079529988760a1c22541c097af159a3653f5ffe89c5c31ee20371f2c879c64797319f4176be77c821294f0f72d83ad77f2a0141203c857c8f987966c","ssdeep":"","tlshash":"6f815cf693e66bd0d5675106a3a14c89624d69d925a325530923f45ec3bb1ac02fe381","first_seen":"2025-08-29T11:05:53.10673Z","last_seen":"2026-06-06T14:55:48.705009Z","times_seen":1507,"resource_available":false,"data":null}},"time_used":2583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":1977,"wait":606,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/7653.1777369843125.5eafcc69.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/7653.1777369843125.5eafcc69.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:10 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5dd\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458570=hwFUt6D6i2fL1UURe4sGEBvrMw/YVGR6bxvoCSzBA8SQDSvMxpWv5016KqAn0A4wS3EhcT4K1+zUBND5XfHOyCSjzJW4ww95TEGkGeLeNmxdSw0Z0fNBJ/Wq/gDvWZ26iWz8M/c0wWw3c8Vexq2v3yv4idIn0zcpE/kr27OApH2LLBPXP/uuhKvtHPSE+XNH\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643069d5a2\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1501), with no line terminators","md5":"4849391ecd3ae7038c8eca5da5af6cd4","sha1":"6316de5585ce9c3c90e92da7f445df0f1eb06f39","sha256":"7ace68dcf17129b57d79ff5a5ce030178b60d463fa0b0d1027ff5a62981ae2ef","sha512":"04bf30f23c9fc4ee7df1d106f541932dec50cf5794d313087378b16ed5430d29f75a5891abf4e84657525774f2ee231ac62d9e7640000390ee29a08bf23fbae4","ssdeep":"","tlshash":"47310e98b6a171b243af5af98f3f168bf16794c064edb094d096e2e07cb420c4937d29","first_seen":"2026-03-20T12:57:26.686565Z","last_seen":"2026-06-06T14:55:48.615597Z","times_seen":451,"resource_available":true,"data":null}},"time_used":1650,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1650,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/21954.1777369843125.57c97863.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:09.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/21954.1777369843125.57c97863.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:10 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-a3f0\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458570=hwFUt6D6i2fL1UURe4sGEBvrMw/YVGR6bxvoCSzBA8SQDSvMxpWv5016KqAn0A4wS3EhcT4K1+zUBND5XfHOyCSjzJW4ww95TEGkGeLeNmxdSw0Z0fNBJ/Wq/gDvWZ26iWz8M/c0wWw3c8Vexq2v3yv4idIn0zcpE/kr27OApH2LLBPXP/uuhKvtHPSE+XNH\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642d01d59b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41968,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41968), with no line terminators","md5":"0e41dd7729067b884faab37fcd9af417","sha1":"11acbef297a8f924deae47393678fb42c36ece7e","sha256":"9535e9e039663a829c5e5ffb31879f836c96c5e1f58306318b45a64f4a6687ea","sha512":"228b5a935e11e121070f4a6710af8ed39e21fe53a228c99bb4befc116c54f37693f2c9e5b08d202dd5b8375b84c4fbf63918cf013f6af5d4f71464f93524d3c3","ssdeep":"768:QPhaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:/81R6Ipyk6o","tlshash":"a7132088fac2b06dd3eb7330857f505ae66a1dc0668c5438e260d6917e7198dc1fb5f8","first_seen":"2026-03-18T07:07:19.558046Z","last_seen":"2026-06-06T14:55:48.712253Z","times_seen":369,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/fonts/DINPro.9ee75b04.ttf","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /fonts/DINPro.9ee75b04.ttf HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/46431.1777369843125.7dc7cfcf.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 119892\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: \"69f08424-1d454\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5bf\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119892,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 10 tables, 1st \"OS/2\", 30 names, Macintosh, 2005 Albert-Jan Pool published by FSI FontShop International GmbHDIN Pro RegularRegularAlbert-Ja","md5":"028cefac160ed3b006f47106fbc68d1c","sha1":"efcecac09684435facd7397e4f6163a5069802c2","sha256":"fb841a09a82787982ad1774bdeb45e8e06ff4909161a9ce33fd42f8822c5ddc3","sha512":"3a5a284d0c4da6593b857ba785a4ba7d5f2e2b73d22a2ef25435b9558063d2486228d76a3cd5d3a59b5abe4c0da696a75373111b3569a94a9dea1516cf16091f","ssdeep":"3072:YhtN/CZnt1tbtKtHtFNgz1QZt0tbt2ktwtNstAtqNaEctWpy8TLtsIb66AUeo:YhtNGnt1tbtKtHt7t0tbtxtwtNstAtqV","tlshash":"5ac308c153e8fa4ad83996388511c7434226ff2de65d4f36ffd94d8c688e8e9064e6e0","first_seen":"2023-05-08T18:58:40Z","last_seen":"2026-06-06T14:57:20.993592Z","times_seen":3746,"resource_available":false,"data":null}},"time_used":2418,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1159,"receive":1259,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202502/_webp_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202502/_webp_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 22168\r\netag: \"04f8fffa2b2bc694cfc7174078dc54f1\"\r\nlast-modified: Tue, 02 Dec 2025 14:17:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kAKl%2F%2BP021lalPWkwyXc1qcQOBjpXfmdqho1E%2BMMQ6VYtdAuML8Hi%2B8%2B1uXnio%2F7VRVI67uNLcNQpRw%2BEwIjmbKMbJRsUrg%2FM2%2FOlUv9%2FOCraWDT%2Bz%2BMC1qs2z%2FLZSGK5M7hLtfkjUg6TzAC8GQ3dVw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9304aa009cc-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e0\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22168,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"04f8fffa2b2bc694cfc7174078dc54f1","sha1":"ebfaea4761ce72105a95c0241ca87bf998a81338","sha256":"9900ec116e5fa903d64f9cfc38a6855fbc19c42bbad46c2690e2a50920abf030","sha512":"599c14c0dd6eabf0aacdf250e366075584c9086dfe71ab9f4cab55301c2a16efecba29d8dd9b14be7472766ebe2618de9559ca7a20fe3550e9ae564fe12aed05","ssdeep":"384:+Jq0Vf96zLIvbNpNUU2tDeOouLf5GslLXGdB3Rk1SV14Hdyd/2U3lMezZD:+Jq9ENuyOp5G0WdlRkQB12k","tlshash":"d1a2d14f988244a9ddeca9d6e2cf7a5c44f39cc012bea4668eb455c8b04f5163ef1059","first_seen":"2026-04-24T23:10:16.784958Z","last_seen":"2026-06-06T14:55:48.708563Z","times_seen":273,"resource_available":false,"data":null}},"time_used":1335,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1331,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/46b4c267d29e48fbaab265fe87ff4780?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/46b4c267d29e48fbaab265fe87ff4780?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 26540\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 785\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"46b4c267d29e48fbaab265fe87ff4780\"; filename*=utf-8''46b4c267d29e48fbaab265fe87ff4780\r\ncontent-md5: CBygtX9pd5kGi15Yhx/xkw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fkuc4IvR18tUyWq4FJ_9g-A_8nKB\"\r\nlast-modified: Mon, 04 May 2026 21:15:02 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: HdSgPlw0S\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: fiIAAADntonwWa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26540,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"081ca0b57f697799068b5e58871ff193","sha1":"4b9ce08bd1d7cb54c96ab8149ffd83e03ff27281","sha256":"b2b7d07fb9b8094176f210ee65a201eeec664d9bf504179bfebb38d519341dcb","sha512":"9ef49d365e39157b0c13e26bd40f5bcd9c189e0566b8ffce01132cf14975565a2f5555de70a05ffa41cf0b8a32e77687e232213e87b8107b52410c098193b839","ssdeep":"768:u4ENzH7H9Oyox3ipCXjmhVG1WW06FzaEKynNp3FUAN:Q2NiMX+41WS3rNJN","tlshash":"89c2ae46787ecdb6d96f087f56d53fef03022e3a87e515f0820b675c4ba4d0a254e48a","first_seen":"2025-02-24T02:30:01.461727Z","last_seen":"2026-05-26T22:11:22.654816Z","times_seen":27,"resource_available":false,"data":null}},"time_used":2977,"timings":{"blocked":1432,"dns":0,"connect":0,"send":0,"wait":1107,"receive":438,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 112700\r\netag: \"62970d9f3c6d5069ad898724c19a4277\"\r\nlast-modified: Sat, 06 Dec 2025 06:28:28 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ayVgEZpEvaT%2BHZOU4aUH0w6jDZkjIFzHky2ErYgXGBb9V1JmEavel%2Biap4BGVNyrlsX242eWTci1NX51MyymImxh1rmEMrP9%2BxoPGWapSjwVzGRv1%2FYNoYCCY0kw67b5ttqahq98iw3PgxX%2Bi%2BZyVJ0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9306cea8496-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464428dd5d6\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":112700,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"62970d9f3c6d5069ad898724c19a4277","sha1":"2b378bf8f829167d47bea58444d399fe47052617","sha256":"7b17d39fcff43e49c7a9cfa070a2e9ad41f466c464e347b7f2a91b705f6b5161","sha512":"00e247d65514ff4a5e8032c591faf83e4af220acd25b5b2fb5883c3f85ec349284e1609489cad86537bcbdc7718e2bc956f6b2c9bfef0cee09b54f036b9b495a","ssdeep":"3072:2Q4KKXKBHjDhDCq5qNrHMlyp8Rod8oucXQUEyr:DjBHRCqwNM4dw25r","tlshash":"e7b312dd1216b6b4a8b027fb23ccbd8944cd2ef64e787e96d8a9c8513545b2f40f4d42","first_seen":"2026-04-24T23:10:16.754484Z","last_seen":"2026-06-06T14:55:48.667284Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1045,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1016,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/api/sport/match/list?sportId=1\u0026client=web","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:20.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nx-request-source: https://j53g.vip\r\nXign: IN2yhczwe/D76DxfzBtKoBL/UMT77XQJUYOLJ0DfKGHo1+ZiVWSosuPxNv3px37ThmW9G4iM9A8OXsOk3CLIG/ciswde87dRzu9Rop7QHMmaYek5zE+TBdXuLPnJ6duuM29AS5sk449LxHPnb9c8SI8djl6MdtuPspBQib62fSs=\r\ntimestamp: 1778458580753\r\nsign: 4s371g5t33a227gj\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:21 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458581=N+UP0A4BsxZqKJNC0ko9yp5HGsNwMpf9RwkI44ivAg9WE8nrA7t52lUiyhbRzBqNj1i2iWObXDuKtrhp/Ahhst0hfod8AMTV2a73iw0scHeIWauHELckEfJBykcCvKw2/NLFHXs6HcetqC8ekZgAXeCqLfU1r7N+TsR9VOCWMVKDEzzqIQO+TIE7LO+BeVPD\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e146457b23ee4\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14048,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e04c8ccf667d09ae9c3551990c11d472","sha1":"0c8a50e6fad53a2f061b879f617481872f3b3c6d","sha256":"437a30e35014d58ee30b5738bdb1cfa24d58b176e2205f4fad340f8d88a8bc7b","sha512":"1976b0ef02688dde79d0f6dfab4e8b19847403d872abea23e848d641f43a17bc1d27644b852d1c6c4bc694b164ea3c47c83209ab930956e552d4d89043eb1fd1","ssdeep":"384:eYzGEurXzzru3rQ9r6K8URriXyrjh+tPUV0daHRhP2YVh2cH4K2wfKGubhBpgLan:eYzGEurXzzrQrQ9r6jyriXyrjh+tPUub","tlshash":"be52cc8681dd28961e9861e19d1d3f4d887eba5b4a9fb6c5ee0ecf1d20f43f79204c21","first_seen":"2026-05-11T00:16:59.197875Z","last_seen":"2026-05-11T00:18:41.125969Z","times_seen":2,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":436,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/45540.1777369843125.8e1e0acf.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/45540.1777369843125.8e1e0acf.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-37ff6\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d591\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":229366,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a0e497c34e367322be5d24c3b27d661c","sha1":"05738c9aad3a5d894b6d49780014a52200ef950d","sha256":"073a44ee1f965bd3739f07604455eb8940250c073f060303550cdd02ba87109b","sha512":"ea91edbfdf72b73e3fddb4a652393cfd4c1be31242b51f7caa28ee35cf3f66eb42bafff62ffacc3a2b89cdee253e84e2d8ec5e5c5bbc9832053bd5c00df77b3e","ssdeep":"6144:JYD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:JYD4wFsYiSAKNH3TY5","tlshash":"6024e894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","first_seen":"2026-04-29T03:41:13.329661Z","last_seen":"2026-06-06T14:55:48.709117Z","times_seen":359,"resource_available":true,"data":null}},"time_used":1739,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1739,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/css/home.1777369843125.0fc9d8d4.css","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:09.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /css/home.1777369843125.0fc9d8d4.css HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:10 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-15b21\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458570=hwFUt6D6i2fL1UURe4sGEBvrMw/YVGR6bxvoCSzBA8SQDSvMxpWv5016KqAn0A4wS3EhcT4K1+zUBND5XfHOyCSjzJW4ww95TEGkGeLeNmxdSw0Z0fNBJ/Wq/gDvWZ26iWz8M/c0wWw3c8Vexq2v3yv4idIn0zcpE/kr27OApH2LLBPXP/uuhKvtHPSE+XNH\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642d31d59c\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88865,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"30a5adbe27b21532b2c8f56952780659","sha1":"9145117e5aa3fdd7706b8ee646ad8dcd10fc3c7f","sha256":"37c13454d16818666b7f9cad2fd957546bc4bc5c0ce00a68be778c7ec411dcae","sha512":"823393636732a30be2a0daaedc93f43ec0bacd9cd5f85b238ffeb268af34215887fedef00480f471fadbd2aadd728d697778fee703fc9ae855d7b10d370af38f","ssdeep":"1536:fwRzOcRM7jufawS2d3a8WiLKbzGhbG9gpXdNCN9khb+8J/:fBtuSJwLUK09gEN9khb+y/","tlshash":"99933a76a610253db437ca72aaf06bd8b524c846d7634a3df2527e25cbc71f212363a4","first_seen":"2026-04-29T03:41:13.383588Z","last_seen":"2026-06-06T14:55:48.690039Z","times_seen":349,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":540,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/no_data.02e9590c.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/no_data.02e9590c.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T15:09:47.269258Z","times_seen":16181626,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor_nav_web_2.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_2.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-1922\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464323ad5b0\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6434,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"e31cb9f70abcc458288bb53868031352","sha1":"965f7cb9aaf0d166c21b8681b0671d17e019c74e","sha256":"33295ad776e1fde54dace5b0343c9aab9a2d70cfa8848e5cbd09065c340e294f","sha512":"acd328b1f4cb6e1c7267696487f637ea5ae4b724f7ab32516632a3eb2c8b4e374fa472ab77120230258fb49a23f54ba3988b155004b46e69519fe3ef57ee79c9","ssdeep":"192:RYc0QiGWn0WG2WmjNJMjOluoj/xrASMJmoJESULHT:RYc0QiGlHmjOo1j/xPMAG2Lz","tlshash":"c9d18ea6ea2a4a52cf8d0d633efc5b0671508e582f390826809a1d1d57767fa24a13e7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.001607Z","times_seen":1557,"resource_available":false,"data":null}},"time_used":1165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 33078\r\netag: \"0a0135f97e5634a3589065dc1f4203a2\"\r\nlast-modified: Wed, 10 Dec 2025 10:48:35 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=482kNiIFgeZiWdgnAo3Y%2FdKGkuPudZVHKSc9t9PCy0rnGAWBI9sld6AUgkQ4NRDoZiKv1hHCpQ3%2FpDqX84CUYELPCb3UWZjp%2BtsjmmRXB2CHeagm4nreyu94JzhGZ04XRb0xXDsc1OpkpK2q0TqfwKc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 50201\r\ncf-cache-status: HIT\r\ncf-ray: 9f9cfe70dbfeaf12-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464420ad5d1\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33078,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x294, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0a0135f97e5634a3589065dc1f4203a2","sha1":"0606b7a4f7dd769e8f68c0b444764bfdabd584dd","sha256":"b615b66587167edb3c9283e97940d3fc3f1f1bc910e6d3c98c55015a6bb3fd94","sha512":"bacaeaae43764c19a7148549deea3aad9d04df47cc2f25ce0db95d356b2c6fb46884ed4e9b16f6ef3e3467392fd71343509495dd68eef11cccc779dcc1b35ae4","ssdeep":"768:rWixhnCoTUtb7DBUFrJLDUJmEBsReZrbHf4K:rWivRTUt3DI1cJmEBs8ZrbHt","tlshash":"aae202d5b06953b1fe1439d3fe5cae680b2810b7edc74ce59e1bc95e819c2805ae1918","first_seen":"2026-04-24T23:10:16.804529Z","last_seen":"2026-06-06T14:55:48.635653Z","times_seen":265,"resource_available":false,"data":null}},"time_used":1426,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1296,"receive":130,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6d821ce1ff414aeb961f518e5bd91542?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6d821ce1ff414aeb961f518e5bd91542?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 20466\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 90975\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6d821ce1ff414aeb961f518e5bd91542\"; filename*=utf-8''6d821ce1ff414aeb961f518e5bd91542\r\ncontent-md5: C1Fx1lYqjpt/PsG1rdEBjA==\r\ncontent-transfer-encoding: binary\r\netag: \"Ft4x9DjUtY5wUYsA9WZNvytS_gpE\"\r\nlast-modified: Mon, 04 May 2026 21:14:53 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: vAD7eh80a\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: vmYAAADMSYfpB64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 256, 8-bit/color RGBA, non-interlaced","md5":"0b5171d6562a8e9b7f3ec1b5add1018c","sha1":"de31f438d4b58e70518b00f5664dbf2b52fe0a44","sha256":"40d1e449026f599ab4eb14b6a6361b487cce89d78b3a3c67f37774eb9938b01f","sha512":"1eb4092196dc1c43b8b4a40661807bc2ba3e8b2e0d4c3ca0a5a99a146324b8457b8b07276837b569d09a94ecfb91c8328605e8f79d5daf7a97fe2ba7a17fea0d","ssdeep":"384:vtwnYqRWu3rsQ8lWFIVT+lDPAx2z7Cj1B86:sYpu7AmIgtGkCjr86","tlshash":"c492d1961913326d250c078beddef8fa5b05515cadabe42323941ff3bbd089f491da05","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-05-13T08:34:11.959557Z","times_seen":64,"resource_available":false,"data":null}},"time_used":2890,"timings":{"blocked":1444,"dns":0,"connect":0,"send":0,"wait":1078,"receive":368,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1cb5d552c8e34c1f89444977d9aaba8e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1cb5d552c8e34c1f89444977d9aaba8e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 25282\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 18957\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1cb5d552c8e34c1f89444977d9aaba8e\"; filename*=utf-8''1cb5d552c8e34c1f89444977d9aaba8e\r\ncontent-md5: ASxQjPrj+FPU4tEON7wP9A==\r\ncontent-transfer-encoding: binary\r\netag: \"FmNNKuXUdyvqbsg_fbkSFiU7SjAN\"\r\nlast-modified: Tue, 05 May 2026 21:02:45 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 6AGQpxdAK\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: b0UAAABDzYVpSa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25282,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 125 x 125, 8-bit/color RGBA, non-interlaced","md5":"012c508cfae3f853d4e2d10e37bc0ff4","sha1":"634d2ae5d4772bea6ec83f7db91216253b4a300d","sha256":"b7480fc63fe6fec18a8345265eca1a5c05596b84c034611e740a8737ce26c8e4","sha512":"f03756d40ec5b453f974e4bbf840b725d92ca47d54d13a3e6dbf4a510af2697137dd8144b45401865a7b42f959c7cc67b2c9297260a1e3017cf064d85607ce1b","ssdeep":"384:AgxpFpa2zlZeKiv2jGbnYoD52nGD3lbzq6fk1/1Pv5PTLrbxNEJ+n+PdvbSxw:fXWceKDaUy52G7l/i1Nv5PTLrhn+Pd2W","tlshash":"c3b2e161d01c29218468c09feb3dad236fdb19bc2d17a05a5efce31eb416364c24fd52","first_seen":"2025-01-29T13:39:14.805927Z","last_seen":"2026-05-17T16:34:28.66347Z","times_seen":304,"resource_available":false,"data":null}},"time_used":3004,"timings":{"blocked":1413,"dns":0,"connect":0,"send":0,"wait":1264,"receive":327,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 15228\r\netag: \"6a267f5e09a632be650a3775bc739a4d\"\r\nlast-modified: Tue, 02 Dec 2025 14:16:53 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=egVvYi4illp0TEvJMUIRcRgGmFlwLGGe6HoJXhHSpklgzTqEPi0yfBwwawMOIvCZWzPf5K3qX6oxzCi4zGlPbGSSFVEuOQPgICO8G8DEVpSpz%2FL9oEUGSy3jHXADDjN0WW6Wc6ItQqqz77LY4bO3ums%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9307a8002c6-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e1\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15228,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6a267f5e09a632be650a3775bc739a4d","sha1":"5289878ed6bc3c5b6b06a9986ec15a3c6946fcc5","sha256":"88151c14f52fcf8359fe0a5b86c3a14bee6df5f37cfccabd75a86a559e3737aa","sha512":"0c3f82afc7a20b69b90d2ca8d6d00e07c5c097353a5a81024069fb7ed724ee50c335e9fed0860cc92d1274939c0476cbf8cc49b058813775df45f96a3028af3e","ssdeep":"384:1jnjswfCwfOcnPcxsiO8JvyITPiO3BBBJRqn0Rf/dzVPC1D:11fCwFnUl1uwRqnc/dxa1D","tlshash":"e862c1c96f1cf1dabc9c9d3c7a944d369d0c4472a4d804e980b69d2bf98eac78501f2e","first_seen":"2026-04-24T23:10:16.724806Z","last_seen":"2026-06-06T14:55:48.630338Z","times_seen":272,"resource_available":false,"data":null}},"time_used":1451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/3d815b6259cd403385fa462dd859140d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/3d815b6259cd403385fa462dd859140d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 11913\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 1624\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"3d815b6259cd403385fa462dd859140d\"; filename*=utf-8''3d815b6259cd403385fa462dd859140d\r\ncontent-md5: mB91Jbp/dvzkoCjUHGFtRw==\r\ncontent-transfer-encoding: binary\r\netag: \"FuHrmw01tVlqYudyOdtOCVa3ZkAm\"\r\nlast-modified: Mon, 04 May 2026 21:15:00 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 9nF4IYRfc\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: p7EAAAD2UUQtWa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11913,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"981f7525ba7f76fce4a028d41c616d47","sha1":"e1eb9b0d35b5596a62e77239db4e0956b7664026","sha256":"46e27504ba635f2a436ec8d5aa4edcbaebe76fc2043919cd9be756fcd3ca5a02","sha512":"46fef8cb767d64f224f092b67361df294745205d8e7fa975a585debfa25618c299f502f35102740c3b660f736030ee8e392177cc1b779e5d6c3487acf8d5e464","ssdeep":"192:FchQgZ8+AGlwVezMQkv+no93BEk2TmzoYWDyFkoEYVuH1d7ePhWU11kisKXlAGv:sNAcVg+odBEk7zNgstYH1dyZgJu","tlshash":"6032c04fa0f6f843d2b302b39d1061316ee6b1d99f7819894b907d0e8af194a197db54","first_seen":"2025-04-01T11:41:17.807076Z","last_seen":"2026-05-11T00:18:41.08063Z","times_seen":17,"resource_available":false,"data":null}},"time_used":2954,"timings":{"blocked":1431,"dns":0,"connect":0,"send":0,"wait":1108,"receive":415,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/83749.1777369843125.7bad5eaf.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/83749.1777369843125.7bad5eaf.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1641f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146430e9d5a4\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91167,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (62317), with NEL line terminators","md5":"b5d0a98c1abea1ea95ac8eaf2906cd24","sha1":"720b998c1c1f4967eb388f8ce38f8f3dcaf31da7","sha256":"1d82d912c32b708eb1c24aeb3ed164994aaaa9575b7e94aaa6f2f6a3996eec6c","sha512":"14426d6b63deec467e6017dbd19f01a26918e12039fabda3a2a94017825af7a71f887370325ab1842c49000cc8f07b04588462c7998962e76d4053f2c76276b0","ssdeep":"1536:lcK/KnqHB3vmeLUw/A6+GplTwsCNgODkJwTl0sI5pQiVFFsdt+HmQ:rB3vzowo6XTIgODSwTl0sgQi2tkr","tlshash":"7593e7c4b5f4f5f9279ec5a297364478b02127c5a0c8ace0d2e96e147f1ab92b0758fc","first_seen":"2026-05-11T00:16:59.204329Z","last_seen":"2026-05-11T00:16:59.204329Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1501,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1501,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10758\r\netag: \"1be21ba94f35a4ac4384d8d158cc42f6\"\r\nlast-modified: Tue, 02 Dec 2025 14:08:05 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OlU50J02RemAbZ3xHwe8bBcKJeGOKIZYgDo2iMfwyejQWjIzagamDEiK%2BnwmCtxHsUdUHqCDGpYenWu59majdvxQ%2F0SBIvCzjKG1E1CxZeKK6Bqkc01PoE%2FaghNC91NX1RTy0SnKdbYoGP60%2BD7yM%2F4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9308fafe2e7-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5df\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10758,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1be21ba94f35a4ac4384d8d158cc42f6","sha1":"3dc86d6c7bd530771ada51859a6c47c39258402b","sha256":"e2322e5c3f299528f388653e9dee3d3ca69e9f0006d1d0530cad7062dc2c3cbb","sha512":"40ce1b1f21df22b5ff6df16248f358d1cf0eb862f764bccf75cec2bb7cebae008ed8452e6fba25c2e091fe61c36fd30d25e6d3b46fd107985140debd9dacb09f","ssdeep":"192:jQnnxvnAz9rf9dKD/x0vFIcyKAY7MLUnEpeiqd6ufnQD4rVdg9NpEDy2lc:4A9r76/xEycyUkLuID6Hg9zey2l","tlshash":"dc22c09b145b3135fc1664bdbd5e5b0250ad8cc102b886290cbe44ba808f9caadbfb05","first_seen":"2026-04-24T23:10:16.865837Z","last_seen":"2026-06-06T14:55:48.651437Z","times_seen":273,"resource_available":false,"data":null}},"time_used":1338,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1337,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202505/_webp_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202505/_webp_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 31452\r\netag: \"2c3c63fd994d8d3c68a43ab204dc29af\"\r\nlast-modified: Fri, 24 Oct 2025 10:14:42 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q9%2FGXKAl3OV%2FjWN7IijS0TXAmk7yN6oXo26NLsS51fRswFZ3SJO3UkvfE0IRtmcmupB1L1RIIElVdH7MkymA%2BbnurdO%2Ba%2FlaiSU%2BdXWe%2BTivzhWq7aWwTSjuaQRwN1YsNnObuYgXsEtM40nlDAVClpg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65088\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c97519d7d44c-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed5\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31452,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2c3c63fd994d8d3c68a43ab204dc29af","sha1":"f5da9ac11b57d67e7b0a21bdf3d2d5134eae1e2b","sha256":"b38e08c497bfb9faec2e112ff1a093f8938984e5c098484f7eca99900d1e1c72","sha512":"e83fd01696f5a79d5b2ef7ad13a442455c94977c810bceb5a6a656e08927f8a160a5b6be8e8e04bf10c0b2b721254319cb5fe15982a7ae0f7272a25a61f56127","ssdeep":"768:JXiQbj17p1iaPPQUz4ATG+Qkx5UL1ot3u3QO3xOBiw9urQ8:VdJp1iuPXECXUJ6e3QOBRwYQ8","tlshash":"74e2f1f968c3c9342ca43ed546ff15d58dd8b3d475e60863eb222d049137822e9c9e2d","first_seen":"2026-04-24T23:10:16.870222Z","last_seen":"2026-06-06T14:55:48.610659Z","times_seen":252,"resource_available":false,"data":null}},"time_used":4559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2459,"wait":1205,"receive":895,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e262d74a1e504c82a9201949d1a269c1?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e262d74a1e504c82a9201949d1a269c1?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 17945\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 785\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e262d74a1e504c82a9201949d1a269c1\"; filename*=utf-8''e262d74a1e504c82a9201949d1a269c1\r\ncontent-md5: pxxxsbrdLwZLhWEv5PZNoQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FsO_24vtIBhxriDUA5uyWF3Ppmgg\"\r\nlast-modified: Mon, 04 May 2026 21:15:02 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: eP5ASykLt\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: apQAAABtq4nwWa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17945,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"a71c71b1badd2f064b85612fe4f64da1","sha1":"c3bfdb8bed201871ae20d4039bb2585dcfa66820","sha256":"51e17f2dd713ecd6df98474cdd9e367e989e0e508c7e0f79e6bc6a3c86cf3edb","sha512":"4776cab87f1e29f9eab2af824b727edd862966c9ee176c913645982e627e84f9702ce161b4f5fb8cddaccbe5ea6901386a46701411641c1972a9e2878821b1dd","ssdeep":"384:qCnMZ6Q5aN0kI/+bVSjLH35kxw8FajTM5mpNcAZz4FdmX2sqRSL:qN5aN0krojlkxwDm6NBZzMYX5bL","tlshash":"2682e1c7b9b1600618276de4b6b7b444a8dc4e8adf88ce1c6419f6f669cf572f2610e0","first_seen":"2025-08-03T21:40:07.649974Z","last_seen":"2026-05-11T00:18:41.265331Z","times_seen":14,"resource_available":false,"data":null}},"time_used":2982,"timings":{"blocked":1432,"dns":0,"connect":0,"send":0,"wait":1106,"receive":444,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/configPage.js?v=4/28/2026,%2017:55:48","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /configPage.js?v=4/28/2026,%2017:55:48 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 949\r\nlast-modified: Tue, 28 Apr 2026 09:55:57 GMT\r\netag: \"69f0842d-3b5\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ebbd587\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":949,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (917), with no line terminators","md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-06-06T14:57:21.016221Z","times_seen":1700,"resource_available":true,"data":null}},"time_used":445,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11070\r\netag: \"9d6366dada143310062f824e5f7dd46e\"\r\nlast-modified: Tue, 02 Dec 2025 14:08:23 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bxqDGKiDpIkikvByHGZ%2B0vtYJDDYVrkuLDs2yfVrMmvnZwkarsDtpzVemGrKy4zP9Q14f%2BeUx9cychfITPzN40P3dP4EePtiUAJ5di%2FSgfuyEWX1HJiXlDt%2BIIFTvNE9UVJo0TbBNGNSzFpCKAq%2FPGs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9305ca00b03-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e3\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11070,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9d6366dada143310062f824e5f7dd46e","sha1":"def0e81d351b0b1c8cec0603c0dfe6955438d059","sha256":"10b2cb9f1220e8ece8b47ee11eae49d1c947eec915c13165c241a59f1c8105e6","sha512":"afc9daaa38494954719bc7ef5f87c1bf6020e2d098b690a55d7f6ebcb26d463f6cd890941446e0c4cfc64771e8e7f74035e362c347f17818b1ec2801a2639f14","ssdeep":"192:6HWhsuhcANwPA6DmRamGZOxPCHE775EhPDR4oETR57jX:kWZhsDG8Olz75u7RsTXj","tlshash":"fa32b07de235930096a34cbecb5be3304bba629233b0b58cdc459df12597cb42e70926","first_seen":"2026-04-24T23:10:16.712242Z","last_seen":"2026-06-06T14:55:48.703762Z","times_seen":271,"resource_available":false,"data":null}},"time_used":1538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/LIVE.88ccbf98.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/LIVE.88ccbf98.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-f0e1\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 65099\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec5\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61665,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"372d01a2bda7ccdca1e7966af39c2327","sha1":"d438c1947b711d032c5621a6b4b08bbbca2c338d","sha256":"4eac7be4c06fa607ef5e95789e3ead43806bfeff97872ed6567e3810f2f661bc","sha512":"9f04160df8696cf984cd77604dddaea73969479e4f1c5050e53351df7f11e85d8ecccb14ecb87dcd58bea0ba04d9ba5ea3f99c69a179ba88ad38d5416b7a94d3","ssdeep":"1536:jTjrlfQBxhFWiXt2lnJE9mARbSK0k2C8ve1HfarCtt:jH1QjwWUC9mA10jC8WZfaQt","tlshash":"dd53124a2ecc3a1f7bf21e5e06f286814d36a186d0f9ba5bc6e70ef1218521de0e4535","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:55:48.662038Z","times_seen":1493,"resource_available":false,"data":null}},"time_used":3618,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2415,"wait":1203,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 65510\r\netag: \"1841972db1eb6b1b08f2b8849b98ffad\"\r\nlast-modified: Sat, 06 Dec 2025 06:23:06 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wipO79Uu%2BPcnoy3Wut48DU%2FMqQ45Lp%2B%2FIIr3ccxZOI4y79XwejmQCYCWcJGrIJ%2B3WJ6PUBW2UwH%2F2jhXKTp7OBVo7Ba%2BQaKHTcCX6cEl8q%2FQ54gPoNf6SwtGCm5unDGKCfehMzin0IehRd43zbIc0nM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c93079340993-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e4\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65510,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1841972db1eb6b1b08f2b8849b98ffad","sha1":"6194c3f706be3f6aa4cf9042d0cc4b9c2a77a1a4","sha256":"0b162dd98f34fc830303fa40c47a002b14c2b6f4947a7378247db3c924bb7fac","sha512":"e9fb0eff09d46b3c88de962b1d6a020fd55f98d777e56ee4a0ac8aa615d14faa3d95de3ac35a92451ef4be5c8141532327b97c6fa95d5090aa61847b2b24d370","ssdeep":"1536:HsAMZEDXiepWzfRKc7nC3BQkbf9ptwv+AOtedy3JMw:HsAMZwMrC3BVTtAy3iw","tlshash":"5a5302765eef65629bf42eeb0331c6856fcb5a10803814b83059e1e5ee85c29f61d372","first_seen":"2026-04-24T23:10:16.852267Z","last_seen":"2026-06-06T14:55:48.68158Z","times_seen":271,"resource_available":false,"data":null}},"time_used":1556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1532,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 43980\r\netag: \"fe9109b6cf4f5478cc8e8fa2df5009fe\"\r\nlast-modified: Sat, 06 Dec 2025 06:22:15 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XCKIl8oCszo%2BOKZQhHFQy0MQp0vtcV9xmxWfG%2BMrDgIZh1TcXtp2tdeaXxlm%2Ba0ts4dknkJtn9o5f4dIMRzAYVW3RHfVISQc4dFLAxoL1IfzMicZn6Ve%2FMoxoZa2jkdzKViziZHigePOA1TfoGiqd3k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9305a649b15-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e5\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43980,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"fe9109b6cf4f5478cc8e8fa2df5009fe","sha1":"c379459affae382d1bb8ebcc637a880c0ccc284f","sha256":"8a0f41c270d457f16992ae4d9cfdacaf31bc2e03526f377b557111ceb90bc056","sha512":"4d95fa57a6e2175f2e11a07e15ef45187a3d5e44ad567ec4634bdf5e35c37e1c88026663fdd6a583cf0e1d665f0fe8d12cbaa535af6189cb88977228ffd3c5ab","ssdeep":"768:mD/LEFkjJ0uG775vp9Y25iMxn46PWKhqrJ0bAbhtI0iSRXbs6nuxV8fnxO:mDD9jJ0p9J5iKnQKEriAbhtgcbspx","tlshash":"4c13f180b6ebb93680296123673378eef9c47a6fff44872aff82464699133743119d15","first_seen":"2026-04-24T23:10:16.768892Z","last_seen":"2026-06-06T14:55:48.603866Z","times_seen":271,"resource_available":false,"data":null}},"time_used":1565,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1556,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e954547acfd345dabda615592045732c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e954547acfd345dabda615592045732c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 5518\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 83713\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e954547acfd345dabda615592045732c\"; filename*=utf-8''e954547acfd345dabda615592045732c\r\ncontent-md5: GPAFIN2TOvxQWAsNxk60CQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fqw8ONr0-tiwxSIn8f0vyou8aWEA\"\r\nlast-modified: Mon, 04 May 2026 21:15:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: aGHM28ml0\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: kbIAAADHFWqEDq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5518,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"18f00520dd933afc50580b0dc64eb409","sha1":"ac3c38daf4fad8b0c52227f1fd2fca8bbc696100","sha256":"f1090576f06014bb6d902b02a5ef7efbf3c89e3e13db07921fa7cbc0a7c792c8","sha512":"6b662544b7277cb430b25c1f7b35baa4d02814a38eebfd9eab9217f39e50fd7b460d0b3277c09ddc36ea96617d720fc37d48a1abc40e2582551ef6522f0611c0","ssdeep":"96:lqBawNhLEHGOyOoCQtrybGN4h0vfch8/nBP3dOl3946e1Npx72GXsjb/njEkJ+Fn:lq/4/scbGN4EfnBP3gtGz1zxy4sX/lgn","tlshash":"7fb18ea9fe247ee44d69e0271103cd9dde43576bcb480d4dc25c8af46386b5cbd8250a","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-05-24T17:56:38.796143Z","times_seen":112,"resource_available":false,"data":null}},"time_used":2996,"timings":{"blocked":1426,"dns":0,"connect":0,"send":0,"wait":1101,"receive":469,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/help.4e3cf897.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/help.4e3cf897.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/index-399e2569.1777369843125.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2852\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b8\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"6dd52a6a4d07f2786b1926fac1b4b06a","sha1":"9c9908204401fbe65d33cf7df8881639d6aea37d","sha256":"e02471f47b506ab510d0e0dc4224cffc03c34f950b649ce347ccd71af0bcf0ab","sha512":"fdd52f532e5c2e2c182db20e2053eee0ca8c26cec51ff75e1bc341b01911461ac72fa75887fa3114188ba32aa6341c0974d81d071fc42b605e72f73dfb87ab9c","ssdeep":"192:x0C+pMwjX2XZ456BAJu+1KzdjCfDrRq6wUPlJyh2h4PAmWP5yQSkHxfYX32H5TRm:EjGXZau+1MjCrrRLlqGOnWcQSkRQX3IG","tlshash":"3822c054370836084f737a4362ac4e837a06040ffdf9b7919a6372659a5b94e44cfb66","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:21.003594Z","times_seen":1576,"resource_available":false,"data":null}},"time_used":1162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-svg.1777369843125.1e4dfc16.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/chunk-svg.1777369843125.1e4dfc16.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-714c8\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec2d58d\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":464072,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"17dc7d24243be411dfc65e6d3bfc3fed","sha1":"040dff237c788f6720e1e7ad8903f103cb86db73","sha256":"4296d5094a19dae430c40d8315056ffcd226eafe5012f293d988d2b631c682e1","sha512":"742a36b45941527965abaaa6e1443e4668e5af5085a1166b561059df61a9f42f0096cbc9f80dd9cd845cefd166d5d84a4e6282eb16100e078d28e6c0305a6a26","ssdeep":"3072:h8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:h8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"bfa4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","first_seen":"2026-04-29T03:41:13.396807Z","last_seen":"2026-06-06T14:55:48.631525Z","times_seen":361,"resource_available":true,"data":null}},"time_used":1108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/logo/logoWhite.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/logo/logoWhite.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 27 Mar 2026 09:31:20 GMT\r\netag: W/\"69c64e68-547d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464310cd5a5\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21629,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 318 x 144, 8-bit/color RGBA, non-interlaced","md5":"0fe99b7761db545277ab76a5eac225b7","sha1":"c0ae9d5f9473be88b84d7d46d1efc51283a57a76","sha256":"e74b087729f820069fc590a73411d4b19d3da8a22ad1d127d4e4109be832cd97","sha512":"848f1da518a00ef98cf0e70429260b91720d3f139ed89714536d0a267aaacb8acb9779dfb1c0b42b134f81cb1ec0f5af97a160f1fc327750b111e88d7c6cc239","ssdeep":"384:Ok3FHRYfLVQEST+Yh9YDQiIkXnq3H+PxYi5JLL5PI4v2Kee/0Aytd:nFHRYfL+r9AQiIk0H+ZRGQHee/yr","tlshash":"aaa2d0d63930414ec49128de0fc1b9285cb6858847fd1e944f9f5eb2b4a3df62b4b368","first_seen":"2026-03-22T09:12:55.770605Z","last_seen":"2026-06-06T14:55:48.671348Z","times_seen":393,"resource_available":false,"data":null}},"time_used":1464,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1464,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/b32fc79342fe4dd3bb44e78a1b795978?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/b32fc79342fe4dd3bb44e78a1b795978?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 18876\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 94557\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"b32fc79342fe4dd3bb44e78a1b795978\"; filename*=utf-8''b32fc79342fe4dd3bb44e78a1b795978\r\ncontent-md5: Vhbq29DSfuqAv2GrfsBlCw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fmuq5hZwvnTG5JvCbZR2i1EIx-y0\"\r\nlast-modified: Wed, 06 May 2026 09:02:28 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: oMvmMMvwN\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Ij0AAAD3Y4anBK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18876,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"5616eadbd0d27eea80bf61ab7ec0650b","sha1":"6baae61670be74c6e49bc26d94768b5108c7ecb4","sha256":"a10d59fc846c58cb78ddb0422ba9f66dae1b077fd7b53657889292ba1e18d887","sha512":"488d232ed9e393912bda7dee640635d88cc968abdaf3e3599401529c1f7450f216e5bc532ce7f7a9bcfbcbb1eaca1b5d5758bf00896dc96469683f7b87a41069","ssdeep":"384:1hSCGsjfxBt8ckNGiRTbMMs7hqQynw8857AR7exS1nfS+fiujC2:19PqGiFb6cQynw885ERRxfni2","tlshash":"9a82d1d53395e1eb0d6fe61253eb5a916474b8eeee414c2f838840844dd3d2d5262379","first_seen":"2023-11-24T00:58:42Z","last_seen":"2026-05-27T00:31:53.076477Z","times_seen":170,"resource_available":false,"data":null}},"time_used":4728,"timings":{"blocked":1558,"dns":634,"connect":250,"send":0,"wait":1264,"receive":336,"ssl":666},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/46d7d40dd1944b45bff50f23dbd796a6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/46d7d40dd1944b45bff50f23dbd796a6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 17676\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6035\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"46d7d40dd1944b45bff50f23dbd796a6\"; filename*=utf-8''46d7d40dd1944b45bff50f23dbd796a6\r\ncontent-md5: xpNZpbCxCUZBQNNYHqazMQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FnCbVE88MfKmIOR2FuTw7T5jNpda\"\r\nlast-modified: Tue, 05 May 2026 03:01:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: Mtltsrz3K\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 5N0AAAAaoEgqVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17676,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"c69359a5b0b109464140d3581ea6b331","sha1":"709b544f3c31f2a620e47616e4f0ed3e6336975a","sha256":"4a40feb2b5aa3ac26b5fab308703463a1cd037eb0baedd576f96911cc8e6fec9","sha512":"6327dbb96cb6a8b27095f35d68ce52278e07c04f9099513a0d264d16dee23bb0b08788837ec2975612d48eaa4956085185b512e64eb81f5b520a44d14031c395","ssdeep":"384:6JTrMFZoQ3damGODPcSxKexY63clfeAS/Xn:6VIFZ9aPTSxXbc1eAan","tlshash":"0982e166a6b8fa6481227f002d23556ae371bc30d53f97e8d80dcfb48a2e8457c34b95","first_seen":"2025-06-30T22:44:13.730069Z","last_seen":"2026-06-01T23:48:52.21418Z","times_seen":27,"resource_available":false,"data":null}},"time_used":2666,"timings":{"blocked":1495,"dns":0,"connect":0,"send":0,"wait":1075,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 36728\r\netag: \"52398a59ef91dae075d096fc4ff3afd5\"\r\nlast-modified: Wed, 10 Dec 2025 10:48:28 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mwgC5aWHkLYCMbEBgMz0us%2FFawk0ebS9h9PNLLbQeE7InUOpERoScSyP8PvVQ2ToEfu45p0PfPdGNrgbUsYgk8QWVBrhp9AaoQkAG6vT5WokREDcJL%2BN%2BFxk8ZStr7hngKdCIJJQ9rkt7fsP4Ik5XIU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 50201\r\ncf-cache-status: HIT\r\ncf-ray: 9f9cfe70e84a09d4-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644209d5d0\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36728,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"52398a59ef91dae075d096fc4ff3afd5","sha1":"715ca96c95f7b75bd6343de6602afcc7e7ccf18f","sha256":"2e8e6e9cbe50fbf5f51840e5623faf0f36db820671ff2be4b6b081cb1291e12e","sha512":"c07a7de6ef0d1d3354bcadee066770459b970a5055407f504cfdabf079769658313aa63c703e8368197fd058aa17ef6dcb3370f91b189afa43ca1d9fdb4d348e","ssdeep":"768:sBvs73CSqIdqVjockR0g1C89hQMFd0gAgojNSB5uZE259v14vG:sBvs7vDacRR0g1C89hV0gA9SBgn59NSG","tlshash":"7cf2f173d312052e65293ba2aa1c6b7b2cff7e34c77d82d150a278570d01adb07ac764","first_seen":"2026-04-24T23:10:16.817294Z","last_seen":"2026-06-06T14:55:48.605492Z","times_seen":264,"resource_available":false,"data":null}},"time_used":1427,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1391,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 72760\r\netag: \"f3567ecc873ade2418801f0f5a4a755f\"\r\nlast-modified: Sat, 06 Dec 2025 06:17:08 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eoFG%2BZCjfEZF5wWvBsPR43gASxKIZLZnVZlAgIXe9MWQKfRgvKTcdBgv%2FstqAersQT54yj3dPQvp6JETLMBF38SJWxb7BDKPXGhLHCRJU1K%2BS34nAUKz86gtQe2Ngw4APIs8c%2BTCzLM2kBnazlXpirQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9307abc0f14-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5d8\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72760,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f3567ecc873ade2418801f0f5a4a755f","sha1":"e8fc02b34bd284bdffb53faea4cf595658b0313c","sha256":"4b1a175ed7a2578bee0892a9483844a11bd86070caf612d6714d961747b38420","sha512":"857339772b7cd720df654fc85ac26d103e6cb1ef75e2e1b3dd377b6403b34112dd44a07521fdcd476bdb0b657c3525cb25796ad3ae24a8820ef947c6718d9c44","ssdeep":"1536:GqiacLi4hDdd3WrRvp1BtjWbzMEws521D5kBTVhe3w/PKgXJcuSOe:G71L7hgrhXBtjgzMEF5A+VkEPhNe","tlshash":"0b6302ccd2cc9aa0c4a46cd7f4057b38a962b589664f997303e2e387cac4bd917171bd","first_seen":"2026-04-24T23:10:16.730515Z","last_seen":"2026-06-06T14:55:48.706328Z","times_seen":271,"resource_available":false,"data":null}},"time_used":1325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1312,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6477c90397724b0389e02cae0809b4e5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6477c90397724b0389e02cae0809b4e5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 33203\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3728\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6477c90397724b0389e02cae0809b4e5\"; filename*=utf-8''6477c90397724b0389e02cae0809b4e5\r\ncontent-md5: 3yG5J1BjXjhRIZEOlH5gOA==\r\ncontent-transfer-encoding: binary\r\netag: \"FsRr5QqymLOSDg1Z9M_ha9xxfDk6\"\r\nlast-modified: Mon, 04 May 2026 21:14:56 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: wAkkQo2gY\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: k-wAAACv91pDV64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33203,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"df21b92750635e385121910e947e6038","sha1":"c46be50ab298b3920e0d59f4cfe16bdc717c393a","sha256":"7b6636367db9a95d66ad9434e00c42f43d232ed676bce147ae4d44c320427669","sha512":"47ba9fcf91bd8f5d14aa545d1f8f41012467847374617052cef21362c8c2af4528a7006b3d14046f9b0709afd70e3df6ac2603d911432d3fae70d01b482825ab","ssdeep":"768:NW3C47DIx6fidrpvzyngk9886DYE0BvbHpCSRHqNIln7XrG:cZziDO9HS0mNIl7Xq","tlshash":"9ee2e1339a0d0f80671d59830e5e83306746afce9b676a06deeb3f364a6d602ee19145","first_seen":"2025-07-30T10:38:02.078481Z","last_seen":"2026-05-11T00:18:41.258392Z","times_seen":13,"resource_available":false,"data":null}},"time_used":2800,"timings":{"blocked":1459,"dns":0,"connect":0,"send":0,"wait":1077,"receive":264,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f8306425eba6e0167bcdb25a31b67ec8f","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f8306425eba6e0167bcdb25a31b67ec8f HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: dzje+WPDMbEkb/6VI+cfh4abXJQCEWlqWCeRHHjwWLuTCuQmtFXAyX2SeMgA52r/S/RGNuHZsRo0qdMYCwxM4iLOHucI/S93X/AyMQp/f8t0BCZvR2YtQw/ujc0ejsehRJWb3lCw+X+glvrEHs+wB/8kY89PgyRw5JtcLKRW+Yk=\r\ntimestamp: 1778458573102\r\nsign: 21403u4m4m3i7j7d\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:19:13 GMT\r\ncache-control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439cfd5c2\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3849,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"3bcf0da56e368a9f5450eb269e9ce9a6","sha1":"4f6e50eab0df7b2d28a04850678937d8ecbe40d5","sha256":"02da545bf587fe156955890d0b3f92a8ea77f326683fc709adb65f695a62d103","sha512":"bccd4f5e92c3eeca8363dad85f5d1932cb88cf8cd85c366b70cf313b38806b3dfed5e542868ad96baf8a29be84baf79218ed3edcd2c61324d2140b9737e61476","ssdeep":"96:eOGS7hTEAzTPZRNe4vK2Ha1A5Zfzg4j0RdyQ9LGoI6OQnemJmVT12FqhuYRTYx:VP7SaJe4nHKEzgvR0Qo2+fFpTYx","tlshash":"bbc18e82a727af20e1023cb92833d7d11ec26f54ebd11944e8352a962ff465f5bdd702","first_seen":"2026-05-10T16:58:50.28345Z","last_seen":"2026-05-15T07:18:13.723972Z","times_seen":16,"resource_available":false,"data":null}},"time_used":1654,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1654,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7390\r\netag: \"f111a1ab6243183e54c8c152a111da67\"\r\nlast-modified: Sun, 09 Nov 2025 14:10:40 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=msnjI9BKZHiX579MKM5AJCe%2BvntSUU81kVedrrMcBBhhd1AiE1GGVRiEfRtlrejmFe6no8FZmB8V%2BI%2BER84%2Fc8ZfwFdmn9uMOLcFQpM3BS6Jl%2FyEqGJItRmy1tjOUztnQVAWar8pOw7iePlqvvNX1BM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65088\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c97108eae2f0-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13edb\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7390,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f111a1ab6243183e54c8c152a111da67","sha1":"64384e28a720752201bdef5fb2d779e3b9c85f09","sha256":"5cc2cf8571b6a9483514b5a6a4624cf867c12addfcffa3ed0ca5b24a2354dda1","sha512":"38c484611e089f275c9cad39c3978fde5cc040959db3de91ae8744ce33f66b4ecf40b01f464e2081395aa408bbbc6a6c7bd845799ae892a8611b04c24c2198f6","ssdeep":"96:0UX6jHvysggvfrPtYvuy3/9Ic5G1SB2P80d2QWAqhs0ufLIbqvfgJ965FkBYUU:vmqsggvf5Uuy3lQ1Yues0uDlngJY","tlshash":"4ae1bf2cec9e39805c1c3cb8a451111c6f08688cadcc8cd55915be29f277beab5d6e41","first_seen":"2026-04-24T23:10:16.706864Z","last_seen":"2026-06-06T14:55:48.668008Z","times_seen":255,"resource_available":false,"data":null}},"time_used":4570,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2461,"wait":1207,"receive":902,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/7ce098a13e1d470c95ea980986cce589?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/7ce098a13e1d470c95ea980986cce589?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 370599\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 85549\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"7ce098a13e1d470c95ea980986cce589\"; filename*=utf-8''7ce098a13e1d470c95ea980986cce589\r\ncontent-md5: hfIh3+zcxgSeSbv3NyGDwg==\r\ncontent-transfer-encoding: binary\r\netag: \"FnUtVbdLiKI5wKHdbrwmp2AAFlnb\"\r\nlast-modified: Wed, 06 May 2026 09:02:30 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 6L8kcp0Nx\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: yfkAAADJWuLYDK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":370599,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1816, 8-bit/color RGBA, non-interlaced","md5":"85f221dfecdcc6049e49bbf7372183c2","sha1":"752d55b74b88a239c0a1dd6ebc26a760001659db","sha256":"c0d21509ee99a2172804d23c7553f7cbb9c0e992ff68dfaf0de9802f612e92b9","sha512":"97a4427a02515ff391b0e05ff5a0f81371c6521cd05006d10b6def1bfd1675a3eed6a9f22d75d28e25ed66a9cb32284ae8febe6710b54264531f28ed570b4150","ssdeep":"6144:U2I/1qfMUpgWT2WR0D7T9EtAD3ozfC93KqosaL+XJRHoEHhe86pdBOut84mYTo7h:pIgEU2WT5RM7T5oTWKThERIc6dOutm/","tlshash":"367423f4496300e2ae7b4f59b5d6d11a8472612fb3266e4c674079480c048f7dfa9ecf","first_seen":"2025-01-29T13:39:14.716249Z","last_seen":"2026-05-13T08:34:11.861188Z","times_seen":112,"resource_available":false,"data":null}},"time_used":3421,"timings":{"blocked":1425,"dns":0,"connect":0,"send":0,"wait":1103,"receive":893,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-11T00:16:04.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:05 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458565=k+PSB7omZa8I33GtUnJy4NetQjmVgv8QjzCi0J7rcNFoIRrCb0y6t5keTOxZM0eHsW5lEo7Xnw9FzRKKyrn9F7lxQKz3G4qmaZ2rnWytkxDt5XOowdNavd1SZCKf8aYIyMG2L3LMfcbiCn//3LXSMq/f+Kg3q80dY7d5VYzbtudhqQYCeY6w7Mfgqs3ebNPc\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641c4cd586\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"GeeTest","description":"GeeTest is a CAPTCHA and bot management provider, protects websites, mobile apps, and APIs from automated bot-driven attacks, like ATO, credential stuffing, web scalping, etc.","website":"https://www.geetest.com","common_platform_enumeration":"","icon":"GeeTest.svg","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24409,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"de12f9ef6903679d754b67293200edd6","sha1":"fd38488a0db4f56c62536cbdb4c5957ca9091148","sha256":"735a322de1f2ded527f569184d7c6c57ddaca2726df1b527386667704e130688","sha512":"6e460e29f99686c44c928a124be7cdc3b1633d6584c9d7e0256c69a1d328ec0cbe7f401d79385a18d16d458606e132567e8f7fa5e4e7ce56a3ffadc6c7b63b95","ssdeep":"384:Eo3ERrxqNBPJ+96junwIX2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:EpRVqrJ46junwIXiNYiKop/E6wkpcu2T","tlshash":"62b2185a9df349762523303a1fbfb20879b0c0274209ed443e4de7594fd59aa42e3be6","first_seen":"2026-04-29T03:41:13.317002Z","last_seen":"2026-06-06T14:55:48.665267Z","times_seen":357,"resource_available":true,"data":null}},"time_used":3080,"timings":{"blocked":1310,"dns":369,"connect":310,"send":0,"wait":457,"receive":0,"ssl":631},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/CHESS.80cb714e.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/CHESS.80cb714e.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-e587\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 65099\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec8\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58759,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"727b4dc207a4141335b27fa73f76fb10","sha1":"bb63b02e635f5503d76c4fc3532c2c652a06cac8","sha256":"5d840214ae46c94540df7d0a94963cc398b32c7b868edddb6a4f2a2faf113e42","sha512":"c1512f9d9a191ea10e806fe3a8f812f78dec9832568373b7b5362fafe9aef6783947d248deb2fc8d30ba1c61fd3b94f308298e69c1de32686110fa35f7bd4ed4","ssdeep":"1536:gtPCh483gu6aLw9AJeteTzkprgTWEHbP4BzrJ:344U9Xte3kprgKE7gZJ","tlshash":"0543025a13c1159f422f37b8148758a6d8154f9f38f32ea11a9e2afda58cb0af431c3d","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:55:48.707969Z","times_seen":1497,"resource_available":false,"data":null}},"time_used":3618,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2414,"wait":1204,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/EGAME.d289cd48.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/EGAME.d289cd48.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-e89a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 65099\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec4\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"eb8991eb9e0db175522c914343f0a10a","sha1":"ce2d41b154df64421d46bceaeb9878da455592dd","sha256":"b837b4e9fc693e5c65eb049c56547caefe1cf73ea31ae59f95ae46d052fd36b2","sha512":"7d2a886e3ac412f6ea1b1ba290064373e1d07a0751bdd7f546af3116ad057d1f17bbe4847179cdf87297a967c0290280ec0c51ab9bfdeb1da0b881e366eb19a8","ssdeep":"1536:hvA9R/SReJczzaRBd6s3DhCDnQcvyFVWGDnmhKYNa67:hIPVczevUIhCDnQc21C7Na67","tlshash":"dd430276882a8fcd499304944bf9afe164eaf19097b3cf91f24c5fe0423d184d881b6b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:55:48.69462Z","times_seen":1492,"resource_available":false,"data":null}},"time_used":3017,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2410,"wait":607,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/373e9fcef9e34ad88251819c39fbc432?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/373e9fcef9e34ad88251819c39fbc432?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 12220\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 94557\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"373e9fcef9e34ad88251819c39fbc432\"; filename*=utf-8''373e9fcef9e34ad88251819c39fbc432\r\ncontent-md5: GAVUqswpG4L+gkhl36otdQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FsZ91tmLlq3bebQpTKgKMQK7z5jT\"\r\nlast-modified: Wed, 06 May 2026 09:02:28 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: p3C4xOEaH\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: NTYAAACxRoanBK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"180554aacc291b82fe824865dfaa2d75","sha1":"c67dd6d98b96addb79b4294ca80a3102bbcf98d3","sha256":"d6040cb887ba3ced22e89b047e81436d2e7149651e4e2fdba193cae3f12fa48b","sha512":"250f4fbc819dea63b834da9cfc85a16146e6204578857c6c8ddc0564056112c02bb00a8818f5d2bca943e890642b5f1be6d9097e070b68c76e9813cc0be891cd","ssdeep":"192:v0GDwd7lqR62IO2FZtILS7Ql9087j1J6OZbKu7fVqqKPcMUPdntI7ZbTBooT55z:vnIla6s8zk9FbZZbKSfVJKPcMU6Zbd/v","tlshash":"c742c0b4d31a2562a931570bc800f0bef65f079f42a722309f643a5fb3338a4d5a43d1","first_seen":"2025-01-29T13:39:14.883319Z","last_seen":"2026-05-27T14:35:19.945761Z","times_seen":138,"resource_available":false,"data":null}},"time_used":4800,"timings":{"blocked":1568,"dns":628,"connect":242,"send":0,"wait":1266,"receive":403,"ssl":673},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11602\r\netag: \"5b6551f12b1b84f1734c1a1990de36e3\"\r\nlast-modified: Tue, 02 Dec 2025 14:08:32 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=89HzEg%2Fa4bF1X%2BaXV%2Fs5dRqvmpoReGNyCsASVBV2LgDUuMQf%2FxUxzfyE2G61UieIb4Fz2U2pQ1xQKPbDOCkG%2Fes4TOCIWcI%2Fr%2Fn%2FeFauScpc3hgw%2FR42ZDwX6%2BzbZJtwTZsDsQ3QiHv73SVuugBbN28%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c930481f25e5-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e2\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11602,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5b6551f12b1b84f1734c1a1990de36e3","sha1":"4a9abbac21133dee3830561cdd3803655c193744","sha256":"fdf8c30716a64d0ba082686010f70ff0347eb4bc57f861ff9ca67ef41700059c","sha512":"c02da03187076f9921fd89e31f1d92cc60c78da95d5b35e179d76d11842191eb9f52431e4a7322e0a9c5d6d54b8c484aa6dea6d6f653557818f3383300b97f61","ssdeep":"192:U9/EwHQZEoeKC69DzEtpjQM8dUNCtSyj2OG5hSutqwILUXr/mt/XqzLYKHiifMfi:4/EwwZpe4Y3MMqUN/Qlw84IL4/M/an/H","tlshash":"0f32c043a66ed2fab717ab660556d304de22e0d468553406d7ebd43a302effeb180d0b","first_seen":"2026-04-24T23:10:16.72574Z","last_seen":"2026-06-06T14:55:48.612666Z","times_seen":271,"resource_available":false,"data":null}},"time_used":1538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1537,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10536\r\netag: \"83c227836fb01b2cef7c240c8d45f098\"\r\nlast-modified: Tue, 02 Dec 2025 14:12:09 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FDnOkNe1MfdnAoI6YwFeAx9s8eB1i6JUrUPl%2B54xsoCVb5rvDWqhFeapZhLjxuJjo5yn%2FCbiieg8Nao0RzDbK6whlWD5PakwFfnXQIEM8wLmmYo0weUuh4XgyTkBBeuJbM0mVO0GfryPASx%2F34FTA2s%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054dfa670701-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed1\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10536,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"83c227836fb01b2cef7c240c8d45f098","sha1":"fb1e1f8ef0fa166415a743fe004d926e7b040aba","sha256":"54544e3d3311ced9fef367585eb60a15e3bf7d8490ccb2098d7e76d59fbc1fea","sha512":"d41d274ecb2373e9f9eaafe28710226a6bdf54d4c0c8a24c9b04fdd18a6d7fb71611dc0111f54fdd6750929bf002dfbe4a2822fd77f455f850d3406671b6d499","ssdeep":"192:6Xrxa2Dv2+2JgMsTWhgDPkmw0OwIK1AmEIDvWrxaiXFr0NN2uCd16Abhu:aa2Dv2vJmTcgD8mw0ODBmilaiR0P2xJ4","tlshash":"d922b0aad71a5b23ca0056163f7f3476c1567c371b2eeca529eebd0112309e469f9313","first_seen":"2026-04-24T23:10:16.72265Z","last_seen":"2026-06-06T14:55:48.710326Z","times_seen":254,"resource_available":false,"data":null}},"time_used":4266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2456,"wait":1205,"receive":605,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0742870b19714f9ba10f6c8f997ec83e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0742870b19714f9ba10f6c8f997ec83e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 15192\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 83724\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"0742870b19714f9ba10f6c8f997ec83e\"; filename*=utf-8''0742870b19714f9ba10f6c8f997ec83e\r\ncontent-md5: xgbEgiXCrcCzulvNUcWMFg==\r\ncontent-transfer-encoding: binary\r\netag: \"FtHH8EEyhM7cSc1olRmw-kvQFyDh\"\r\nlast-modified: Mon, 04 May 2026 21:15:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: PnVmZq0Q1\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: nWoAAAC0YsaBDq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15192,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 221, 8-bit/color RGBA, non-interlaced","md5":"c606c48225c2adc0b3ba5bcd51c58c16","sha1":"d1c7f0413284cedc49cd689519b0fa4bd01720e1","sha256":"4a729e6248235e426d81a76ffab923a009267907c8c9d8df10c2c4daea69b0a0","sha512":"3406c8e2fe668ae9ea85b3ccab3dec6603366cc8b5c48039f481430228d8e5664404285d8de75b33a4e1e2cff3fabc2005b7fa66d1006361c8207ce0ba99172f","ssdeep":"384:lmE39xvqYfOB9aogmVSQ6ow1uZzQInm9EtuQ:8ENxvffbog+NwwUImML","tlshash":"9662df2cf70139f487a6289ab20155baaed04abaf8a08df51ca3bcdd4e087123d33540","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-05-17T02:46:48.371208Z","times_seen":64,"resource_available":false,"data":null}},"time_used":3078,"timings":{"blocked":1426,"dns":0,"connect":0,"send":0,"wait":1269,"receive":383,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 47886\r\netag: \"ba0be3142a5adac8fdffb8c21b319dbb\"\r\nlast-modified: Sat, 06 Dec 2025 06:30:09 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8KXzMmKL%2BwMJalksgfEo0ST8l%2FmhqTxjUwG%2BPAGYvFMBkDkLNH9zWxv%2Bq8UEuLrP1mnvfGk0U6NL0xHzHA0EoBidWVM%2BzykLFydfPVp95jDrit2K%2FWc9X9tbcOzEwbdv6PPVryeQW9nPg5yWop5Igc8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9306c285ea6-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5d9\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47886,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ba0be3142a5adac8fdffb8c21b319dbb","sha1":"86a3734ad3716c5ecf67412f804a881fc9eaf4ca","sha256":"c3d9e9184bc542699b269037e068dd63803352fc1feaf06695ec888185f77bd0","sha512":"da43e90eef8c8f0aa5daf006910fe64bb579b9a0083df3c06b0f21c8f175d5dacc0b31009365ec391f0482e62f0b8449b98407b5a2423c20fc021aeead097296","ssdeep":"768:zpFTQF6ySs7gk0G8b/lE4qxGPlMt63JKVB/JmKjmz+0N2pqQg6yQV:fpyt7y/y4qoet63UbJRa+Fqwy4","tlshash":"ec2301147718d91012a1a6dbebcc1b6d6cae4947a4457a338d8770ccc7bdc9ee53ce82","first_seen":"2026-04-24T23:10:16.87696Z","last_seen":"2026-06-06T14:55:48.620937Z","times_seen":275,"resource_available":false,"data":null}},"time_used":1326,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1324,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 10174\r\netag: \"786d2731ac4145dbdb474c2ef236dbe0\"\r\nlast-modified: Tue, 02 Dec 2025 14:07:48 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=46%2F%2Fg1RDmOxkAE165gbU1OnzF%2BbL2PwTlp%2B2dpLmjpwIjjtykFnVeoC5vcDSDhtQ2RjGD8r00TxsQpoVWpI%2BV0tCufPW1%2F9UwAdR340%2Fkw3hXRz6S0bIPRu9jxtzJyB9uJq8i5lFsKGf8NwugCj6sKU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c930788a08a2-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5de\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10174,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"786d2731ac4145dbdb474c2ef236dbe0","sha1":"e25bf96d16a7d8c9ba8cb8977c5223823b576354","sha256":"a5582288a05ad90cab5e153a954cc868cbf69672d5811c24564ed2292638b772","sha512":"aab8876381867a1eca57b4f3b8c18c5244840ce1283a71b3387e80ea096b2c956dd8cd3461861cf6be2d063f980a1c59495aa8d3c47f1579017239ac07ecd1c3","ssdeep":"192:Oz8jXYXj6SZFy5siAvpSdg/2OwNHKThGZ0G9g1/5gqWLbG0X6YqIsyT:nXbMFy5siMSdNQh3oSe6Ye","tlshash":"1c22afa5b4ff3f61484df1f1f78ad342559a697432be475d79b5467218082988c303f2","first_seen":"2026-04-24T23:10:16.833619Z","last_seen":"2026-06-06T14:55:48.703189Z","times_seen":273,"resource_available":false,"data":null}},"time_used":1339,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1339,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 54466\r\netag: \"d564e11aa2a3009b6985896da404739e\"\r\nlast-modified: Sat, 06 Dec 2025 06:22:05 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JBaR%2BAGeXX%2BA4SFkLza36BCxMNBLnz22276UIk0bNrvY8Int4SAk8RG%2BEll2plGD9Sg6XPH%2F9FrvNzoCUdTjch2KP4lx3LEnIo7iMK9Q5HzsM7IKaUvUedWj57QwoZfmSAumSzRThR%2FIxjghGytsImc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9308c1e0998-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e9\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54466,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d564e11aa2a3009b6985896da404739e","sha1":"5701d82c9e2fd24ec69db4bdc9ee3e32cffca139","sha256":"75d785fba01e17e56ae0ba404eb302e8537d3a7b7f84d11128164946a3987384","sha512":"1f6a7673f6ccb42f0f1e5135154db412145225615504419fcd52655726f8ac4c85ec419c54167c1d4e71c60cfbd30f87f7bc07d53858adb3e30e184f2fdb5623","ssdeep":"1536:+USdyAD4v4ReUeNhO2po1VPvBu3czLES5WjB6lieR:Wdym04TGeLvlQAC6geR","tlshash":"fa330269024c6463719556f833feb42aa760a7c63801a4799a8f3594fe24ce874cfd6c","first_seen":"2026-04-24T23:10:16.721458Z","last_seen":"2026-06-06T14:55:48.688259Z","times_seen":262,"resource_available":false,"data":null}},"time_used":1915,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1588,"receive":327,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 52456\r\netag: \"c545c93beaefd4bd61fc5c1b18fc1cae\"\r\nlast-modified: Sat, 06 Dec 2025 06:30:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2GFCLnyNTQ5CI7gE9QdML9ysc%2BzMJf%2BdP%2BRHeOgn%2F268NQbEgTP0i1cgx1DXyZRYCtVWj%2BrgELssrq%2B0YBuBlIKXxIx422TMQ7FynulWtdfuId7hYEvOIxEG0mM0TL57oKbGnxmhpRaNLe6gc3NjAqw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62632\r\ncf-cache-status: HIT\r\ncf-ray: 9f9705669eafe2f6-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ece\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52456,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c545c93beaefd4bd61fc5c1b18fc1cae","sha1":"19a7126947210454bd434f5642d579bf87bb0e99","sha256":"c3a29377aa06329a7068664cec9166fbcf02f0724f8938eac5106b1c3a6b4644","sha512":"bff91a20b5bcb7b7eab35453005dffaa98033341f7eeaaec88a0c4b414d0d06511b4c05ebb0c3723aaaf654bc9f0c372ad3b5b288030b1d899736b27b84f0208","ssdeep":"768:n4M8fxEbpGtvfqj0Bs8GkjOhpAh9bzillpUed5V/7hz9WJVI7X1BPFLN7CLrJneU:nifKNsXI0ex7lgVMPZN7ErJnnZ","tlshash":"333302a0d69cc510dbf8d6bf0a5130fc5e88fa501ea53bab4b804cdd889e5e4e51f60b","first_seen":"2026-04-24T23:10:16.825501Z","last_seen":"2026-06-06T14:55:48.687008Z","times_seen":252,"resource_available":false,"data":null}},"time_used":4253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2446,"wait":1204,"receive":603,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/left.34013cd8.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/left.34013cd8.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\ncontent-length: 237\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: \"69f08424-ed\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b4\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 44, 8-bit colormap, non-interlaced","md5":"5ecca260da6fc5e2843405c20ac69817","sha1":"3918cfad7493b6860ded9e259ba90bc6a853f1b1","sha256":"078a4aac39c49a33cbabf23cda7579fa7b76e875e6b6d24d16cfcbf9f8b250df","sha512":"b76a870a79a87a450e5d30a218d75093b57415c563e64a8ffd6839a31b36379dbc08398698b9c1368ecda671d65045d5cfebe3363b98d746d89dcaad15bcd8ce","ssdeep":"","tlshash":"6dd0a99be2076faed1c70bb3732e0ca18a8124e892944b088042c622ca663a1dd82042","first_seen":"2025-08-29T11:05:53.221032Z","last_seen":"2026-06-06T14:57:20.957152Z","times_seen":1572,"resource_available":false,"data":null}},"time_used":1771,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1163,"receive":608,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18518\r\netag: \"aa3d869158cd9f4a691ab5256b366ce1\"\r\nlast-modified: Tue, 02 Dec 2025 14:07:39 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hDH40K6mHrrK6jEco38ye0MiVHB%2BaE%2FeKRnw0CUsa6i4DxWlsFqau02Rvz34xyOEA8dJOs86gTfEp9Wuooad1keMJZWKRFk009cfm34pbzdoFb%2Bjp05jeq%2BMqPJZGvNLdO%2BXswdXSPVrVGDXdj2zFOU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c93049ecf325-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5dd\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18518,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"aa3d869158cd9f4a691ab5256b366ce1","sha1":"46a9a87daa6c88e7055d5286cbc30e5a30bf34d2","sha256":"cacdf3b3bb35cc05bcdbadac055a705917d7ef2e422198f081e2482ba755eb5b","sha512":"d791059c03544004a3eb112223fdc6f44828e2ac740fc99c53aec39007ab4af73c6bdc3af541c57cc2805993d9f938bc1aaa46b1252c28c55d68fd135ac89ead","ssdeep":"384:+/SrnnTDDsTm3Dgi6CrYqpWrWrM5LW7A1zNb+EIItGXfeXCq:+/SrnzsS3zJiK81hS4","tlshash":"fc82d07a08094e73b16953616be5e8648b174f58100da7bf3d0166c9e32de6f74b80bc","first_seen":"2026-04-24T23:10:16.832516Z","last_seen":"2026-06-06T14:55:48.63872Z","times_seen":273,"resource_available":false,"data":null}},"time_used":1339,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1331,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/theme.config.96698fb2.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /theme.config.96698fb2.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1a625\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec2d58c\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108069,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38260)","md5":"6a9a87f3e8804b6c2e87c2ef64cb06ac","sha1":"b57b77abc2f2694ee5b5404a08100b3bdbae1dbb","sha256":"1597153bb2084ffdd78db4687cd9efcd0d7d54f7f460c9b717988ff3dc4f640c","sha512":"5d9bbb05a39e07f2ccf8ac572dcc12d0ae5af13998abb2a6167619b1774272761b562cbbd40b287c404261553e88a7c872e1cfd2943678f59422161d10cee15a","ssdeep":"1536:D2JREobpmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qYtlGu1Jnz45Hl","tlshash":"23b3bb7ae20c963a6177acbfb46de111c12e9c0cab1d5fdef03d60a25710669c831de9","first_seen":"2026-04-29T03:41:13.38605Z","last_seen":"2026-06-06T14:55:48.679031Z","times_seen":359,"resource_available":true,"data":null}},"time_used":747,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":747,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: R5/tvibXFZ8zyj/N26GpdeZRL/F1NlEehrkRKQEjSMjN87a+B+8Hbwh8FtPkQNtQBhZHn2Qj+3sCt59v0+D5WwO5tDCMRkE3Bat0RVZ29f2tF251C6BlmIMPhewmveNVTTso5p9C+vvA0U+5xDGkh4V/JrnwgnHVUKKIyeVXc8M=\r\ntimestamp: 1778458573102\r\nsign: 1l5r6o4d7g2p2h12\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:26:13 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439d3d5c3\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7331,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"f9cf5fd42c45394708799f681cdf5fdb","sha1":"d680e17d8b539a313433e2dd4f8929e9b6ab8636","sha256":"b01e8f777ca001d055a0f7954f406e01c5c2b770262b7ef76738d953dde626db","sha512":"f71f2eea855bc5cf5368a3bc5a2038ae3d3be70f0f93dc4c5fa7e0023d3d79c0286b10d3022e73876ea586098fd92fe89a4915d3064af5e3eca089ce92bdcc98","ssdeep":"192:VcXaHYh7BkWN/DwxL4jipSGv3AY5roc3GrLI4irw9bdWanVAa7aqr:GqHYjkk/DwrpSGv3AY5rT3yw4dWanVTz","tlshash":"fe32be570b52e3a0269cd4f8e5236dc11aab9acc80bdabd5d274c4902fde7d075cc8b6","first_seen":"2026-05-11T00:16:59.188576Z","last_seen":"2026-05-11T00:18:41.230049Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1650,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1650,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d422fdd9538640a3bee9bcf810c5297f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d422fdd9538640a3bee9bcf810c5297f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 105382\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6050\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d422fdd9538640a3bee9bcf810c5297f\"; filename*=utf-8''d422fdd9538640a3bee9bcf810c5297f\r\ncontent-md5: 5Ra5XLXLJp9XVUjOkKXqOA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fl6CJn67q2S_zqM5-xtVt8S4WtTm\"\r\nlast-modified: Mon, 04 May 2026 21:14:51 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: PF8goylZk\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: LZgAAACE17UmVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105382,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1224, 8-bit/color RGBA, non-interlaced","md5":"e516b95cb5cb269f575548ce90a5ea38","sha1":"5e82267ebbab64bfcea339fb1b55b7c4b85ad4e6","sha256":"6f82f1afcf12e89fb4fa934c53cb3c58e1f461aed3343fdd5d7baddae5a73975","sha512":"36dbeb3e805a2b33a30b1b990a71e39da52765d0cb4d636b0cb36f09644ee9ab50ea7c6b59778327b2dd64b9e7e3303e6f4edbb20e0d860303e3f894b5372968","ssdeep":"3072:aIdZS1HftCkV8jx4OYd3RH6jQVmNn3QuK670lgF6jSDDx:aIdGHfA9fk3RH0gz67PF6WDDx","tlshash":"14a31240886ce51aa710707a5f760cfec4a521b5c4b5ecf0b8d4f0a82b8bb694fdcac5","first_seen":"2026-02-07T21:50:52.947211Z","last_seen":"2026-05-25T23:29:17.10969Z","times_seen":15,"resource_available":false,"data":null}},"time_used":3328,"timings":{"blocked":1492,"dns":0,"connect":0,"send":0,"wait":1076,"receive":760,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9d5f279f161b4ab8827a6ebf4d6b5bca?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9d5f279f161b4ab8827a6ebf4d6b5bca?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 53002\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 19803\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"9d5f279f161b4ab8827a6ebf4d6b5bca\"; filename*=utf-8''9d5f279f161b4ab8827a6ebf4d6b5bca\r\ncontent-md5: KdGDfCGb8ejr4hyA5kt68A==\r\ncontent-transfer-encoding: binary\r\netag: \"FvnFlmOYQKbgCaa-sI-_4nF8qc6d\"\r\nlast-modified: Tue, 05 May 2026 21:02:42 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: wsMQp8EK4\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: TbsAAACdfY-kSK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53002,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 251 x 246, 8-bit/color RGBA, non-interlaced","md5":"29d1837c219bf1e8ebe21c80e64b7af0","sha1":"f9c596639840a6e009a6beb08fbfe2717ca9ce9d","sha256":"26f8463ef7e9a742592e62bb923ddc3da7c191863f9dd02235dfc81a07a3f952","sha512":"77aeae6c99e51967fcfb353b7ead91d14571ad8e99ad4f53e2146582b17bab5e627187dc7960cb9632c7266947c0b335c96cf5c6e5d2a572123f8185c68fc517","ssdeep":"768:cISAY/AhUVixCSAohAGWsTdOKHVOf1C2zeJ5hzSrfcvqzoTn+6cgNcmzI4kfObpC:HS0xRsGWsTA8SteJv4GnLlc6cu5aOsP","tlshash":"1c3301307cf537bfbe9756304e098bccdbb3ce992abd9a121a6062124592f74a7c0d51","first_seen":"2025-09-27T19:21:32.378247Z","last_seen":"2026-05-24T17:56:38.693609Z","times_seen":223,"resource_available":false,"data":null}},"time_used":3408,"timings":{"blocked":1416,"dns":0,"connect":0,"send":0,"wait":1266,"receive":726,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/chunk-init-c0d76f48.1777369843125.2d292e02.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/chunk-init-c0d76f48.1777369843125.2d292e02.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-275ae\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec3d58e\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":161198,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"eb71ab6debf3abe346c8c4d941813d15","sha1":"88116abc111aad2e9e1b1d0974de9d97cd891e0f","sha256":"3dca15bdb644d02cedbfe3adaeed7ff4c47508d664ad1ce6b361dcef7a5423b5","sha512":"eb604132673651b6a0646263fed02220557b65080b323b03513053af5662af520808cd469c00f7ad99ed16fcf9a2ab5374b89477cf8f8a9f8ed89f6a313afd7f","ssdeep":"1536:xTG5pxPvO2lSV822bv0bcbpM/igw/aIwC23QOoKILbjxo4wc0tvB6xVS/J+pKY3O:Mvz/Dp5/92xoKa/x5wc0dB5/J+UU0","tlshash":"6ef31b987392b1b847dba6e152371075b57e1dd73088e8f0c169a6803f31a9cd52afec","first_seen":"2026-04-29T03:41:13.437512Z","last_seen":"2026-06-06T14:55:48.659172Z","times_seen":358,"resource_available":true,"data":null}},"time_used":807,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":807,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/68b47362b7b540e0b9921ca697342ae2?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/68b47362b7b540e0b9921ca697342ae2?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 16928\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 90975\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"68b47362b7b540e0b9921ca697342ae2\"; filename*=utf-8''68b47362b7b540e0b9921ca697342ae2\r\ncontent-md5: STey2IjcZ8r/Ffevkdm9Qw==\r\ncontent-transfer-encoding: binary\r\netag: \"FpLB25DS44EIgMeLFc4mcJnesTAB\"\r\nlast-modified: Mon, 04 May 2026 21:14:52 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: ieUWYfJuB\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Ky4AAACQd3npB64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16928,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4937b2d888dc67caff15f7af91d9bd43","sha1":"92c1db90d2e3810880c78b15ce267099deb13001","sha256":"1006b31a4ffefe271fd3656dd596cfa643390b4e262607ba6c9f082793ed2447","sha512":"a322741554f0f0684b41f24fe89605aee4a4ab1ca82b5c82582eb7a8aabd54b9862bd7361a8150ce85eeb545a1f446c63f92761ce5390e3de617cc4101959262","ssdeep":"384:0vuNPv5LIGCWQwrrANImBGsfPZOCFICqDwin22IrIbo:0vud5p+wrrAyKJOn7winUV","tlshash":"5d72e0f87f4418b02ad8e48cad6ed8146f52ecef744a054cf18ea8611450f6d52f436c","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-05-15T23:42:44.640678Z","times_seen":94,"resource_available":false,"data":null}},"time_used":2880,"timings":{"blocked":1445,"dns":0,"connect":0,"send":0,"wait":1078,"receive":357,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/css/46431.1777369843125.7dc7cfcf.css","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /css/46431.1777369843125.7dc7cfcf.css HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-552d2\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec1d58a\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348882,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e9d628daba48b940e276f091325ad9d3","sha1":"fdad8ce2a89ba61e92793906f2c486dba4ab6830","sha256":"8335d1e28f036809b567aa56d38506372340045a62595b1d896dd659faf5ec5f","sha512":"ca21fb5041ed2e5dfc57f5080b7cfc4bfad2aa4f9e7556680d57ac7d82669ff16ee746998b3d016994ae96c770b8a582ef129b01f52e5dace961e2625cc15ac9","ssdeep":"6144:z4+4r0H8Tu4+4r5cRlGuEQUQ929sYbnpTP40:z4+4ZTu4+4La0","tlshash":"0774fa6caf1030ae15a7cb27b660f5199c36a443f9bfde9af3e53d580789a510623c13","first_seen":"2026-03-06T18:01:11.525986Z","last_seen":"2026-06-06T14:55:48.706886Z","times_seen":498,"resource_available":false,"data":null}},"time_used":749,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":749,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/65246.1777369843125.8333614a.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/65246.1777369843125.8333614a.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-11f16\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146431aed5ae\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73494,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (48666)","md5":"4f72169b9753bbfd046b32e8a9c4c9d8","sha1":"76310a9e002235a02b1842b0ff3985e2bd53ef46","sha256":"26b88e6905d829b63d80a3ce48041e1fd4fe98923072fb1d19b371d117e41045","sha512":"05d8f29fd1ac787d4f27a2d8ee901437e310e0ca663822c6270d05c1de8d33a024e312797a984083b277aa054cde3c5995340a26c25bac74fa6c11b339bcfc3a","ssdeep":"1536:j2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:q+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"de73a501f78272384fa7e290220f2026e16e191505ac5bd8f179ffb93ef0954aa7d7b4","first_seen":"2025-12-17T20:52:09.055572Z","last_seen":"2026-06-06T14:57:20.976288Z","times_seen":1181,"resource_available":true,"data":null}},"time_used":1306,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/23e2c107b76b49d497979d126df89017?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/23e2c107b76b49d497979d126df89017?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 38695\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 89169\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"23e2c107b76b49d497979d126df89017\"; filename*=utf-8''23e2c107b76b49d497979d126df89017\r\ncontent-md5: G1Tp/b6ck2AjxVKZ2kFltw==\r\ncontent-transfer-encoding: binary\r\netag: \"FjT7oQF0oEAOtprussXDFspMwyUI\"\r\nlast-modified: Mon, 04 May 2026 21:14:59 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: uAlrTvM7t\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: k68AAACP0fqNCa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38695,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 342, 8-bit/color RGBA, non-interlaced","md5":"1b54e9fdbe9c936023c55299da4165b7","sha1":"34fba10174a0400eb69aeeb2c5c316ca4cc32508","sha256":"40d0ae1981f37ef0199cea175ca6e11c75e98a9317e2468c25168565f132ed1a","sha512":"2efd42c71a11bfca6b1e9cd6c3910709216d37593dd2f88f9fdb4498ee5fc8fb89def2f46d76fe60508db457677f040f1b59527196ffbdd0d5fd1631d17f9a2e","ssdeep":"768:oaqIVT7+oCJ4RC2/+vMTJ49dQTaQH1ojt/IcI3ItCDD+TKdm:oaqIVqHp9dQTaQHG+3kTKo","tlshash":"2103f008411e667817e7d7749fa2942a3c9fcc15c3a7b023b0d3e7e8a084667a4cd531","first_seen":"2025-08-27T13:56:24.430949Z","last_seen":"2026-05-30T17:21:02.206414Z","times_seen":128,"resource_available":false,"data":null}},"time_used":3162,"timings":{"blocked":1434,"dns":0,"connect":0,"send":0,"wait":1078,"receive":650,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/7a5787533ef9415d8709d1fe9921f65e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/7a5787533ef9415d8709d1fe9921f65e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 7475\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 1624\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"7a5787533ef9415d8709d1fe9921f65e\"; filename*=utf-8''7a5787533ef9415d8709d1fe9921f65e\r\ncontent-md5: 4dK0z5QAOfBLiKfDHnGT5Q==\r\ncontent-transfer-encoding: binary\r\netag: \"Fk0stwwwGKJqZ6GGwIqC4Yk6GaNH\"\r\nlast-modified: Mon, 04 May 2026 21:15:00 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: omMnA2ShI\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: MDIAAABRAEQtWa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7475,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"e1d2b4cf940039f04b88a7c31e7193e5","sha1":"4d2cb70c3018a26a67a186c08a82e1893a19a347","sha256":"3d4f9c6f6b53a03d87469cae121e50713fc51ce807cfae6088fbda7bf224b975","sha512":"84005963bfcc71deef2b2a46e26b0eeaa3e856e5dfd89ae80dd3d6b72fe20935c71f0ee7e583f75462b82ce7148655f36d46216e558ee1c9a69a4cd41ea1eaa8","ssdeep":"192:eAvmzQY1ALTW9PVbPmlg7rrHucDSTuelicGvA:eA+zjNFulg7PHucmrsFA","tlshash":"4ff1ad67dc07dfb828951d42c90420e9a0ed4f82a611906aecbf31b0d8f982f58fe547","first_seen":"2023-11-24T00:58:42Z","last_seen":"2026-05-27T14:35:19.825813Z","times_seen":10,"resource_available":false,"data":null}},"time_used":2951,"timings":{"blocked":1432,"dns":0,"connect":0,"send":0,"wait":1108,"receive":411,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/config/initGeetest4.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /config/initGeetest4.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-3a7f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ebbd588\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14975,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-06-06T14:57:20.981124Z","times_seen":756,"resource_available":true,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 13338\r\netag: \"c9888ec9eb68e23af8c466de36aa1374\"\r\nlast-modified: Tue, 02 Dec 2025 14:08:14 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N4jScHAYKt%2B3jvO4zcW4IuZCMXPjCRxHYXheFrR0q1FCeWTPQrvO4MCjJE1cpZpHY92%2BZ2BMTZE9gV5P0ERTpRGAgqRvL3qqVZOsgaResTky3je3UiohDtyrDgrd5mv7eL4dv2AOzCeVGjMigWgCi5U%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9304dea09c4-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5dc\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13338,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c9888ec9eb68e23af8c466de36aa1374","sha1":"9f390e12dc110576b1f87b5705379cce7c8d821c","sha256":"8ff81de4e5b37505789b23808f901d64ab7d3dd91a813438ff0c762971c445c2","sha512":"6234782d00cacdac98ef61238100e1e4b6d3a44b462264cddf34237f74cc589576644b8b1a8e1e309c0acf400d17b899dad9717654f487f86a28224d4e2744e6","ssdeep":"384:sfQdwsWMYKGas1GU33KVwYl/0VPxDNUrIJeYcsFAl33l8Ta0V+t:vdTqGU3aJB0VPx0IJ4sFApWT5q","tlshash":"f052ae4ef297816890419138d0d51cb6583550ee8ffb29ad2e78e7c9630173ee4abb3d","first_seen":"2026-04-24T23:10:16.827229Z","last_seen":"2026-06-06T14:55:48.71455Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1330,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1b87ff404d364ecc9fea96ff914bbdc9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1b87ff404d364ecc9fea96ff914bbdc9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 26503\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 18959\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1b87ff404d364ecc9fea96ff914bbdc9\"; filename*=utf-8''1b87ff404d364ecc9fea96ff914bbdc9\r\ncontent-md5: 9dqPyRGlyhOTmESNaWnacQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FvO4uAGpxxtoz2oVBAh1V22FtIB2\"\r\nlast-modified: Tue, 05 May 2026 21:02:43 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: aytZhqMOI\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ZPMAAAC1ry9pSa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f5da8fc911a5ca139398448d6969da71","sha1":"f3b8b801a9c71b68cf6a15040875576d85b48076","sha256":"e33e5ebafa3cc3f1d0f762822dc5f7f1584896e6233ed5df737cd1089fcfb4f1","sha512":"0c37173643f214bd230a93602fff04a8ecd2a299ca209e2a75e397e1f9d4e5de482aa1f323abf45c20fed95d05d72aaf114cef82f30af23bc06aabd66397cdc2","ssdeep":"768:mfrXvpZJ6fEMS+EZCbcucXqOLtb8DraUwnorpVOz9oPvV:WXvzJ6fPSrTTLtAKUjrzOyXV","tlshash":"62c2e176ab2376ebb7122c2208b0f294ad9291bc5cac1ff2ad2a2751574133d0dd547d","first_seen":"2025-02-26T15:38:27.683331Z","last_seen":"2026-05-24T05:41:01.36265Z","times_seen":254,"resource_available":false,"data":null}},"time_used":2999,"timings":{"blocked":1416,"dns":0,"connect":0,"send":0,"wait":1264,"receive":319,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 83944\r\netag: \"cd3cf96ac48355aa8a68b4dd114b3511\"\r\nlast-modified: Sat, 06 Dec 2025 06:32:14 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tGUpSUpDkM0AKMarum8H2balaJ3xACZeBxq30PyPjeeBAMQDKSYx4qfwW8s6tow82m7S5VnDppa%2B9iP3PfjHpOL0nckec%2FRZfDex5cuOKhd%2Fjjy7AwVlA4S9z976cmTClRlHFASipHqhqMZCE499Z2k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9304de0c896-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644285d5d3\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83944,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"cd3cf96ac48355aa8a68b4dd114b3511","sha1":"344310d10f86fbdbc05ee7080d3ca849573ac9ef","sha256":"e9d91b84873b60fda60b6113151bcb7abb1225aa67f1d823343f611eac3c92af","sha512":"987cad3ea6ba2be77a3fd0904132cb11c1945e1e5556cdec550708d2e22c279398f951312a4029b369980af4ab0b30f4fd72ad5d38740800d6dd48938d323016","ssdeep":"1536:Ka0Pq9/ipy6cNgUraO4ysYwAcTa6bfr9BHltyI4VGeglGZVClKy:Ka0Pq9/hzvhsTAp6bhBH7QLZolKy","tlshash":"2a83128e457a2ceec4bf7de9267cf94f60ca5e31557b1add437826c5208b80cd227292","first_seen":"2026-04-24T23:10:16.791296Z","last_seen":"2026-06-06T14:55:48.654034Z","times_seen":275,"resource_available":false,"data":null}},"time_used":983,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":956,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 26068\r\netag: \"da33ad9a009a89e0bc0c508e6f690949\"\r\nlast-modified: Sun, 09 Nov 2025 14:20:32 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L2d2LUkBr62b6had6LxTSX0LriqCsHqj0zag3CuW5y2aF9Z%2BViwqhAuVaQiabIZObRBaplKm%2FyhPGbuFZsItyglr%2FKshqhdVU72uaaTagdhwmckiQWIU37BJMN7QggtzhmhS3e%2FWcMLy3oQgxgcLN1c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054deeb80447-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed7\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26068,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"da33ad9a009a89e0bc0c508e6f690949","sha1":"52521f6667f933538fd61fac097ba79db283c0cf","sha256":"12889485842cb12ca8c77f0a9c71ac3098cf3c9898b3cdc299145280170962d6","sha512":"a254ca97846b0d3216994f8db6adfee226b9b2c6120a33c1ec1f0a635f658f99e6b2c2407dffcbe79d5dc65aca0869aff746d751347eaf9780083b0e25103fe0","ssdeep":"384:+w9CBmVKxqlIavZBdogyHrWz/1ope325wQBJKn5QahMi7HjOMdOdjawQJoYh:+yYmV5Vv7WZLWhop42525Q0M+HujawQ","tlshash":"e9c2e1c2bd2de50a9b37c27e24a6c30f01c497808faa2c677736129d4d365abb56900e","first_seen":"2026-04-24T23:10:16.863494Z","last_seen":"2026-06-06T14:55:48.66144Z","times_seen":256,"resource_available":false,"data":null}},"time_used":4538,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2434,"wait":1206,"receive":898,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c3a8e1c7f8be43a084248f4c00c8b479?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c3a8e1c7f8be43a084248f4c00c8b479?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 14374\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3728\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c3a8e1c7f8be43a084248f4c00c8b479\"; filename*=utf-8''c3a8e1c7f8be43a084248f4c00c8b479\r\ncontent-md5: dcsgnefTGpLj5YzL4l3CzQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fvu9_nPiKRqdeKNhL261aWhYeNa3\"\r\nlast-modified: Tue, 05 May 2026 21:01:56 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: cdPIO0V09\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: CXEAAAC79VpDV64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14374,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"75cb209de7d31a92e3e58ccbe25dc2cd","sha1":"fbbdfe73e2291a9d78a3612f6eb569685878d6b7","sha256":"c65fff801c815a4c21f4c0fcae343550c29f2b963a36fea6b4c6079449b3fe4f","sha512":"d819e12b1b44676926e4017dd5a5653bbf4095d5e5bbc0e5f349305bfd9af6e9714f280394189708cbd735ba0675b22d7cb86925c07c3800b93419cdb30e7c77","ssdeep":"192:4ssrV4i4u2mWkSPGp52sMV2shvuSqd6p5dJPX7/BWLFnU++eVC0h+C6+rWpYgVvq:4yi4bCwzbVuXm5/OU+xHemE77vM4gL","tlshash":"dc52d0748d4c12acd52b0db5a8d6c3a781373d9dcaf6746c6636ac70a7d20865d28cc7","first_seen":"2025-04-19T22:34:55.204429Z","last_seen":"2026-05-11T00:34:23.053173Z","times_seen":14,"resource_available":false,"data":null}},"time_used":2851,"timings":{"blocked":1447,"dns":0,"connect":0,"send":0,"wait":1077,"receive":327,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/35142.1777369843125.e8dc7ade.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/35142.1777369843125.e8dc7ade.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5350b\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643069d5a0\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":341259,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64890), with no line terminators","md5":"a5d97dbf77d44812ad4ab30e375fb143","sha1":"6bcf1ac84a9018203641f99e45abae922aef3e4c","sha256":"ca2b371b1bcef9e7641c24d421d68c7a3cef405f36a13597d724987a369a2727","sha512":"56bd2311e73f8ed688d893ac0c7d29d02bcda91e939a50f8cfc9bbe4435125c878b58ef47519618ca42aad8393b248455b87940c32121235c5850777aeac7b6d","ssdeep":"6144:xfhhkpltRm4iyveBHlBfb0wv1e7Ancbt83i2UfIL5LoSltLFe/fwwutUcAct37/k:xfhhkplTm4iyv0HlBfb0wv1aAncbt83s","tlshash":"26743c84b690b17483af86fb72169194d25e0e9460ccace4f27e6e40bf11746f87b5ec","first_seen":"2026-04-29T03:41:13.452388Z","last_seen":"2026-06-06T14:55:48.644108Z","times_seen":326,"resource_available":true,"data":null}},"time_used":1652,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1652,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/sports.60212fd6.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/sports.60212fd6.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1c734\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b3\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 666 x 541, 8-bit colormap, non-interlaced","md5":"fc82aa907334f929011fc2a6ec906f55","sha1":"f76bd75b9d1235807c70c7d763a1865d7c3f8d4e","sha256":"2ae1d61176960d7ddfddcb30a69d22b9da893687370d8cd26f4917d129a1bf3b","sha512":"12ef7a828d7d4228596b0db0ad77b200e8ffcfe2457d12821a4e9778b62668ebeef075c2bc79076e36291e3015afbfe276a2ca230ead018b38e2d3fd803dd31f","ssdeep":"3072:/ZEgiWqpGRwEyiwX0wgOZzbKoSxNiSvrUeO4h:/ZLf/R2iVwgAKoSPiSvVOy","tlshash":"76b3021c79775a2083c6bcb40b583aeae09b3dc19d169808d68b7791993df43c970bed","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.970543Z","times_seen":1652,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/13d1cacecdba439c940d3ceffaa41b0a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/13d1cacecdba439c940d3ceffaa41b0a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 17754\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 89168\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"13d1cacecdba439c940d3ceffaa41b0a\"; filename*=utf-8''13d1cacecdba439c940d3ceffaa41b0a\r\ncontent-md5: Tz5+6QJd3tLzuPLFlVmrBQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FmT19cc6ZypL45hBWYliu79Gnw9Y\"\r\nlast-modified: Mon, 04 May 2026 21:14:59 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 2pLtXWOyj\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: gRsAAADxyEmOCa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17754,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"4f3e7ee9025dded2f3b8f2c59559ab05","sha1":"64f5f5c73a672a4be39841598962bbbf469f0f58","sha256":"abf4889fac459c80e477ff740c2a87890adb4f4a8badf545c4a96f89c3f55da7","sha512":"01f4743659ea60e9866a446efce02bf7a049920a21063db1bac17228d9d82af269361f9ca429aa76f2aa12695684bc4a323b2b1715b71808e8387ccd2beecd9c","ssdeep":"384:TQJ0r8wGBR5HLOErFFYRBlB6Lci9L27k0nJrq5S33U+wdaeJgRBxOBZshUvnl/eg:E0rmR5rO8ALKR9L0Jr2MUdaeJg2SUf","tlshash":"9382d07b36948d55734cf590b9ba08f087d337212fb82c0cb2b76a966610a1f5507fab","first_seen":"2025-04-19T22:34:55.213124Z","last_seen":"2026-05-31T15:09:55.482587Z","times_seen":208,"resource_available":false,"data":null}},"time_used":2954,"timings":{"blocked":1436,"dns":0,"connect":0,"send":0,"wait":1078,"receive":440,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/b41758fe22444ec186ece6bb21a0ec79?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/b41758fe22444ec186ece6bb21a0ec79?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 7627\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 785\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"b41758fe22444ec186ece6bb21a0ec79\"; filename*=utf-8''b41758fe22444ec186ece6bb21a0ec79\r\ncontent-md5: I95w5Jk7bq4LNXN7t516jw==\r\ncontent-transfer-encoding: binary\r\netag: \"FngleZ5dq81UnBm66AG0oEwCaKTK\"\r\nlast-modified: Mon, 04 May 2026 21:15:10 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: vRxOAZDhX\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: bTwAAABVIY_wWa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7627,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"23de70e4993b6eae0b35737bb79d7a8f","sha1":"7825799e5dabcd549c19bae801b4a04c0268a4ca","sha256":"0047c5ba2b68edc5b7fdb653eef7c03b64742cc55a5b16fa2f64c17b290b03f1","sha512":"2677d437ca776853e548aa4b351bf1a0195172aa272a98f5cc68f067d1ab6faa2345876cd48ef975808c1b8feaf851d1ff401252adfbf3d4aedcafb49044f21f","ssdeep":"192:7nZCVArjrGdpMiWGu1P3r3tpu4QLUYoLa0kXX7jylfgphc9jdYE3G:7nZCVAXAixV7CDofmyMcPW","tlshash":"f9f18e228a1aeb5ccdf5da2788c58444b54ef4a75dd3832c5bcdd6375688d08ba08706","first_seen":"2024-08-19T15:01:26.204621Z","last_seen":"2026-05-11T00:18:41.243724Z","times_seen":9,"resource_available":false,"data":null}},"time_used":3081,"timings":{"blocked":1431,"dns":0,"connect":0,"send":0,"wait":1275,"receive":375,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/noData/cms_noimg.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/noData/cms_noimg.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-269a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 63103\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ecb\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9882,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 700, 8-bit/color RGBA, non-interlaced","md5":"85e60fd8767b18839ffb552a5d543f8a","sha1":"341cfd68a5b39cb246af6ade1e3171c857d2df5a","sha256":"4b7ad68306ffac25830d1016ba86154890deef8bd77a03257b767b37de1c8338","sha512":"785f028aab80d3f96794431f84025483f490d7d642022404a7b14ccb4785aa52fe4a21048d44acda3bd160eedeaccfb4959a677986dfe47ef038d80724f2acb2","ssdeep":"96:74iGykVWI7TGvGJUgTFSebsBzYofEC16+TqBK7R7LWKaR8a8D7uZNgAMXFL73:74iyHunEFSebsvP1nTP7IF2uAAMX5","tlshash":"141259118573d43cd82ce57926df6fb93b709f996890476e8328e7342f2a2f78d60848","first_seen":"2023-05-01T09:33:58Z","last_seen":"2026-06-06T14:55:48.715715Z","times_seen":2377,"resource_available":false,"data":null}},"time_used":3171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":1967,"wait":1204,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/bj.ada43481.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/bj.ada43481.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-6b4d0\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b7\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":439504,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 927, 8-bit colormap, non-interlaced","md5":"2c55f8fcc8edb773be5014d8deb72c4e","sha1":"e7e55505bf22de833ec6b82a229e70bdba93b58f","sha256":"21c44535cffd825752bf9a535001b4b605147e3434cf2906fc2c8fcdcd992c1a","sha512":"bab93e8eb191df623bd7e238ae8d5cf7feae73e2a768d7b591d4dd8b7aafc199fce7c34066a272fc9137959a78a6bcd9fb388f39d4a0938f5674aaee815a3cf7","ssdeep":"12288:K+TyFzCVXhEu0hvb3kkjOO9FNkh4k6yvwUKA4AuJiT9h+:tTyFGjENkkyOWh87UK/JiT9h+","tlshash":"739423b1df0b89c858a39043dc74f99263e8d0a6bdc40ab80bf14b9176709dbbbf5116","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-06-06T14:57:20.962785Z","times_seen":1495,"resource_available":false,"data":null}},"time_used":1162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor.json?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: application/json\r\ncontent-length: 646\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: \"68aaab45-286\"\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146431a3d5ab\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-06-06T14:57:20.956662Z","times_seen":1751,"resource_available":false,"data":null}},"time_used":1612,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1316,"receive":296,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/service.68be110a.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/service.68be110a.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/index-399e2569.1777369843125.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2991\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b9\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10641,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"993784a38ddc1156572bfc3308055ead","sha1":"becff431867226bf323b5a6535fa383992f107eb","sha256":"abca3af980888b08c6cbd57366b3ac94344d66ea048484c4f9867e300ee8703a","sha512":"48790c6340f273a58295fc6607306353ab69d5a818569fe36ef1bffc8fff084b23d37b401e10502b830c67a5efedca56c1c9d778d6198e4069018d055f1869f0","ssdeep":"192:NdsarkpjwOOmfStcnaHtzB3l2eKD9RdfXtRqi3ln+ojjjKMGlnyL5H7nx+:nJQpjgOz9Dd0orKMGlnA5Hbs","tlshash":"8822c0c41e1be1b6d2ffa916b28543a04b3421fda1a24c342d828c04ccad56ac91f9e7","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:20.997053Z","times_seen":1572,"resource_available":false,"data":null}},"time_used":1161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://j53g.vip\r\nXign: sFa3TkIVSaPz81mXkKVzNjFCc7w8SQLUgH24Xde/Q20u7J/7cwPpyAjLFWm5VONvmIDXIc6tB7jITZ7UgHsF+X14Z77MUbEn+ZjOaeKC33MOkg6O5A5miDhP2Dq/OdrF/nuXIHrVMtomyoCNb98bsT3jS8BOIPE1tyN8Q1IlId4=\r\ntimestamp: 1778458573102\r\nsign: 1p4d6v214l4d6h2a\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:19:13 GMT\r\ncache-control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439e3d5c9\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"aa1fe36cc499baa3fbdc7ab9bda7432f","sha1":"201b0fc1c4c699f3538c8e3992ec08ecd2f3acb3","sha256":"d509d9e26b3c3a371856286d14bcdd4f17125a10d8ee40e119fdecaf964fb478","sha512":"2dff3b34740cc9d3690f596673675516493472f5ad4bbd3536b5b1b18922543771be73e01051874bc7039aef9461cedb841f0cbe4945118bdea5773a4b3f7a55","ssdeep":"","tlshash":"03b012a2d5a309ed9644713104305c414be022ccc9bcf858c7bc4d2b45650210494105","first_seen":"2025-08-09T20:01:46.169117Z","last_seen":"2026-06-05T18:33:28.40271Z","times_seen":1531,"resource_available":false,"data":null}},"time_used":1635,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1635,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 96286\r\netag: \"a7ec31389e5a634d92383c733b498506\"\r\nlast-modified: Wed, 10 Dec 2025 11:50:21 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qcp%2FO%2BnhMoiMxorwNSrNX0cWp0BulEd%2FTB%2Bz81g%2FbUI8Dd8nuuMe3CRRJXaKHb%2FljkPicwYpEEL4MhB3fIP%2FyTluwa%2BsNd1YDk03tQc%2BJ7tn71ik%2FjfH3Gu3YQ1XU7DwTeW4%2BM7V7BsaJdEnnP%2FaXq8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9308a0872ce-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5ec\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96286,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a7ec31389e5a634d92383c733b498506","sha1":"4386adc654865c1594ba0ac604ac3a4177a84b7e","sha256":"978643b0ac1ecb3edf679a74610a1a0fdaebb02505e0dc607a15e56b1bd5212c","sha512":"222ad2805e8bd8957e696920a81cdb86bbf7a0bd6720b2cb67ae89758558331b6842fcdf208560ba355a522bcf0b177a7b124ff3d2c4db25c1fd8b4eebe5c74f","ssdeep":"1536:s9n08pg3G3xErU4qzJYMDLc0OzGR5AGsSrbY4V9SrXLDoJgG4oaUHG0S/F:knptxviMDCzGRyXSrs4VQDocoxHNS/F","tlshash":"079312e74a42ba67f808b1319ea01b6ef3d7b43f09ac1a6d47599a7c4831bc4458137f","first_seen":"2026-04-24T23:10:16.718761Z","last_seen":"2026-06-06T14:55:48.673472Z","times_seen":252,"resource_available":false,"data":null}},"time_used":2045,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1573,"receive":472,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c2f7ac960fba46e88ab1e8ed96b9cc29?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c2f7ac960fba46e88ab1e8ed96b9cc29?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 96395\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6469\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c2f7ac960fba46e88ab1e8ed96b9cc29\"; filename*=utf-8''c2f7ac960fba46e88ab1e8ed96b9cc29\r\ncontent-md5: gWoROfwim0oKHUdLsJ67fw==\r\ncontent-transfer-encoding: binary\r\netag: \"FjoWPm_RCeBZzNDBZflXNjLfvUqJ\"\r\nlast-modified: Mon, 04 May 2026 21:15:46 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: XCLBmJUpS\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: TmkAAACEsznFVK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":96395,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"816a1139fc229b4a0a1d474bb09ebb7f","sha1":"3a163e6fd109e059ccd0c165f9573632dfbd4a89","sha256":"a782b80d81d453cde59e3dc06164c4f9657f400b4999139dfdd90bba3233103b","sha512":"d0f5a601447afcc195775a01374c87aa8c6fff2546deb0458d468eabc127273e3442b71ec11ce83bbd3e3e41cd1683609025441449f548c79a7f3b3c7bb12158","ssdeep":"1536:uUVIbg7WAYzIQ9sLIvTYBJWuzY9CMVoTwh9tW4v7xleXj3nuUv13EArL+S84qZMu:uUVIM7tYN9sxB/UvywhLW4v7Uj3Vd0kK","tlshash":"3f9302d927bacce2cf7b9f3984d7475849f19778826902283eaad9757e43e5d3342400","first_seen":"2025-05-23T02:06:42.706053Z","last_seen":"2026-05-27T00:31:52.966378Z","times_seen":15,"resource_available":false,"data":null}},"time_used":3998,"timings":{"blocked":1536,"dns":605,"connect":253,"send":0,"wait":270,"receive":669,"ssl":661},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/home.1777369843125.1e63fe95.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:09.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/home.1777369843125.1e63fe95.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:10 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-2f453\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458570=hwFUt6D6i2fL1UURe4sGEBvrMw/YVGR6bxvoCSzBA8SQDSvMxpWv5016KqAn0A4wS3EhcT4K1+zUBND5XfHOyCSjzJW4ww95TEGkGeLeNmxdSw0Z0fNBJ/Wq/gDvWZ26iWz8M/c0wWw3c8Vexq2v3yv4idIn0zcpE/kr27OApH2LLBPXP/uuhKvtHPSE+XNH\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642d34d59d\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193619,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64126), with no line terminators","md5":"ac7180fee301b4b62de750803a778412","sha1":"b70eb6223cbd147c8dc23df4d073e9dc641927d5","sha256":"25b167f413e31989cc5856e80f67902b0e84efed7087cea17ec1b5b0dcda5b68","sha512":"4fe2d812d406c786a2204a4f4b370217f4cccb1bf61cbea821e648667325ad32057d1aa30504952de28142b1f4fa0c523f55298834cb567631cc2b7cd37355b6","ssdeep":"3072:f+YNGVSIMctwiYJBuopQuFdBlGLuJuhxffj7TEOiGRlp:f+YNGVSIMctwi+PjFwzffjAGHp","tlshash":"b5140880b5f0e275576fd2b7d7371024b2271686d0ccac60e1f66b187e28796b236db8","first_seen":"2026-04-29T03:41:13.306134Z","last_seen":"2026-06-06T14:55:48.652706Z","times_seen":349,"resource_available":true,"data":null}},"time_used":548,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":548,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/index-a3dad144.1777369843125.66a58dcd.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/index-a3dad144.1777369843125.66a58dcd.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-56b20\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d595\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355104,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64580), with no line terminators","md5":"aa47bc946b9df160fc4c9d0ccd247727","sha1":"2b81fb3062bb6d32ce5cb43811300ec95a0f3cc1","sha256":"907a77df793605acb0f292d7b450584a9f7cc65e76b8ed19c7ed0b72e3a9f4cf","sha512":"73daf5dd0d9b5f8325bc9fd63618ff31bc76dbcd70b12961aa5d9cdac2b0b570fb832a3815c4cdeb269ed90bd5613e681da42d6b0e668303a7660c6017ee0f83","ssdeep":"6144:DybhFOufhkHLHEY/TtesplVyrYlRlNsmq9DG:+zBuHLHEY/TtesplVyesp96","tlshash":"05742c90f76ce1bd874e55fe7a3290a4902c1b41b0c89e59d29d2944fe6b385feb04bc","first_seen":"2026-04-29T03:41:13.301567Z","last_seen":"2026-06-06T14:55:48.618943Z","times_seen":344,"resource_available":true,"data":null}},"time_used":1738,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1738,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 79930\r\netag: \"bd7f8602db8e332117b1715d58aef000\"\r\nlast-modified: Sat, 06 Dec 2025 06:20:07 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eg1pS5nW3z%2BtPBYbBL1XTh%2BV%2FTjnKdgTOSlyxGBiBvn6EJtKVs%2FImZ9aCpnsPxBHLmf2%2BcphfvK1kSPEUemlfJyg%2BNCdBnYf74JhmqGHEco9sZSRnxx2A9UmnF6JBCqIqbC26Qyovr24%2Fk%2BxcscPFto%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9306cb1ddc5-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644287d5d5\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":79930,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bd7f8602db8e332117b1715d58aef000","sha1":"7e5e353a2493869ab29d7087ed6854d05eaa1dbe","sha256":"289cf0eaed99d77e8ca59df43b5dd2e5a2e28fc8efbf2b4f918bd33293c6801c","sha512":"b3493bc56d6f778167f81e32ba77c61328584255960ca10373c2bccbe8f13b9f886c806142bd05e1e116ccd835870db787ae4225843b1aced6de971e177f90d8","ssdeep":"1536:1Vx1HKbkHPxLc4OWZ0+j0j8R+dWMIFtCTbYgw:1Vx1H6kHZTOWV0kMGsTbNw","tlshash":"cd7302a40e4e35b3dc0bcb7fb59c8e7606fb9be3251da9c00d55674adad81ad13a10c8","first_seen":"2026-04-24T23:10:16.741634Z","last_seen":"2026-06-06T14:55:48.686374Z","times_seen":273,"resource_available":false,"data":null}},"time_used":1015,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":997,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ef8207f0d5534c009fe5541f186dd6e9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ef8207f0d5534c009fe5541f186dd6e9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 5270\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6050\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ef8207f0d5534c009fe5541f186dd6e9\"; filename*=utf-8''ef8207f0d5534c009fe5541f186dd6e9\r\ncontent-md5: PNFAschpYNZ5A56Sw2jJkg==\r\ncontent-transfer-encoding: binary\r\netag: \"Fp6YhB5QUyV5dF6y-SIU2pDkhTbV\"\r\nlast-modified: Mon, 04 May 2026 21:14:50 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: GTj5rYLCh\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: vMcAAAB-Gb8mVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5270,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 125x125, components 3","md5":"3cd140b1c86960d679039e92c368c992","sha1":"9e98841e50532579745eb2f92214da90e48536d5","sha256":"7edd09cf5bcb5532b6fc8aaa61f6362a1374a110e557d008c780bc4c5f0b9420","sha512":"907c9356df834701188c15acf5c22ed287f498ce17bca191e6433990b180c12df3c183a0f1d415243cb7d5243649c9a687e33b55460e7bd8a97bbcb235b774ac","ssdeep":"96:fbUVW+Req4l5qx4zQmEWzOXILuOJ+ORUAfMs+0n6nVcPAthoubPHu/kjBEx1:r+MkWsYs0uM+irz+lnVcsNb/z1i1","tlshash":"dab17deab63b8622fd0559397c15ff41d55eb898a4bb29afd44c71e008c0b1b7335513","first_seen":"2023-06-26T22:05:03Z","last_seen":"2026-05-11T00:18:41.132641Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2745,"timings":{"blocked":1466,"dns":0,"connect":0,"send":0,"wait":1077,"receive":202,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d3810acd0f11449485fdec2a980770bf?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d3810acd0f11449485fdec2a980770bf?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 14304\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 85497\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d3810acd0f11449485fdec2a980770bf\"; filename*=utf-8''d3810acd0f11449485fdec2a980770bf\r\ncontent-md5: ipv6rOWR90dwDyLSa3I7tA==\r\ncontent-transfer-encoding: binary\r\netag: \"FjG5UhR2y3APJpV31i3oQ-6bD9zW\"\r\nlast-modified: Wed, 06 May 2026 09:02:29 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: MXv1M7Pba\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ex8AAABk6Q7lDK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":14304,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"8a9bfaace591f747700f22d26b723bb4","sha1":"31b9521476cb700f269577d62de843ee9b0fdcd6","sha256":"13a19ab8295a60b5fc8dc6b812365c2989f8c6550a68aed45b1b5930b155ca3b","sha512":"45708e7f2687289a4312369c6dc66d18d6b2f42383b331093c5b01517f553136f9b4320521cde2e53748a5b9c706703a5c1bf7d055f3dd6d23079b090bd7a5e7","ssdeep":"384:87YcJIwrgXwMXf0jF6pTdEtdc4Ku2e/TAJtiElV:ITUgM8jGh14/T/TxG","tlshash":"0952bf3845b539e56e7ac331d8af1de7952d88ae00511bd1392ce7e2a002fac1368b77","first_seen":"2023-06-18T16:15:31Z","last_seen":"2026-05-11T00:18:41.267603Z","times_seen":117,"resource_available":false,"data":null}},"time_used":3005,"timings":{"blocked":1433,"dns":0,"connect":0,"send":0,"wait":1103,"receive":469,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.geetest.com/g5/gd.js","fqdn":"static.geetest.com","domain":"geetest.com","tld":"com"},"ip":{"addr":"104.17.6.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.geetest.com","organization":"Wuhan Jiyi Network Technology Co., Ltd."},"issuer":{"commonName":"GeoTrust G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Fri, 19 Dec 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CA:8B:31:34:03:03:4F:25:DE:AF:F1:76:9E:25:19:08:18:0C:04:EA","sha256":"F3:25:0F:0B:68:0B:B5:E2:F6:2A:F2:FE:E9:AA:10:6C:61:1C:7D:A6:FA:3F:D9:45:0F:E6:58:6D:71:F9:2E:2E"}}},"request":{"raw":"GET /g5/gd.js HTTP/1.1\r\nHost: static.geetest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\ncf-ray: 9f9cfe36be382678-OSL\r\ncf-cache-status: HIT\r\nage: 2120940\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\netag: \"7D7AF3F3975E0FB657B71508B79515F9\"\r\nexpires: Tue, 12 May 2026 00:16:06 GMT\r\nlast-modified: Mon, 30 Mar 2026 13:35:27 GMT\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncontent-md5: fXrz85deD7ZXtxUIt5UV+Q==\r\nx-oss-hash-crc64ecma: 275051795077788302\r\nx-oss-object-type: Normal\r\nx-oss-request-id: 69CA7DA1318BA43434E50547\r\nx-oss-server-time: 8\r\nx-oss-storage-class: Standard\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":21040,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"7d7af3f3975e0fb657b71508b79515f9","sha1":"b36988028196a947b1d67af0856a79e6cf054283","sha256":"41cadd609d64b1958d25afc39e73148bf669fd94f48e848dd47494e7de5762b7","sha512":"ed69806d7f263fec8f66cccf0de8757df3b17cad5629c242e1da0d668830870d42951b8a05cb6780ecf8034800313d02531393745209a5aa3e00ac5d936e1bed","ssdeep":"384:oGm+XLBnDztmdGnnsQn4DgIzHilQVdlsGxCnXdPVcVf:dm+7B6gUKMrxCtCd","tlshash":"5d92204e6cf5a0934a43b078c9af6114b538da53041c9d597d8ce3a4ef684389bbafdc","first_seen":"2026-04-05T08:11:55.721652Z","last_seen":"2026-06-06T14:55:48.716308Z","times_seen":491,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":7,"dns":0,"connect":1,"send":0,"wait":17,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/css/83749.1777369843125.2e202a68.css","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /css/83749.1777369843125.2e202a68.css HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-6f2f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146430e6d5a3\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28463,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28463), with no line terminators","md5":"1ead8072763d5fe20963f033dc63d94e","sha1":"36eeb0853a1b5681ab464dc1ef3682160e420e60","sha256":"8f014d5d9b2798ecfc473bac7c23f80295b94af3cbeff054fcaf973b286f8240","sha512":"92670a870b9db4259e71072ab72699e3431fa9eb53027f4b90c954b51eaf1869f5f50987808e5c625e9101ea4ea3aca655b81ba73f3ba2ced4cd480eb9a915cc","ssdeep":"384:DYCKpsUIc1F8l1TANI34yQyqPPQwmfzIfRbHx6+OhCcbakzeYaTONdqdK:DYCKpcPE64yDqbodqdK","tlshash":"07d2739ae5d4b13e6c1fbb35ebc5a1ecb1399450df620e7af202762547c3af1012216d","first_seen":"2026-04-29T03:41:13.425526Z","last_seen":"2026-06-06T14:55:48.637509Z","times_seen":335,"resource_available":false,"data":null}},"time_used":1504,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1504,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/bj1.17ef2db8.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/bj1.17ef2db8.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-e5eb\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464323cd5b2\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58859,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 1299, 1-bit colormap, non-interlaced","md5":"59f1176bd542d042d8ddecbe4ab2cbdf","sha1":"7251e6f8bc0bf8bf3e62e892b34540f8259dcf9d","sha256":"b3bc2f14721d5f84900af66179eb6ad69a9c8d5a89eae36f877cf09fc9872603","sha512":"c4e7f1491686b72482ba26e34fd94496fc71bec2a35ba1d7cf67391e1f47f859465ad9f0c7d286bd35f9a26132fd80012a2cd2f8133cf1c6013db4f4d27a85d7","ssdeep":"1536:jlJ0Z4kwI3cG0YXIPf/OWcFOtk2bnIlfyMcw68vTbD8:gxbsGvYXd8OtTbIsgTbD8","tlshash":"004302d3b5e9f610dd38c157a3d1c9da504483be3e938d0bebbe402629fd56840a6f16","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-06-06T14:57:21.017696Z","times_seen":1599,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 13178\r\netag: \"38581a2c1fb9355639ffb5a31aa0642d\"\r\nlast-modified: Tue, 02 Dec 2025 14:07:28 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jACyCNtaLlh33vNLp7%2FeT0XST%2BoXuQ4qztoduMRq6hodLfYcKpbbTx4at0wyBDt4mEGvX307KpRjgVWT2wLVYa43CoDenQE5QNzlPmWVz6kUaOMf8SJRRV3AwMg2e%2Bo5aGGcN0hjmMQDzvj7BswX%2Bvs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9304ef2b473-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5db\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13178,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"38581a2c1fb9355639ffb5a31aa0642d","sha1":"dc4eee50f114bf0f120b50766fd207ec5522e9dd","sha256":"88d44a033517e73fcf97528b670ccfa16743d61b2c0c7deca8d7fc247e2595d3","sha512":"e1757677642582409db9344003b4c9454757755bf157f2491aabdf2b1c454d3d0073f4b0012faa1e9681397e7004428f087b8a1e338f3812137007909ed9ed89","ssdeep":"384:yPsoyVYHcsbr84JZQ4zAogmntgxn7uxj8+4n:toyVUbrXDQ4UogKWlWQ+u","tlshash":"3542cf151f4044575ecd7aeb108a5ebcc9450918e63cac716493bc388ef09bf4aeb6ed","first_seen":"2026-04-24T23:10:16.737591Z","last_seen":"2026-06-06T14:55:48.646137Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1329,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 44494\r\netag: \"693c20ba4107f736124e16931ead8d60\"\r\nlast-modified: Sat, 06 Dec 2025 06:30:27 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0uIROLXuway0ozLjWQJD%2BfQWemIEKqQVhY4ZvqVHpm7%2F98dVYn%2F0WuZvbe1eEkA0UrGgh3Vjcfhk2zO%2BJexwCqm7nW7RgLM53XKN39yWbFohuN4FsHEQHrmhtoNwgvgKPNnPfygoqhXbAGtb2M7uUs8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62632\r\ncf-cache-status: HIT\r\ncf-ray: 9f9705685bc28585-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ede\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44494,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"693c20ba4107f736124e16931ead8d60","sha1":"6a247e864c0c0a9c40bb5be357de99524abf3e2e","sha256":"342bf65608ae9d71296ffcfbbfb4580c00ba782557c802be6496ec374d5fad11","sha512":"ae136a2a5baba143d5afd3fe4270a5ce2bd0a96655f2f56a65f2d9ea26ada4a90c63b36c96b6b79adb32dc0ac9f118040f236cfcdae958f82c05f3f600dc79da","ssdeep":"768:ssqja8OCwQkPOoS4nNgT3p8tZgn5DVWGgNS4RipleSQ6c5xlGY89B:JVQGS8A+wn5D4GgrkKKc5jGY89B","tlshash":"5a13019a26762833b187c36d0030062c1b78b89f3654c54ea4ed7924975f09ec7eca6f","first_seen":"2026-04-24T23:10:16.7563Z","last_seen":"2026-06-06T14:55:48.616087Z","times_seen":254,"resource_available":false,"data":null}},"time_used":4540,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2429,"wait":1207,"receive":904,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d9eae114d9b44a8c91a1d3558b6cb25d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d9eae114d9b44a8c91a1d3558b6cb25d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 82040\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6170\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d9eae114d9b44a8c91a1d3558b6cb25d\"; filename*=utf-8''d9eae114d9b44a8c91a1d3558b6cb25d\r\ncontent-md5: 4lJ1sTVCvDAZQi0lL9ht0w==\r\ncontent-transfer-encoding: binary\r\netag: \"FhKF2sTVPAVIDDiZuiK6K5Ok-nXA\"\r\nlast-modified: Mon, 04 May 2026 21:14:50 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: o863djV0v\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: cF8AAACsztAKVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":82040,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit/color RGBA, non-interlaced","md5":"e25275b13542bc3019422d252fd86dd3","sha1":"1285dac4d53c05480c3899ba22ba2b93a4fa75c0","sha256":"0788d123136d79a3dcfbae905af69f5ec2ae41250b62032a54c7006e4ed20909","sha512":"c0d87f773b70077576413311c9d54518b6418282d2d7f2d8a4eccf52e3776be6a6af676279dcd66225ed77b5ca2b71eb578903de7cef6a8c67b640e5161ca32a","ssdeep":"1536:6XbYG/K5VZbsLB42+owvZ+Ze2gwGxPH/Dh1fjjjhqSCStD/5:60gIVZbUBvwYjg3LhNjjhqSCU5","tlshash":"358302fdd812951b843eb819109c5f89505bba68356e74ba0634c3e3c8e23ef63b591b","first_seen":"2025-07-04T22:03:39.433515Z","last_seen":"2026-05-11T00:18:41.118464Z","times_seen":14,"resource_available":false,"data":null}},"time_used":3378,"timings":{"blocked":1476,"dns":0,"connect":0,"send":0,"wait":1076,"receive":826,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e70fc3a1228a4641959a43a8b7ae09db?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e70fc3a1228a4641959a43a8b7ae09db?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 50049\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 18959\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e70fc3a1228a4641959a43a8b7ae09db\"; filename*=utf-8''e70fc3a1228a4641959a43a8b7ae09db\r\ncontent-md5: UAXY/qsQnOZOQL65gHPMHw==\r\ncontent-transfer-encoding: binary\r\netag: \"FirislHKNIYqAcw3ydFr-foeWs2m\"\r\nlast-modified: Tue, 05 May 2026 21:02:44 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: PGWyByC2D\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: RGwAAAAPsy9pSa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50049,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"5005d8feab109ce64e40beb98073cc1f","sha1":"2ae2b251ca34862a01cc37c9d16bf9fa1e5acda6","sha256":"7df6e68379f0c2c1fdcd20def82a313b0d6d938a4f4b45e62341b298c1ef90ae","sha512":"61b6505dc3c6b3064bddd56dfbf1f396e8c401aec60788b40cba99bd05cc2dcb1271e5b1428050769c3f5476b86cb7f943a4bca0477a7d3168b90f2eac40d018","ssdeep":"768:3TaNFG6vy1lEFVdVrVQ0xNcC/wWcVFQu/GPYK3kHf/O6oDmgnkMyCxI3eddKqmZb:3wdvCefVrVPcC1IUjmfkDTksxI3x1SO","tlshash":"6923f11f354b568ce9c47958832bcc13d9db019a44883f89cec9e89362f05947eeb29e","first_seen":"2025-02-17T10:07:52.480226Z","last_seen":"2026-05-27T19:17:28.066618Z","times_seen":290,"resource_available":false,"data":null}},"time_used":3279,"timings":{"blocked":1414,"dns":0,"connect":0,"send":0,"wait":1266,"receive":599,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/appdown.6e7c9177.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/appdown.6e7c9177.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/index-399e2569.1777369843125.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-277f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5ba\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10111,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"716d097b193628397635cfac41b561fa","sha1":"545d1876219bed15fe850a499a08322de6a26866","sha256":"50276d87fae9c1e30a32c32b4e90dcc2e227cabb4e3bb1d60ecb22fb50c5f2ff","sha512":"47ea5928e921bec4ce4d9c807ee921f6115a6dd27af6fa7325e6d988058d22cf36c03693ebc56665203809cfd6d008cd410380e688e90b36d7eeec18ce6aa92f","ssdeep":"192:cALsiDRih/bWKl4Hq2BHZE6+3paMeCsuTvB6hi6tswYmd:lBEv2Hq2BHS1ZaMJtB+tsud","tlshash":"4622d047a584327b826ec79c8fe98c112470ad1ce6f04d5ac44e711128e8df3503baf2","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:21.038991Z","times_seen":1571,"resource_available":false,"data":null}},"time_used":1161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 49050\r\netag: \"bb2aa8a4e812ea372888371e3493b542\"\r\nlast-modified: Wed, 10 Dec 2025 11:52:08 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mcBimlBn6Q01xcMse8y2zliZmLoACzvzJzKBUaIAdz3beYhsx5XgabhlLOnj5E9V%2BLnaXyh0QI9Yv8tkwGyjsdw6k8zXhTcVqZsLhakxM0orP5RQ82l33cgppWhtCenvNenAfwXSr1tu%2FKgPwK46Q0c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65099\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c93069a9d76d-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed0\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49050,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bb2aa8a4e812ea372888371e3493b542","sha1":"4a36a3e778cd1cfaa8cbecc34e70d024963106a5","sha256":"fe97bdaee3660ca686cab03b1ef7af16d387780811e739ac2271082c7d4bb489","sha512":"f5ffb0368751705c8584d3a6bafa79c865cf33c0d4d8e58f06404807864ceefc41d20cd1162c01b17afcbc438a2fb2ed4f92b8f80938387b012bdd10e0ff2302","ssdeep":"768:6UQ6Jz2sCQ6dza0R/4YUaVSjgKLnkBM/jScHyXLEcDs5Op2jbOKz6im:tD5rCRNa0R2aOgKzkKucHybEcLKwl","tlshash":"2323f1d8f25dd108f9c51d3e9ebe898e6cbaeded3ec998c6224cd81c041494678d6623","first_seen":"2026-04-24T23:10:16.759919Z","last_seen":"2026-06-06T14:55:48.62141Z","times_seen":259,"resource_available":false,"data":null}},"time_used":4293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2484,"wait":1205,"receive":604,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/LOTTERY.4e81790a.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/LOTTERY.4e81790a.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-e929\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 65099\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec6\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59689,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"f86c9671c7aed55212fe0eb5219a664d","sha1":"6e765dfb0ce3c646d8c808940071554e78e7d409","sha256":"4ba3fff550a17eff9585d6acbc4a96bd515149510f6a8bb7638985fb4b41a181","sha512":"706aa66f138a3459eaf34f5b7a8ffed3dfacecec6adf14a2e83f1149143cfbb059f97aaaac2032587a80c0e30c62e5b46b07b4dc6f3cf5925e6e1db2a8ed45d6","ssdeep":"1536:Cyp1EBaRnsFt9ZXZj0wEYsRvqm1waPbZsY:CLB+sFtzXN0w2ym1fFsY","tlshash":"914302f36beb0bc5b07adbcf4ed354f0067a71496b42dcd44f4120e61ea6199bac420a","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:55:48.62042Z","times_seen":1492,"resource_available":false,"data":null}},"time_used":3614,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2411,"wait":1203,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202603/_webp_size1080x1196_b15d1708-bfce-458e-bd99-5bc1134b7122.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:16.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202603/_webp_size1080x1196_b15d1708-bfce-458e-bd99-5bc1134b7122.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 48628\r\netag: \"170614bf75e281d0f05503cdeab75a59\"\r\nlast-modified: Thu, 19 Mar 2026 14:50:59 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3KHn8zY7MvIicssUco9t%2BC5n4qM9GJejKRwRuGqL2U3n0CnWDKr%2FkD0wUlkvziCdCzjRnTzIoz0hAaUDJ1DrqO2tvU3Yt%2FMe9Tl8J3ZzQWpmZ%2FTElC8r56CEpyNuy3jRWj2byTczm%2BqarF%2FnWjK4IjA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65295\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c468c9f284f3-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed6\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48628,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1196, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"170614bf75e281d0f05503cdeab75a59","sha1":"32025008b56adf94f2a64724f1b00f55939db943","sha256":"010f104d5782b172955179537b5945b89f7a5ac32185a63d67ea5405d5c13733","sha512":"e11fa01405248d40ad8f95f335734207193356f418418955cafc6ebdfa04f5a08d8e304d23c34b211fd9dc7cdab36710694ccd0585c79778a156bf214750346a","ssdeep":"768:tk9BmrgO1s4wjUc8pqYtHwHGvhSgV1iCdmcmxWSqZA16T2rrKhv0cQ6ZQOc4vS9P:tkbmrgO1srjUtkEn5LTdmcmxnqC0aKhm","tlshash":"4223f124d4de0cda1978e776f637574cdb8b325fabc4601f82c9499f800ab04c6628ee","first_seen":"2026-03-20T12:57:26.684793Z","last_seen":"2026-06-06T14:55:48.628676Z","times_seen":361,"resource_available":false,"data":null}},"time_used":3820,"timings":{"blocked":-1,"dns":0,"connect":0,"send":1716,"wait":1206,"receive":898,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/assets/logo/favicon.ico","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:10 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 585615\r\nlast-modified: Fri, 27 Mar 2026 09:31:20 GMT\r\netag: \"69c64e68-8ef8f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458570=hwFUt6D6i2fL1UURe4sGEBvrMw/YVGR6bxvoCSzBA8SQDSvMxpWv5016KqAn0A4wS3EhcT4K1+zUBND5XfHOyCSjzJW4ww95TEGkGeLeNmxdSw0Z0fNBJ/Wq/gDvWZ26iWz8M/c0wWw3c8Vexq2v3yv4idIn0zcpE/kr27OApH2LLBPXP/uuhKvtHPSE+XNH\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642e95d59f\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-06-06T14:55:48.648798Z","times_seen":415,"resource_available":false,"data":null}},"time_used":5534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":506,"receive":5028,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/heying.d446c85d.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/heying.d446c85d.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-591\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643113d5a6\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced","md5":"c0d0c516850381dd1ca39dd94b08f21b","sha1":"54522affec52debd9c0bd3784f0ce9bf692f5d6d","sha256":"301cbb9a8c3fae88d732c8b8fdfe40113e3257831d37150e95564cc0f9b8fbe7","sha512":"6d6b1263f2de2b35237c784fd0aa127c469f8b6ebf347ff1987d791611d5b36f0909f3a81f9db6b1571756ecae60454d854e776e5ed782acbdfcce4fda2b9c86","ssdeep":"","tlshash":"dd213b5023742cd0e8ae3457ef12e5fdb823417994f8dd0c99b9bc3e84908b1057a48e","first_seen":"2025-09-04T00:49:32.953523Z","last_seen":"2026-06-06T14:57:21.025161Z","times_seen":1563,"resource_available":false,"data":null}},"time_used":1458,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1458,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/zeren.c0aa584f.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/zeren.c0aa584f.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-cfa\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5be\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 130, 4-bit colormap, non-interlaced","md5":"217588cbcd6216a09cac17953ae710b1","sha1":"de250755d284bb75dcee38ee45f2fc839987dcba","sha256":"24c2821b322d0c9087bcb0727dc0307311f6cfbb52af9f8a93308e48705f706e","sha512":"da190054ec0862c9927bb3bd928481459d53d4d778e9b2928c2507f2a34df5791d43adda750fcf184b767c1ba3a3f92e45dc57242a80869e253a9b37639abb4a","ssdeep":"","tlshash":"50616c01eb9130b8129c286701bd3fcda4c64d993d203d798d87b29bd6f970d288b123","first_seen":"2025-08-29T11:05:53.326961Z","last_seen":"2026-06-06T14:57:20.972369Z","times_seen":1505,"resource_available":false,"data":null}},"time_used":1159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11920\r\netag: \"013c35e9baa4c707701c1a2cf8534d3d\"\r\nlast-modified: Tue, 02 Dec 2025 14:08:51 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PY3ZW2HtLLDtv57pj9knEukk1fBF%2FPTwPO8dnGimjCeiVSESHbS1cRDbatkmLD2rCaz0SDRsM6IZfwjf9%2Bc6YRyliW%2BD4BVRNLIEEtuEMZe9Hz6Rb36ThgeHcn1t6p52xS7Nkz8DgBdsbPkoxJa9xEo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9305852dd40-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5da\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11920,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"013c35e9baa4c707701c1a2cf8534d3d","sha1":"2139b155d847e1eb2d17fc298760cb039598f89b","sha256":"f1d2851323d84d5dde72bf02ab6ed8f8f55eddc2a9607799e1ff211e0ede29fd","sha512":"e80a60ee340f8de57181fe71da391673d3bb834b91b622b5032c3674e8b85ee3c1610574b1b1d883b42e94d94a45823a63657a90cfa2062674776ebe9637c8cf","ssdeep":"192:H0RkcJGKX9YQtzAe5IIq83lxzCfVJGpYWrJUcm1aTfRbuArP+UcJaYrR5Vc:UXGjQtzAxILj2tJGrJRmETflDzcoGR5V","tlshash":"ec32b065c3da9c54c4027bfdab0239f95c5e7b45783bc7de68893d150288f90be218b1","first_seen":"2026-04-24T23:10:16.764405Z","last_seen":"2026-06-06T14:55:48.647257Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1320,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 69284\r\netag: \"1f023b2fde7cad748f40bc1d26f7bcf5\"\r\nlast-modified: Wed, 10 Dec 2025 11:51:05 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2X33bMYuNE2OgJyWoFDXZW%2BQXUkSz2chu6EliFW%2BSN8LyqwbY%2BP5t5oQo1LBNr1rv%2BCdfA%2BosyuYb8epfpSDn5jYi%2BXzQnGuF6UiZ2gkzeRgXL9NS49kYT1ap6ODN4R6tKq5xd4mdU%2F2gQhnAsWLePo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62636\r\ncf-cache-status: HIT\r\ncf-ray: 9f97054e0947e694-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed8\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69284,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1f023b2fde7cad748f40bc1d26f7bcf5","sha1":"b6f87014c3efd309dd208adbde662efd12ed1630","sha256":"37500d21d34445843f3857ddc61970168d68b86f1f37208f3e0b05b5fe1575ee","sha512":"afc994859a75b3a91939974cdd03b6973f68d7e5be316f8a67ac60412782cb748d7ad3b7b7f62d931496e61c198098e6ff42f280ec5c5ed40164f5351dde15af","ssdeep":"1536:LQyDg35QNQHWhyCUVgapIL88bSxgjfxjgS1xnVluzXj1/7qLE0rOFXrb:8qm5MQvC4gapxxgFjgQn7ax/kE0rSH","tlshash":"d66302cf2367021ed8f7a779922a46dda041f25ed16a73acfc919d45f88221726ec09c","first_seen":"2026-04-24T23:10:16.798872Z","last_seen":"2026-06-06T14:55:48.675677Z","times_seen":247,"resource_available":false,"data":null}},"time_used":4603,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2483,"wait":1206,"receive":914,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/SPORT.aab253e7.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/SPORT.aab253e7.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-d854\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 65099\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec7\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55380,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"3990a0dcf110f100c97ab413079e969e","sha1":"8087b72a149b71f4f5fc43b0f8bc07b89b621583","sha256":"6ddc189e7780b1313933d4903be9fbf6644b6a590e9aba83a6e4e50fdafb170e","sha512":"6b092584d42ec1423ecb94383907f29571e93308944813286d6e74b10f6eccb27536924220780f9a080dc259a095718a33f0757fc0adb04d737c83a6fa1647e5","ssdeep":"768:aEivx5zbZ4L0zze87wWbuKu4YIsZdCPX4ueh17yEs7NsGJSLsBQ1MDAaYHKJTbYC:aEi3eL0za8xbw4UmXI1VfJIRDYqz6W","tlshash":"bc43022944944c242384f1a6ac778dbc6dffa348a5f38f639a842bec7dcd84d95f4811","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:55:48.652041Z","times_seen":1504,"resource_available":false,"data":null}},"time_used":3618,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2415,"wait":1203,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/5710b9854c0f4785a6118d0944488974?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/5710b9854c0f4785a6118d0944488974?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 145872\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 90975\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"5710b9854c0f4785a6118d0944488974\"; filename*=utf-8''5710b9854c0f4785a6118d0944488974\r\ncontent-md5: JGVtAkS4A3CB552Vfpq9pA==\r\ncontent-transfer-encoding: binary\r\netag: \"FuPeCttkhZKm_KfaEaKV2S_JbSst\"\r\nlast-modified: Mon, 04 May 2026 21:14:56 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: rBVhzovN0\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: bFcAAAAEfXnpB64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":145872,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"24656d0244b8037081e79d957e9abda4","sha1":"e3de0adb648592a6fca7da11a295d92fc96d2b2d","sha256":"1cebf1fbfec8578d4811c7ee2cdd146f71595896dc5c74aeded8913c53a54c2b","sha512":"4f3b0f53db5a6fa5975d24870439c413eb5be9796bfc197b56a333efb3f807791b71954237c3adb556e454bedbff6ce015d194b7e4ed291151add8a526a256d6","ssdeep":"3072:eVZMGiuE8xSeDTT9eFwf+zFFmBPMzYu+U8VrvRej3pM:eVU8xSySwGziBjMUc6","tlshash":"39e313d24887d770d4e46abea74236f917a2ddb5f62e9fb10b30d97c8407a5900e2864","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-05-11T00:18:41.225349Z","times_seen":293,"resource_available":false,"data":null}},"time_used":3393,"timings":{"blocked":1462,"dns":0,"connect":0,"send":0,"wait":1077,"receive":854,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/index-399e2569.1777369843125.70d3d47c.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/index-399e2569.1777369843125.70d3d47c.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5cf4\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d596\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23796,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23796), with no line terminators","md5":"6b35d598f9222431824849a2ef5b6359","sha1":"c7409a8c4b4e0d925aabc7be2afbb31941494256","sha256":"b82b7f362bca79155342b54e2494f4086e7181eba033c4b667ff885b2bc33439","sha512":"3fff55c5f39ae811ca094e65168d57fdd6ddeafb608e8209b24ed3587dbdcb4580c09ec8361c1db0557843a26bd10552e9a5a14ad827c876ecccef7036d8e689","ssdeep":"384:EZSANHmDGj4aePlBTSQwf+q0ht1wtzgNA2K88ZdZ11YcpK21p5F3oWf0Af/nBtUM:HnDGcPPlRef+BhtutUHKTZXYeT5FYxA9","tlshash":"0eb2b6e53392bdb4c24f9276f23a68ecc43f9151c34fc4f8d264bd947c98644aa92784","first_seen":"2026-04-29T03:41:13.403184Z","last_seen":"2026-06-06T14:55:48.612049Z","times_seen":352,"resource_available":true,"data":null}},"time_used":1738,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1738,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor_web_1.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_1.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-a556\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464312cd5a7\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42326,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"e0ecbe5a9349aaa328ffd6f9515f9007","sha1":"79ebc30d345c812a3e3a122f152829d161b00a52","sha256":"452d27839b3f3f35d11c9a26f06d6cc9db56dc8c61261ee43e0512f69abf71f4","sha512":"fd322bf3ca925ce2eb45317adae1dee0f1c2e4f30035738052a97ccc054ffb576a92a46758559c8d13cff6be549caca5541d14c5692cbec2758ab2b3c7f3324a","ssdeep":"768:2o9mjFjepo5h5jLasrCO57PIrvmMOSf4t7q5bo6Wruv9CSMsfRLMD7XZ0:2ogpymTxRrwmDSM7mbo6WrutR60","tlshash":"8713f2ebe1075d80bb946c9b3925eec61da50f047bc78d68c5e055f921290bb0fa33a7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.956154Z","times_seen":1621,"resource_available":false,"data":null}},"time_used":1433,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1433,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/noData/cms_moren.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/noData/cms_moren.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-4d14\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5c1\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19732,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 214, 8-bit/color RGBA, non-interlaced","md5":"f3c825751a70d4aad8da2ce57f76acf6","sha1":"732da443668abb03a79a70df2d0ea8d801158655","sha256":"c395f4c1941459ef620f6df95fabd39f9ac98e03f6a389886bf224157557ce41","sha512":"a3b3fa2a216c10d331fea4771b916825d0605b94e21ac242d152d7c5e4b984cf3baad7a3fd071dde3432162037514d756cce1a0f699baf3dc98eaf75483c91b0","ssdeep":"384:64pTwcIHFqFpIlD8SqhwFLW/na2PvyQXSOKvOi58KUezsTT5ZOon:67XlROe8WvOAPHQv","tlshash":"a592d0d8abcb6705bb132b43b941a3558e0dfd6a130b9bb131782805ee16151e8d7e3f","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.043292Z","times_seen":1629,"resource_available":false,"data":null}},"time_used":1156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor_web_2.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_2.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-a049\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643132d5a8\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41033,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"66036fddf71ff69f45c146ca63883070","sha1":"4b3076a271d5042ef1b6cffc2ff49f421a819f08","sha256":"93c59a52fe04b0050dd4552a135177533afbe2dec54f10c516610b0dee857e0c","sha512":"29c2fc65e144e5d13c011e4897e0bdf771c7b4c249875eca4fa25589625696c71ec015e7e8ef3a5ee45f2a6ae9df3663da0bb736a6fb13c9628f0d0957827c71","ssdeep":"768:6eyNeN9huVfPKv0KhazApErcA6cFKSkS+pbTCx81TxUqIUgYWxDHc9wZGbYGniRl:6eXXh8KcQakywKK++tTCi6xD89HbxiD","tlshash":"b003f15c4c413e7777f19baae00ac84224d11fd4fdd5e3e61a8bc659a843a68bc2540e","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.001133Z","times_seen":1619,"resource_available":false,"data":null}},"time_used":1427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/partner.dca3fc6e.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/partner.dca3fc6e.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-7129\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5bc\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 151, 8-bit/color RGBA, non-interlaced","md5":"7374b72d05130af2d77119eb0eb4ba10","sha1":"5b3e5e621329685de250121b2fd9c798f46f7d65","sha256":"059a622a7f1f0f1f239d624f19b0f5531c0f0aedadb8ccd40d2570a76dd56752","sha512":"c2d0f744838a882c8ac15de6bb0bfbeb3dd2f31550cc7a259b9890ea38eddf835902171c1346ed7e1d2005ba18b929d598002d60b7355df72073d955521b18b0","ssdeep":"768:tAAoY1X4ITISUWhiqmMiuCaUENwHoacq8zqWx6:abaX4SIYIdMMow8zqi6","tlshash":"a2d2e0ecdc3058f1f533894dc979813a6f3886ba05e359817a36f92bddc3e8506491e6","first_seen":"2025-08-29T11:05:53.287538Z","last_seen":"2026-06-06T14:57:21.039453Z","times_seen":1508,"resource_available":false,"data":null}},"time_used":1159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0f78b2c578264a668ad81706cacbcd2b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0f78b2c578264a668ad81706cacbcd2b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 6900\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 92751\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"0f78b2c578264a668ad81706cacbcd2b\"; filename*=utf-8''0f78b2c578264a668ad81706cacbcd2b\r\ncontent-md5: 8L4tkhVwaue4Im/ZOyXwkw==\r\ncontent-transfer-encoding: binary\r\netag: \"FvbRs1XCprVjMNQmY_Ud3gxiYhW7\"\r\nlast-modified: Mon, 04 May 2026 21:14:48 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: FY12F3e0X\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: rEoAAABCbgNMBq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6900,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 84 x 97, 8-bit/color RGBA, non-interlaced","md5":"f0be2d9215706ae7b8226fd93b25f093","sha1":"f6d1b355c2a6b56330d42663f51dde0c626215bb","sha256":"be614921600d694cb821847f174986b3416fc494a1ba35f5781fa7833e9525ab","sha512":"6231ae180811457d5eb6f5f1f44e4f49ad1d380fd49918836e7ff30f174ca1136d7839905d821e01d9b91c73db00229f56c47c2a6aeac9a2ebefcf99071f4e5f","ssdeep":"96:Yx1us78Jt8UAf+KoqCJNcb7MP/AVEijzIqUt0Rel5/FchbgOvmkQLhZOXqr90uQQ:KIJt8UAf+KHCDEQXesXmbgUmOy9ZQ2j","tlshash":"eae1ae344df66dfaca601ec63183438dd3f9a1c3a02230bb7ac65327bd20b210c89c95","first_seen":"2025-03-16T19:56:39.558569Z","last_seen":"2026-05-30T17:21:02.067784Z","times_seen":199,"resource_available":false,"data":null}},"time_used":4074,"timings":{"blocked":1521,"dns":0,"connect":262,"send":0,"wait":1264,"receive":352,"ssl":667},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/94df80ba76054077ab2a320c7cbc54f0?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/94df80ba76054077ab2a320c7cbc54f0?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 28278\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 785\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"94df80ba76054077ab2a320c7cbc54f0\"; filename*=utf-8''94df80ba76054077ab2a320c7cbc54f0\r\ncontent-md5: R81sdVX0pd8rd7WUHYA+Qg==\r\ncontent-transfer-encoding: binary\r\netag: \"FhGXhqrigDWVwjjowGDRv29LUqGd\"\r\nlast-modified: Mon, 04 May 2026 21:15:10 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 97s16FSbr\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: dfoAAADYpInwWa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28278,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"47cd6c7555f4a5df2b77b5941d803e42","sha1":"119786aae2803595c238e8c060d1bf6f4b52a19d","sha256":"0332af88d8d000516abd9a33336ede81a727d45c770101b7fff30b05f4ce13bf","sha512":"30fc159d791df23285d2a3348210bba99a468d59ad8ad57c0ec71dc135cd5b83ffabb38715e924b78ef553a2c3e27739c5be5935d457ea84f787daa14fbafa5e","ssdeep":"768:5h1+seDmiM/MTqGVgxbo7/iw4DNpFgZ6kYzNRG/FE:31tXiYMpVgkrQNpF9BRG/FE","tlshash":"fcc2e10ba3b8293e94dd81b15cbd46e67c71ede14f8a65889d0d509a19cd670e337c32","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-05-11T00:18:41.098684Z","times_seen":53,"resource_available":false,"data":null}},"time_used":2997,"timings":{"blocked":1431,"dns":0,"connect":0,"send":0,"wait":1106,"receive":460,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/pay.8f35ebe1.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/pay.8f35ebe1.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-154d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5bd\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 492 x 132, 4-bit colormap, non-interlaced","md5":"05d444b76263f6958a37ac82e45daa67","sha1":"a067d3a654da1ec4c51d8f049aabaa112183e355","sha256":"49166910b376f5487f30174e60fcf13aaaca9620ef1aa58cfb2c94a8c111ea8d","sha512":"7d276d57b068ec4a0125512e0781c501a96bf6c30b30304d247251190c6421a9ed7a03ec208a590d19d9a1183e3837b06d141bddd99abb7b0ee4e2a1ba28b28b","ssdeep":"96:u9g9Yof8+keuD1Kai/MXG5BHMsDiCNPFH/qX4iWXnqvcIzDRHSVyl07TrOKCm0R4:u9g9rJuYai//7FiSXnqvNYGmrOKcPwzp","tlshash":"74b18e749d6efb2a26b315c30d7499c21ea45c9e0d94f1c2244776963c732de3270985","first_seen":"2025-08-29T11:05:53.301829Z","last_seen":"2026-06-06T14:57:21.018191Z","times_seen":1509,"resource_available":false,"data":null}},"time_used":1159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/download/download_nav.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:14.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/download/download_nav.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:14 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-2c05a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458574=sSR3u4pqOLMT80gJ06VEG2dxEqnS8HIfeEHxsy4pHq/5aSCVUTSik4+v6aVHviY3K/n1pmvNIBrxj55+zks33rLnxAWfZPvSwljdnBfySeja6H3HDhcLgfxxw/8QnQD8tu0I9UFspsvkA0OhOrp0ii0pD90G1++W8mbD0ggSXRhBBlSUe2UZuUrg7KqgiUo/\r\nage: 65103\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643f46d5cc\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 820 x 600, 8-bit colormap, non-interlaced","md5":"87eaffe415a7eb41b7b4b8a868bb3b32","sha1":"575618003efbf8dc8ea781379aeff463cd0cc498","sha256":"4264138e0c015e52e3efa14e34ce9c52490316935b4667756ea631b96eca64dd","sha512":"2b06fbacffed6de2fb1d4a6db2cbd0d9c5c790f9b5a10a6dceac64ff69d300f20628c465a720102da9bd857c80be886ab0a37848929741d2bdef6eddbe0de8bf","ssdeep":"3072:iWlCRQlVF5aSW/mUdJSu3405ovKFzkRKcZjF9Km/mKg/hPFsQBhXRU0K:iWM2I405oCRncZHL/mKWBhXRU0K","tlshash":"0f0412cc23773ffbf8a0865a83fbc1599c3bfd0824e56722ea1662b5186053145a59cb","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.009145Z","times_seen":1450,"resource_available":false,"data":null}},"time_used":1205,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 91938\r\netag: \"d4f654e067ee701e55c386cad6b53574\"\r\nlast-modified: Wed, 10 Dec 2025 11:50:44 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uyDzE3ceZ2WoP4YcW73WA9khqxU0KR4mrK4O39xNQ%2BR6A830nC4%2BBK4H%2FAh5lt%2B4yFiHCT954GrBFAI9ZJCf20S8Ro9IHCJ4cUVXKvKoRPEOLC2yLhyOHpRQ%2FcMTpPs0uYVITTS%2F7tQmkiTx%2FTDNv3Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9308f74d50d-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5eb\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91938,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d4f654e067ee701e55c386cad6b53574","sha1":"a0f6315ed37b1a5d5da601adfbcb44cad2d9f5cb","sha256":"cd9f33e85a633a73214e9e94255ec27a3d272cadf2389345b6d240d4e36c53ab","sha512":"701a8be639fbb3dbc5670d9789cf01c3175d632a7902e3cfbb769e80fff9f420c10befecfa030adcced409dd26c2ae2afa1fcf617c7371bc6984b378685d184a","ssdeep":"1536:XsUxLKKnLpw8UtfepacmJUm70Cweits6VTpJz39R9s8dBmdEbi/pS4l8KjVIVAMo:PBLpw8UtfqyJUeueitTVbFs8dpbQSvK5","tlshash":"df930205f84d4f1dd86a31e6e142309c9472e0a83213cefb25b3f53997935d52ea6f48","first_seen":"2026-04-24T23:10:16.740253Z","last_seen":"2026-06-06T14:55:48.670001Z","times_seen":256,"resource_available":false,"data":null}},"time_used":2043,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1573,"receive":470,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/8544.1777369843125.875d684f.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/8544.1777369843125.875d684f.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-3ff6f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d593\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":261999,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"136fc52b262ec03558367f9d050dd488","sha1":"42d2e74acd67477c27524bb4b17399c3c8a5044c","sha256":"7c0850eefec0bebf32593d27d1d85e262ddea0700c9179c4a1396556d6ccf3c2","sha512":"c7c19dcaf0d7f95397efb2d6e96bf11b3e750a26bff4e9bf6a1ed4c53e3b16b75dd5a728e2d2b490b0431acc27ff1849088c26999912f191b672a683ee2b8333","ssdeep":"6144:y/rOTURxxB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:qiJjytgPJPT3p2YpHrrL","tlshash":"bb442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f295ed90be7555c927fbfc","first_seen":"2026-04-29T03:41:13.358323Z","last_seen":"2026-06-06T14:55:48.672826Z","times_seen":356,"resource_available":true,"data":null}},"time_used":1737,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1737,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor_web_3.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_3.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-9faf\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643133d5a9\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40879,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"c26161f438986f6e2d677c34d653285e","sha1":"faf6c47a013a9944bb8cac197688908422992039","sha256":"58d11e173550b3420b35c4e4be3eeb76b59ac790d9fb59b535ffe55d3b470fa9","sha512":"97649de556447ef6aa6cdd7d0bec46837cfb328335daa3b862cbaa5e23ca5a8f2af296703c9e961cbad02bb797ebf1f99ced2d1d245fbbb3a428e39d26428c76","ssdeep":"768:ub+4OMIuYE3McXMuDR64Q7sRFKJdsCA1Hunj5tyKxGGTVtkDGlT2oTO:uS4OMXYODNDR6XsRFisCAk39t6oi","tlshash":"db03f108254f2d4466ec90bbc7a1e0f7ee1d103dddb7e30c35a685163e46ca559fa0e6","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.042744Z","times_seen":1612,"resource_available":false,"data":null}},"time_used":1426,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1426,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202506/_webp_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 148768\r\netag: \"2c43663cd3eeae27a4e751556307f507\"\r\nlast-modified: Sat, 06 Dec 2025 06:32:06 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fZPrpJljrUtvwl5fzkx2C1h8VcMAGeg1BKmhcW2DAiUQFMlrWx1fkinnopWst1AKCBAlpu0Yr57ZRWuXMcRQ9fz7nMocwxI%2BbA98EM2H%2BdeYZirXgIdhep2unYfyq0b6V%2FybgZHtQ8ys292iAtOyuJU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9305cbce885-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644280d5d2\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":148768,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2c43663cd3eeae27a4e751556307f507","sha1":"231f268ff0432bf21cea23c1a2cc12003c10f7be","sha256":"cdd625ad600403b36dcbcf589300926ee189bf9d47b2cc2c0715f91c5f6968a5","sha512":"d9ba3dcde4fcd162ea361339bce1c4b8313875af3fe94297a7a55cb8d245e815421dbfb9e5017c19e6a6d50b5ca654e02a326190c2e300b0fd369aa245726567","ssdeep":"3072:IgpSjBxCU8A3MroXYq21tKxGDaxxoyg4KtBHs7T8YMA4q8B4:IgpSjBGYuOYqGKx7ygoBqT8Yln8","tlshash":"3ee313b7f29017bdda91ca376b9f02f832041f64f4077e34a5509801839daada2bb572","first_seen":"2026-04-24T23:10:16.7755Z","last_seen":"2026-06-06T14:55:48.561403Z","times_seen":274,"resource_available":false,"data":null}},"time_used":960,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":719,"receive":241,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/04254c2ed2914a8487cffcf2600136e9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/04254c2ed2914a8487cffcf2600136e9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 35168\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3728\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"04254c2ed2914a8487cffcf2600136e9\"; filename*=utf-8''04254c2ed2914a8487cffcf2600136e9\r\ncontent-md5: CUU3SQbWTu4eIGr3Acaa9Q==\r\ncontent-transfer-encoding: binary\r\netag: \"FrcTrk83rEKoZRff3DreQvFjik20\"\r\nlast-modified: Mon, 04 May 2026 21:14:57 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: ReL1iPPLt\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: xrMAAABDCltDV64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35168,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"0945374906d64eee1e206af701c69af5","sha1":"b713ae4f37ac42a86517dfdc3ade42f1638a4db4","sha256":"38b539349a147e27e378665079a9af62ef31fd2687bbf6c8e7a457514e77fc8f","sha512":"f46b6e7967157dd505b51724258fe452a883ca03a0db5e0bf5860dfc5574c2490da3abfc3e6e67e97c671eed629397e5d937a0a8625f86d7722deda99250fc9f","ssdeep":"384:zfNuLlfWr3+wkuo4BPjEQM9WybrZb6eNnTpL7lcrizujwJnxLwQ/zpNcl7WRaJ8t:TcWjx7xe4yXZbbBpLicnhT04IlqDksdz","tlshash":"2df2f1b96031b13583159ce0adc81cbe2b950f3d027ea393422759ca6b5ce39e9f45e6","first_seen":"2025-06-12T02:01:24.085617Z","last_seen":"2026-05-11T00:18:41.128573Z","times_seen":18,"resource_available":false,"data":null}},"time_used":2846,"timings":{"blocked":1455,"dns":0,"connect":0,"send":0,"wait":1077,"receive":314,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/13575.1777369843125.cda1d494.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/13575.1777369843125.cda1d494.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:49 GMT\r\netag: W/\"69f08425-2f97a\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d592\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194938,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"eda98cc14e8c025a359a009951750a20","sha1":"b54dc08d49209bb6953641b57cead1ec1e92d823","sha256":"636dbf0f9dbb30ed3d15582a38bbc4c1857fd1affbe8be077182666b906e7f3e","sha512":"fc6837e6c1ebb1b97998b81be6fab0614b1d30dd0494527bb2fdcaa139d3d26a16798468a172b13ad982cb3ac0651e22ed1d8af5ff62fc501babf9c04c104659","ssdeep":"1536:X17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:hjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"4a141a84764170b8c396a165322f601ae22f789650dd9c24f3789aa47f7470df26fabc","first_seen":"2026-04-29T03:41:13.356911Z","last_seen":"2026-06-06T14:55:48.629254Z","times_seen":357,"resource_available":true,"data":null}},"time_used":1737,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1737,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor_nav_web_3.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_3.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-1cf4\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464323bd5b1\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7412,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"eb94a297c215863d5d2232eaa67f4779","sha1":"d006f382f63ada4e4ef65d124a75eac2e4e72dd0","sha256":"6bd46b617bf27cb28fb798d50b2d6daa2aaed1a278ed50e9aa549b6e4fac48c3","sha512":"dc7759393acb5e7d1a635b4d91d73e84abc41fe6afde99a85a8e4ed6f4f8b1b5819bbcaa80b1c213c00c89df8b81db512a7bff142b24c50565ff1e6289f1a30c","ssdeep":"192:Sfq39wgHGYB1fcUWobKUUR6IHaDmzDxfbTow:uQ9gCEUWoWUe6DeJQw","tlshash":"94e1ad76a7f6d695a6b7908cfece94050fbba2722c6352762b7b8c02170c339525b411","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.971089Z","times_seen":1560,"resource_available":false,"data":null}},"time_used":1164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/api/tenant/domain/list","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /api/tenant/domain/list HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nx-request-source: https://j53g.vip\r\nXign: UKnw6Zdj9hFmaUCMVM1a6rbTI49E+eT6DBrN5loctxwpDJ3MAFcDHLwnmmurr8JC+ofHTOSMzDNLCgYjcqfM1ZlHi7/IAwKjPdoO0yhyqMdRDsJSEvUtQQgPOT75Lfik+xiHCsOeYRx5W/BRkJ4sskhxYgQHnIEfu+1Us8lwTc8=\r\ntimestamp: 1778458573099\r\nsign: 2702i7m581tb3a4s\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\nexpires: Mon, 11 May 2026 00:26:13 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439e2d5c8\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1108,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5d9e96bd132a2c24281ae50f2b09efe4","sha1":"503ea18100d0f1573baa195933355a1372e93841","sha256":"7f205b18b5deaae96622989dbc8ad73999a9616e96ef26d909f19525deadb328","sha512":"ab5a589dc81944d2fe05d656777e9e490d42a2fd68c7e577387cfdd47c9b0c5276ca2f91a3868407c373e500d00bb5360a5ae035c7c0cb1addf47f20755a268b","ssdeep":"","tlshash":"fb11c6101c6f12c8d6e8d29263503345388d8b76056db91b69d6b74fae0583a32120a4","first_seen":"2025-08-29T11:05:53.144028Z","last_seen":"2026-06-06T14:57:21.015179Z","times_seen":1589,"resource_available":false,"data":null}},"time_used":1636,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1636,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor.json?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: application/json\r\ncontent-length: 646\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: \"68aaab45-286\"\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146431a5d5ac\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-06-06T14:57:20.956662Z","times_seen":1751,"resource_available":false,"data":null}},"time_used":1610,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1313,"receive":297,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/bj2.a8fabbac.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/bj2.a8fabbac.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-5809c\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b5\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 641, 8-bit/color RGBA, non-interlaced","md5":"e0fe8ffeed1841f74df53c3b0c1f2db0","sha1":"77bf6dfe664cdc936776654af151f49368479ec3","sha256":"db4d87e8a403e388c54dd5d114b738c82e1d2dbe65b95630fd5782179f0d7d54","sha512":"825bf73262c2b613b6a8a8397f869db6b2cd4118e554689d228503e7a04c4e674d49c5649e4ac8e2423a7b526c0f6621c259566d0e9bb6ebfa0712a7352968fa","ssdeep":"6144:iAHwIFRCiRIygxWS9v34xfZzuwbIYGzl8BPp0eIiOk3Fg7la6RUIs4pU2:rwy0IgxDEfQwbjw8dpmiOiFgpLHFU2","tlshash":"2874238d711d48cc9c9b45003dd82d9e1c55aa2f7aab20b58264fed24d17ddeec0ea3b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.035921Z","times_seen":1505,"resource_available":false,"data":null}},"time_used":1163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/bj3.a7dbd558.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/bj3.a7dbd558.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-16cb\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5b6\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1003 x 171, 8-bit/color RGBA, non-interlaced","md5":"b79234bcd23ce7e063481b3605bcdd45","sha1":"eace4c48cc352cfb10fb6fcffed50748f18aa78d","sha256":"2dbca2ee9a515b178cb6a5ce670a5dafa30941ad8c753fa3e94642f8dacca13d","sha512":"40fa685181391f1ca805440f53683045d1fbd5c0f36cf471f53641c6f289481f42fefc4d1f2b2fdfe8a20d7488ef0537f10352492e46af76770b49fe8876def7","ssdeep":"96:brOIaX7VK+RUSrZ3rnZ1L++y+hsVoK4CBVVikox3n0muoE7Nqh7zwGto:K7VK+RBZ3l1i+y+3peikr3oEJqh7MCo","tlshash":"91c18f03f313ed339b875f190abe4dc3498b2f9a4725a7d6285b5aa89654819c062e82","first_seen":"2025-08-29T11:05:53.328141Z","last_seen":"2026-06-06T14:57:20.964609Z","times_seen":1564,"resource_available":false,"data":null}},"time_used":1163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 73676\r\netag: \"41e79b39dc26bbaf7f40e04fea71c634\"\r\nlast-modified: Wed, 10 Dec 2025 11:53:06 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sPRB9n6wkXoqEvac9Xh7hdUMy6VEoPCBAfRbFsL0qVbW0YJyzpI6wp48qSoyfTM6Ih1iAJsEZw8Jg29wcqczK3IomU3MokJzPyGNI0lB7KM%2F0GhRZcgD3ALNKR7b9V9tCuEyCzqBz5f24u0VcEkooLo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65098\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c932d852d62b-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed3\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73676,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"41e79b39dc26bbaf7f40e04fea71c634","sha1":"477586286821f2dab7b013e04ff4921b7719f121","sha256":"a6091cb61f7968a02345dfef2905c4f62f401345fb3fd5d2bdf5306416b50d90","sha512":"5fd2068c26d3d5e6995cbe847edecc9145c7abcdfee76ed94e1db9b97da7abb651e8dc990d06f05d2bc9b04cfbaa5c9cb41fa32da479554d64e47eb91e01fe56","ssdeep":"1536:Dsmee6MaqRp352dNFckeb6yTb6Kpmd4xIccPip688s23Z72HuJjJrl:gEaqRfoeb6yTb6KsdiIccuE3Rfrl","tlshash":"c7730143ccff7298de2c687e0d5e0caa191442443f8c0ab3e6e5615571697af36b32b8","first_seen":"2026-04-24T23:10:16.752534Z","last_seen":"2026-06-06T14:55:48.655319Z","times_seen":248,"resource_available":false,"data":null}},"time_used":4601,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2485,"wait":1205,"receive":911,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/ESPORT.4f4b51d4.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/ESPORT.4f4b51d4.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-101b0\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 65099\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13eca\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65968,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"29610094acb703084f79c42c17547a7c","sha1":"3c824ba387e36bcce1a5f1d0d14b513fb278db9d","sha256":"8c3dc9ee49224eff4a37ec488ff0a413f3150ec7a62640a466a802750a573146","sha512":"db986acc62bb0d35583a1c298b468e1fa7869269c738eadc82b944b1a8f9b2c0723087db8a065d60495938e834337e72e3c438089d1d02ff90f4983e0d6461fb","ssdeep":"1536:ObUUUNbT8bJcHe4DyC8KLT/KKeRfm4AH7XAlzS7M2Z:rbgNcHwE/eshbE/2Z","tlshash":"b25302e1df60cb022efe65ca89acf12ae204a0a61476453f7a231d6f3744016af973c4","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:55:48.642811Z","times_seen":1494,"resource_available":false,"data":null}},"time_used":3617,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2413,"wait":1204,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/11350c0827c441b899de6cb3a98a50d7?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/11350c0827c441b899de6cb3a98a50d7?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 49426\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6469\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"11350c0827c441b899de6cb3a98a50d7\"; filename*=utf-8''11350c0827c441b899de6cb3a98a50d7\r\ncontent-md5: t4r/aYmcN6P+0k9YjfbWEw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fiwi4wDbWAlBLbCCZFcs6L8ikoUh\"\r\nlast-modified: Mon, 04 May 2026 21:15:47 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: nrpRkM31t\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: PF0AAABluznFVK4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":49426,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 270 x 300, 8-bit/color RGBA, non-interlaced","md5":"b78aff69899c37a3fed24f588df6d613","sha1":"2c22e300db5809412db08264572ce8bf22928521","sha256":"4f7c1741bf98639e6b2bcc0165ff5f44934b480ca7968d212886165d19c76ec3","sha512":"80095e5f0e6433a6df142051df4653c0b99784d00ba75916dde7839ca1e7f3cd4de18371dfad7a39590ec73997a89a2951b2a3fc4ba8177472496bca8c04e7e5","ssdeep":"768:8z8HSrOvt96UNpN3zRCOlDSr7S/voL3Wo681dkn90tPMMxAXzDGsfn2sVY5E7:8gHSrrEpRzRCUoL32HitJjsf2AH7","tlshash":"482302daba41a044463c313cb4499106dc0a39aeccea170eb478f29df61746fd31b4bb","first_seen":"2025-03-31T13:06:08.154162Z","last_seen":"2026-05-30T00:28:50.645384Z","times_seen":11,"resource_available":false,"data":null}},"time_used":4962,"timings":{"blocked":1549,"dns":607,"connect":253,"send":0,"wait":1266,"receive":605,"ssl":660},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/3fc7987c9bed4733a7650378f1ff3c53?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/3fc7987c9bed4733a7650378f1ff3c53?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 21854\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3668\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"3fc7987c9bed4733a7650378f1ff3c53\"; filename*=utf-8''3fc7987c9bed4733a7650378f1ff3c53\r\ncontent-md5: rJDKmWNFYU7HdtGMz/Olhw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fg4XHj_-EClS_7HWIPQpBmnCJAqY\"\r\nlast-modified: Mon, 04 May 2026 21:14:58 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: RJJ0lrGmI\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: eM0AAABZkz5RV64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21854,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"ac90ca996345614ec776d18ccff3a587","sha1":"0e171e3ffe102952ffb1d620f4290669c2240a98","sha256":"1accaf8e6953c0f59b38cc504b2eb46867323cd9a294489a330080770e649ea3","sha512":"4dfbb1e9af1358c035f38772b9c1d4cd26709772e1b1e504d576f02e88ed8ac6530a17b6bffc9c5f33cd53cdab9961653f43d8d269c432bcb6770f4661167d92","ssdeep":"384:rQFrJ6nhZqrfjl48LZRk759cCDwug1YcNXyHl+KRkCWa1cmsclF2ArsfZYyy//Jd:cFJ6nin+8259ccwug1twHkQlsclxsBsd","tlshash":"eca2f13afec022989988279e4303f3e66fe457a238c95b01c3f10516f99c9008c7693e","first_seen":"2025-09-16T02:09:07.420373Z","last_seen":"2026-05-11T00:18:41.300759Z","times_seen":13,"resource_available":false,"data":null}},"time_used":2915,"timings":{"blocked":1442,"dns":0,"connect":0,"send":0,"wait":1078,"receive":395,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/62a76b17777f4c6eb3ec5186b1ac2993?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/62a76b17777f4c6eb3ec5186b1ac2993?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 15571\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 4094\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"62a76b17777f4c6eb3ec5186b1ac2993\"; filename*=utf-8''62a76b17777f4c6eb3ec5186b1ac2993\r\ncontent-md5: 6CKcLLHbdQh/4qxw7AtT3w==\r\ncontent-transfer-encoding: binary\r\netag: \"Fh1vyRjkPHOtfgt8o9TmsJqijhgB\"\r\nlast-modified: Tue, 05 May 2026 09:01:27 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: PctlREzun\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: hVAAAAB1CiHuVq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15571,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"e8229c2cb1db75087fe2ac70ec0b53df","sha1":"1d6fc918e43c73ad7e0b7ca3d4e6b09aa28e1801","sha256":"36162633f35af4a106eccc99e436569422082fb72eeab847c28b1c9d1c8ea475","sha512":"f29c69d06c939bc6c56f4a3ce005efcfb4ab2186e78003477a4edc71889f19a9c25a96082b047eced0324e625054012f8746d5b4ee163a7ddf81fb23d5fb91a8","ssdeep":"384:QIzCY4CAoxHzm7C8ivFVFr+aoIpiI90lyML/V04SZa9OY/kd:QiCYpLCG8mrMMn90lyMLtxS0P0","tlshash":"0362d1629b26f6899a29f7bd7831c1f3ac2e92c8457c2e0f52443737061b4ca63d04f5","first_seen":"2025-02-24T02:30:01.481351Z","last_seen":"2026-05-17T03:24:29.998657Z","times_seen":90,"resource_available":false,"data":null}},"time_used":2937,"timings":{"blocked":1438,"dns":0,"connect":0,"send":0,"wait":1078,"receive":421,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/31098.1777369843125.4108b3dd.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/31098.1777369843125.4108b3dd.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-561e2\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458574=sSR3u4pqOLMT80gJ06VEG2dxEqnS8HIfeEHxsy4pHq/5aSCVUTSik4+v6aVHviY3K/n1pmvNIBrxj55+zks33rLnxAWfZPvSwljdnBfySeja6H3HDhcLgfxxw/8QnQD8tu0I9UFspsvkA0OhOrp0ii0pD90G1++W8mbD0ggSXRhBBlSUe2UZuUrg7KqgiUo/\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643c05d5cb\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":352738,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65338), with no line terminators","md5":"31b93b7d8dfa0ca7f3f8477f00d0366b","sha1":"734c41538b3d1db2c12b2472b43ed1e86c79251d","sha256":"30c9d4b0f76502c14b849d636bb84d74c4e5caae97b1d650febe724d0f5cf2da","sha512":"dc141065235c7f28f7e4caed203c4d4cbf749bf1c651567bad15cd8225fd297099b4330a2b3d5d810e3a07af90a7e013ed13bd03a45d5018b9d8be708da4b872","ssdeep":"1536:d+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:AKK5sY4brG7O3SnLJNpL","tlshash":"d174b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec56c446aaf8865e92857245c4da","first_seen":"2026-04-29T03:41:13.322286Z","last_seen":"2026-06-06T14:55:48.640871Z","times_seen":306,"resource_available":true,"data":null}},"time_used":1463,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1463,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/cb99d59d2ad742ec94e26c8864fe0574?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/cb99d59d2ad742ec94e26c8864fe0574?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 12632\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3668\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"cb99d59d2ad742ec94e26c8864fe0574\"; filename*=utf-8''cb99d59d2ad742ec94e26c8864fe0574\r\ncontent-md5: 4qECoQkUQPBsfNXkoo21AA==\r\ncontent-transfer-encoding: binary\r\netag: \"FpfoM7t_mxr6C4hEyd9ErL9gnlgo\"\r\nlast-modified: Mon, 04 May 2026 21:14:58 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: Y5pHHsuSJ\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: BH4AAAC-iz5RV64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12632,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"e2a102a1091440f06c7cd5e4a28db500","sha1":"97e833bb7f9b1afa0b8844c9df44acbf609e5828","sha256":"eb2b707532ee4da8c3191fab5607a31416dcf269cd5c1085ec2bad94a5f6adcf","sha512":"837150b6db773d94ab9e9bb8b628ddf787beec97505802912ab0c044c858139aded721c493dd5f0944976ded6267f9ca299ed60638f85924a42b64e7097957be","ssdeep":"384:HiLUMZubdFkTasF0OubXIE0+RGglS6WMsWr8:HiNsbdFkhqEFfglS6WM/g","tlshash":"1f42c0b5364ec48fac7abb8e5a5b5460cf2d85460523123abc9c158d63db93c0a7b9c4","first_seen":"2025-03-16T19:56:39.363859Z","last_seen":"2026-06-01T23:48:52.302219Z","times_seen":18,"resource_available":false,"data":null}},"time_used":2915,"timings":{"blocked":1441,"dns":0,"connect":0,"send":0,"wait":1078,"receive":396,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 77072\r\netag: \"81934df1c48f153ec91149ba3c3beb37\"\r\nlast-modified: Sat, 06 Dec 2025 06:20:21 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RvUoJ7W1y8ewo1w3j16wwqoofHnaHeg5L4BR9%2BoW43GKqr7bP%2BcWlnvRVenbCM069Bw0hNrPLyo5wN6aoWRgLjrotbVI4r5Vit8dZkpggQ%2FCkOvuoBRKBpQUUa0pCNhYWMx2K3arbrwUHcp6kBvsETw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9305dba08f5-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5d7\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77072,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"81934df1c48f153ec91149ba3c3beb37","sha1":"263dec3db6f316ad859fae46f18adc5cbb9e5c61","sha256":"9393129dc2d2eb90aa6b0e3cae170e77eccc785d4fca575804e1d25a2bee1383","sha512":"9d322a35877bc71c33fad174b47d6377f214fba0f11bc6a6180c5032765a9f4332354a4e6192a33049ab7a20a79ef58804de08d54098f64d8511c08b50e2b6ca","ssdeep":"1536:vow5Jv2vmGSpZk1IdIwZojJkcFgxPAifiE3TcBUPpCoS+LsAEZhO96:vowCOGYZk1w7q+PaE3T8uS+Lr2hO96","tlshash":"a573127b5c2c0bb32fc676c6e2e9b5c82cc817b1478556cf5b7958af95a4311232c02a","first_seen":"2026-04-24T23:10:16.861629Z","last_seen":"2026-06-06T14:55:48.61944Z","times_seen":271,"resource_available":false,"data":null}},"time_used":1302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1299,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 47302\r\netag: \"69bae2574526d5faae2cab421295d6fb\"\r\nlast-modified: Sat, 06 Dec 2025 06:22:22 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zu2Rq60dmN4bExit2L0trG89m3rRAIN2itTaq3tUaHa0ScWJU6ECYffC5GiMbQbT%2BYz1TzaagZJUb4526QFYvbTjj0Xq9YcyOHEZuvyW95mp4aeMOzWO%2FQk0jsXP%2F7nLVX7Eim0nXYOd7%2Bi%2BhaavXZc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9306a1008ed-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e7\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47302,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"69bae2574526d5faae2cab421295d6fb","sha1":"9fbb080feb70d0129b259ee1836a307e2f43a7a7","sha256":"24dc34c37f47f8b318cd186472dfb0aba29bc601bb589497d9131322abf3f12f","sha512":"b6b43f6f2a27bf41323dab6e956cf9e581be28a51078e3ec6568b79a145135dba1644d3e3b8e0a5bb8e7c8fdc132ea34c5002e2c81fa15a9e29e581767b9ad00","ssdeep":"768:3ZnM3sRPLsymAdeJz26xNEyuGpVt/5NS6xUdP8Hx3JZa1pASN7ZWjcTH:JnusBypuGLZnStl8HcjASN7ZW","tlshash":"6223f2c4856c2f711255d3f8ffa06b48c6783940bff8afb69f360a65186d2d2c90a44e","first_seen":"2026-04-24T23:10:16.805393Z","last_seen":"2026-06-06T14:55:48.694046Z","times_seen":263,"resource_available":false,"data":null}},"time_used":1577,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1565,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/766c2c3252bb4885bca6ddd53c3a4d6d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/766c2c3252bb4885bca6ddd53c3a4d6d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 16966\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 92751\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"766c2c3252bb4885bca6ddd53c3a4d6d\"; filename*=utf-8''766c2c3252bb4885bca6ddd53c3a4d6d\r\ncontent-md5: xSMolmNDcTJkLrkm49UcVg==\r\ncontent-transfer-encoding: binary\r\netag: \"FpShJjcI6FHr6cJDYJ48MiFt_oe5\"\r\nlast-modified: Mon, 04 May 2026 21:14:48 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: R1xx8TFhp\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: w-gAAACmbgNMBq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":16966,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"c523289663437132642eb926e3d51c56","sha1":"94a1263708e851ebe9c243609e3c32216dfe87b9","sha256":"aff0b91e8c316db0df3546c6c7ce84a929076a8c1df8971fa36750e59cdbb413","sha512":"0a82cca27a105472309f202c1a7b7c0ac9095355b834f35a81c8e71545ed68b7853091c65809fb3316362ba0135ddaca5e6c2fcbe738076bbc6b734f9dc32e80","ssdeep":"384:fKwc1JK+3T0pujE37nz3XfTCelEc+Ar+zl9uUQVFg:SwcTP3Y337TXLhlEc+D","tlshash":"9f72cf8cf5228dacd70618c4c5dd1e1f4e7d373a68aa2709e1a43424552caf572aee1e","first_seen":"2025-09-21T04:12:33.87118Z","last_seen":"2026-05-30T17:21:02.250802Z","times_seen":202,"resource_available":false,"data":null}},"time_used":4070,"timings":{"blocked":1526,"dns":0,"connect":253,"send":0,"wait":1264,"receive":344,"ssl":663},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9f021787ad7945c6b877da522d954348?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9f021787ad7945c6b877da522d954348?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 19440\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 90975\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"9f021787ad7945c6b877da522d954348\"; filename*=utf-8''9f021787ad7945c6b877da522d954348\r\ncontent-md5: bBWuKREnpZ+04YqiSh8B8A==\r\ncontent-transfer-encoding: binary\r\netag: \"FiH3hFCM7tYfY2XbBqzPILULcyCu\"\r\nlast-modified: Mon, 04 May 2026 21:14:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: gQumDj7de\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: o7wAAAAuqHfpB64Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19440,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"6c15ae291127a59fb4e18aa24a1f01f0","sha1":"21f784508ceed61f6365db06accf20b50b7320ae","sha256":"a6f47edc16f1ad7c4602695c3067e33dfc999c23c45968637db59ca5c16fd827","sha512":"7dba52e191f8e4abda9ce953efe30bbce707eb8608a68cbc154694973364fb1ed423b79607b0ac744b43bfa80cb1796e170f4e33e333cfd8e0e584a7b06d9424","ssdeep":"384:tlLSLWS9+2PDe1feVS2W27I3s7PGrU267ZLAmev6eGUh72j:tlLSSS9W1feparU267qpGa2j","tlshash":"4f92d18f2f3381cde14877983147ed3d9d5cb2e42311620fe8a3aaf6369645668921cd","first_seen":"2025-01-29T13:39:14.64461Z","last_seen":"2026-05-18T02:15:46.139768Z","times_seen":148,"resource_available":false,"data":null}},"time_used":2769,"timings":{"blocked":1464,"dns":0,"connect":0,"send":0,"wait":1077,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/css/index-399e2569.1777369843125.a7b0b4f4.css","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /css/index-399e2569.1777369843125.a7b0b4f4.css HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-faee\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14641ec2d58b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64238,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (64238), with no line terminators","md5":"1f30d2cd291b70a1848607e3460d9278","sha1":"e91e48518ec94fcaacf418789927f34d7527dc99","sha256":"8ce1851c7bd6e7db80ee5ee8da7a0c808f29756dda3c941bb3811dc3bd3e5afd","sha512":"3cf09b1afc740c4a219a45a233489d76587ec8bd80a57c52ab133f33fdffa8a3fe35a0a27e386270ebeaa9e86d156897e44733b8eb83ee6935fe67749c30cd0f","ssdeep":"768:E0ouVbMisnf7X8vtr9UL5srs7hAqpLe20TCKiNkZICSA2ohGyHukQ9aaV+TJtU+G:HoGws9isrQAqVe6KekWRlkQ9hf+Pe","tlshash":"c6538d3123e0286ee27b6b16ec51e659352b8602f127625af703362fc1d72f5c67b742","first_seen":"2026-03-20T12:57:26.768432Z","last_seen":"2026-06-06T14:55:48.633826Z","times_seen":479,"resource_available":false,"data":null}},"time_used":762,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":762,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e0a4ec88d6cb46fca168b5783e76c42b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e0a4ec88d6cb46fca168b5783e76c42b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 33849\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6050\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e0a4ec88d6cb46fca168b5783e76c42b\"; filename*=utf-8''e0a4ec88d6cb46fca168b5783e76c42b\r\ncontent-md5: lJBd3hTKBgKDjqNwaic8MQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FpRuVhCpd8E1MBOyhG9z0Eei_Hjn\"\r\nlast-modified: Mon, 04 May 2026 21:14:52 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: oYUAZFxf1\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 0nwAAACVzrUmVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33849,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 139 x 181, 8-bit/color RGBA, non-interlaced","md5":"94905dde14ca0602838ea3706a273c31","sha1":"946e5610a977c1353013b2846f73d047a2fc78e7","sha256":"e5db1a0b111e44db7c6376c1559c45ddf3344dcb21efdd207b91e99dfcecff10","sha512":"53d2eecb0f59505b3e8dde62d4d507c44c1e59bf7e2733278184ab3a44018e75f730beeb38ad6684fa2f76e45e04d607853cacd7e5c2b35efcf66913f8741115","ssdeep":"768:BoJ4KnwAIZB4FnwUKbWGZ26iuTy8OJVboh+98e2MPaz+Z:6YeF8SGQuG7boU98e/1Z","tlshash":"63e2f1c6afef796004a3d41398857d1b1353247a1e6cb1422c81ead9db33b8136ba54f","first_seen":"2025-01-29T13:39:14.852721Z","last_seen":"2026-05-11T00:18:41.079277Z","times_seen":9,"resource_available":false,"data":null}},"time_used":2716,"timings":{"blocked":1490,"dns":0,"connect":0,"send":0,"wait":1076,"receive":150,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/license.ea57c78d.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/license.ea57c78d.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-7b8\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643249d5bb\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1976,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 161 x 52, 4-bit colormap, non-interlaced","md5":"60a2c7c150b01809fbb7b97932684b5b","sha1":"67fc9647c452a17b519c6a51dc8c38daa23755f9","sha256":"c5ce31558a1f979ae78c7779d2f312b196750375541e9c147b73d6e44d47c276","sha512":"2328442fa1c74e47c6eff4adab55920c7e7738e7ae51bd2b222fb696bbcf8201a14805089a33baa80c28a40db47061048d817c384bd72735b2e0c0116ff63c6f","ssdeep":"","tlshash":"b3412a6266729beced1a8c47592c7df1d8338ca1a200e1c150ed761f1bf8e1060e7a94","first_seen":"2025-08-29T11:05:53.23289Z","last_seen":"2026-06-06T14:57:21.036422Z","times_seen":1517,"resource_available":false,"data":null}},"time_used":1160,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/api/sport/match/list?sportId=1\u0026client=web","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:13.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nx-request-source: https://j53g.vip\r\nXign: IvAg73YxQmj7z+xFgiIPOuGq1mDmWVjKt6B+UKn/cBY63mTy5FSV5QlotLOezfS1KK+sH2gUdyAMYR1ile4RWu2TCEZOYQCJzHORcov9Hq2eQQXNuOqg1+18ok/qTvj2niZ4yzujAD9pU1Ray6ZnGho/UzfBTQuHYzQw3Gplsr0=\r\ntimestamp: 1778458573098\r\nsign: 5o2k3r4t2m4u7r3t\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: GYFHCcMbxNW3RfhM5MtYBSec4R77GE2c\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:13 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458573=yZG5PBWS1Nh/AUtFas2SAT9K8KBYFT3tmDxPMxk6sKctgNimrcTw+Pdc6x0PCz+xIoCt4pcsMRGhlcm8cIvO1xhOSgrtaBiGnu8aKSiQifDVLsRzWfEkv6a28A3ceH4D91gsmRFvW4fHdGpadAb2H7+/9wy6HLvPlZ/T/j5l4uIvi+fAN2Yo4dKumFibEvjt\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e146439e0d5c6\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14048,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e04c8ccf667d09ae9c3551990c11d472","sha1":"0c8a50e6fad53a2f061b879f617481872f3b3c6d","sha256":"437a30e35014d58ee30b5738bdb1cfa24d58b176e2205f4fad340f8d88a8bc7b","sha512":"1976b0ef02688dde79d0f6dfab4e8b19847403d872abea23e848d641f43a17bc1d27644b852d1c6c4bc694b164ea3c47c83209ab930956e552d4d89043eb1fd1","ssdeep":"384:eYzGEurXzzru3rQ9r6K8URriXyrjh+tPUV0daHRhP2YVh2cH4K2wfKGubhBpgLan:eYzGEurXzzrQrQ9r6jyriXyrjh+tPUub","tlshash":"be52cc8681dd28961e9861e19d1d3f4d887eba5b4a9fb6c5ee0ecf1d20f43f79204c21","first_seen":"2026-05-11T00:16:59.197875Z","last_seen":"2026-05-11T00:18:41.125969Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1639,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/api/sport/match/player/match","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:16.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /api/sport/match/player/match HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nx-request-source: https://j53g.vip\r\nXign: XPX1K6YR7gTxf7K0B2dTN6JUdW+v4ACq4Wm+VUoOzvU/EBJPrpOUW96XP6hl9V5x68HPkyPwpK87bq+1GBHkx1fyYbwRcECfEyzejTp3GwiDtNpBSd+ZBh1aubPZDxvCyhq1AKyOQ1zz+rj6TqKwCUKtKr+yJTl7TPLuOXTGzEM=\r\ntimestamp: 1778458575864\r\nsign: 426c71m6m2d1b4m5\r\nversion: 5.6.12.0\r\nclient-type: web\r\ndevice-id: yJcptFCdmcZADMQCAxKHnE47zE2N8nzG\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ee0\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ad1b5cbc37e087c212a41eca07a863ae","sha1":"f990fb40077ca4c90bbde8ffb87c73e1c06fd931","sha256":"0fca88eefe8bb5f59242b88e2b8b179148a088b4cde3499e1c56fef8c84c309a","sha512":"fe056eef22791a958cc37f63c1cc4b3f35bd990c34d1d321f34504b7b99769b571fe46cf18ede31f7ca0e564baf63aaca9d4f3601395bd7a3ce424e50a2aaf87","ssdeep":"","tlshash":"56a002473a282ea49bc31066b50e7a5500a421749a55f469cc8e623dc755453b546531","first_seen":"2024-05-26T00:49:06Z","last_seen":"2026-06-06T14:55:48.705633Z","times_seen":1623,"resource_available":false,"data":null}},"time_used":4011,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2160,"wait":1224,"receive":-1,"ssl":627},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1f43b86aed074c479c8cbd9470eaf76c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1f43b86aed074c479c8cbd9470eaf76c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 56603\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6035\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1f43b86aed074c479c8cbd9470eaf76c\"; filename*=utf-8''1f43b86aed074c479c8cbd9470eaf76c\r\ncontent-md5: Dta002cv7TB6Z+6W0AFMHg==\r\ncontent-transfer-encoding: binary\r\netag: \"Fjq1KyTfbURrf4XXkcP1HUwBmKw2\"\r\nlast-modified: Tue, 05 May 2026 03:01:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: jtrjXamz3\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: t5UAAADXkUgqVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":56603,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 239 x 227, 8-bit/color RGBA, non-interlaced","md5":"0ed6b4d3672fed307a67ee96d0014c1e","sha1":"3ab52b24df6d446b7f85d791c3f51d4c0198ac36","sha256":"af780a03b53f43a2da9c0515ebc0a386d9cce308837b194b1c022532c1a8b607","sha512":"6b6f937c0f72a9d2268e3b447ead468045552776af0c48928d087191f12bb4947db7ff23c7307a169cbb4c82c9cf538f727e8e02f72d9cf0dabfd5fc989d7285","ssdeep":"1536:U5jQ6Kq7mBqmhAHZKHBAU3qVO9rsO56mbjWH:Ra7mC4J6UZx6mbju","tlshash":"db4302e0ece6b1fddeac8036a7c86c049ff2adfc15865086074aba71b357906c574647","first_seen":"2025-10-08T22:50:30.74098Z","last_seen":"2026-05-31T15:09:55.506809Z","times_seen":26,"resource_available":false,"data":null}},"time_used":2637,"timings":{"blocked":1497,"dns":0,"connect":0,"send":0,"wait":972,"receive":168,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202503/_webp_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 72698\r\netag: \"8173a97e42cbe83253f569868015813a\"\r\nlast-modified: Sat, 06 Dec 2025 06:22:44 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OwzECS3fg70%2BvlEAAsl7RG5QN8%2BGHDnbQmIMtvt%2FtLyHLbizvIRns0rgF1AV%2BU8VHfPF1LezIek0j97shoEhFzZVrtwucCnyqc3d6NOxHKiJ%2Bg0SixpWTHoDJZBgZ%2FGGDKPfVxLlcUpzfoL4%2BSny3s8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65096\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c931de3ae2f2-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e1464433ad5e8\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72698,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8173a97e42cbe83253f569868015813a","sha1":"42ea560648d24b5b2f7a2707de2db0bdebc8f41e","sha256":"b6bf9777cb024d6afd79cdfab403bf54676a54ea6065abf0e8d02344a42bf8fd","sha512":"619c7b0a75af0e07e0929b087fda0183eae617910500da47727ff8b6d29e6dc98846c2e19a1fbe6d042c648c32aa24db9e0cd047a55f7256ca565e66376edaa8","ssdeep":"1536:ZYxIgPfY+3lbLKrfSQK0ds+ePjygtx4Ifql:Z0vfY+3lKrq4ds+QJtx2l","tlshash":"3663020b5a1dc95a0ae20441673a5bdeecc72324e27535c5a075fcbffad3f75414281a","first_seen":"2026-04-24T23:10:16.700652Z","last_seen":"2026-06-06T14:55:48.707407Z","times_seen":253,"resource_available":false,"data":null}},"time_used":1591,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1575,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 81300\r\netag: \"4a30c16256a637de0e38e326aa6cdf0c\"\r\nlast-modified: Wed, 10 Dec 2025 11:51:47 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cpUljJEEqQs3Cmjh4bMm3Kzs6YgRpFBPySQDCaa%2FjeWIeX9v9B%2BFXdsHSvxqsyKqliliB0j4oH2S0YNMXDQXv70aDciU2qFqLXdhoPcYZgQZi0qvwhRD%2BN%2B3694qPjTn%2BtUbChg958LgQnOH4A2jHes%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 62621\r\ncf-cache-status: HIT\r\ncf-ray: 9f9705b0e8658579-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed9\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81300,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4a30c16256a637de0e38e326aa6cdf0c","sha1":"083a8e24d12a329c41bc5271ff2ee57570a6ff1d","sha256":"2e9e6d8b511c612cae6e20caa233846b723fe3f3c899d19eb8389073f0ca8047","sha512":"2cc3551a276966a3615edbf590ce22d06779e40c371e54737fdd0033faf900483fe32a33fcc86327fc2e3098e5ee02a88d6e7c60552a4ebdeac5ed66a47f007f","ssdeep":"1536:rHYJZl7vtdLMbrX1zS7hmZHerpnyjI79AYRU6kzu0MRsIelVbd:rkf1dLMvl6MZ+9nyjIinjuxcbd","tlshash":"7b83f1603172ed83bd9eb46081883156f984d84473298ff72a779fbd93128e9973970e","first_seen":"2026-04-24T23:10:16.828064Z","last_seen":"2026-06-06T14:55:48.608149Z","times_seen":249,"resource_available":false,"data":null}},"time_used":4602,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2480,"wait":1206,"receive":916,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/fa974d81b93d4c93b637b92b0db8d0c3?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/fa974d81b93d4c93b637b92b0db8d0c3?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 74708\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 6170\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"fa974d81b93d4c93b637b92b0db8d0c3\"; filename*=utf-8''fa974d81b93d4c93b637b92b0db8d0c3\r\ncontent-md5: JmRGO9UgrKJxrRnasl2mFQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fpc7SpmrUXmA18l2fNfANDl6ewTQ\"\r\nlast-modified: Mon, 04 May 2026 21:14:49 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: oeBzjJLkl\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: PNMAAAByx9AKVa4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74708,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 211 x 210, 8-bit/color RGBA, non-interlaced","md5":"2664463bd520aca271ad19dab25da615","sha1":"973b4a99ab517980d7c9767cd7c034397a7b04d0","sha256":"100c5c9f9cefeeb4e25ab54fe5ef369873d916db09276a5696b11305475d11c1","sha512":"a088ec44e0e190bf4921fded9e58ff3b465bd600f56684f1632a1ef1928ba566586df27afbb0a352c2edc174317e0609f266793ffd5ffcf3386f00b8727b788d","ssdeep":"1536:WHa7ce5qRSny0Hb8vrDRptWScsIVOv3xHlhk+Wn9PoP9+yJ:Wi5qony0Hb8XMSc7Ov3xFhk9toPt","tlshash":"8e73024912fb8794d2e38c92406a7ad80ea7dc4e3987cc60141787d0b9b7252db9f76a","first_seen":"2025-02-24T02:30:01.508103Z","last_seen":"2026-05-30T17:21:02.083014Z","times_seen":22,"resource_available":false,"data":null}},"time_used":3337,"timings":{"blocked":1486,"dns":0,"connect":0,"send":0,"wait":1076,"receive":775,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6b0629209a774f7699215fdac98997f8?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6b0629209a774f7699215fdac98997f8?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 11 May 2026 00:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 12378\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 4094\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6b0629209a774f7699215fdac98997f8\"; filename*=utf-8''6b0629209a774f7699215fdac98997f8\r\ncontent-md5: HYzadmtMUTMyo/IIy3WYdQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FjeCS4qB0VKkjambdUZLzm2BpUwF\"\r\nlast-modified: Tue, 05 May 2026 09:01:27 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: fyXNM6hNV\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: pFoAAAC75yDuVq4Y\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":12378,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"1d8cda766b4c513332a3f208cb759875","sha1":"37824b8a81d152a48da99b75464bce6d81a54c05","sha256":"ce5ded80adb9220045274e1d5d2faddcc0288d9f660e7335c17259e69ad2eadb","sha512":"dfaad472bce688cf157f1bef8b1fa759efe4e5ef5e790836f3652a5dbffdb026eab782d63156f2ff191dec0d3a38ef1c1aad2620d5a7c3d27c2c44ef956cb8b1","ssdeep":"384:Fbp0RWFQlKegaM6i2z/eBFwUDfBst5hFCcnu:u+aM0z/I92FCKu","tlshash":"1d42cfb54d1801b440f554bbf7ea2bc3f1606879f54f8c06892b3156e8d8da4c55e21e","first_seen":"2025-03-28T02:30:49.103214Z","last_seen":"2026-05-11T00:18:41.129724Z","times_seen":44,"resource_available":false,"data":null}},"time_used":2933,"timings":{"blocked":1439,"dns":0,"connect":0,"send":0,"wait":1078,"receive":416,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 120978\r\netag: \"1af718e662844a31716cc9bf3248f8e4\"\r\nlast-modified: Wed, 10 Dec 2025 11:52:31 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iptN4y5T0XyyJ5UCDmChtY5KsWkF%2FxLQAxFPcJ6vFvvs9xOI5x0HkyAkjOlgmWI%2BSYiSCquUWPLXUHfH03%2BK2HqIxUFm2tpdKOr6wircgDvtiwoC%2FzHhE%2BXeGP43NtzzL2Z3StvKnfRbCH%2BaYGROTC4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65099\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c9306d5290e4-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13edf\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":120978,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1af718e662844a31716cc9bf3248f8e4","sha1":"e54b87093f05f4d0c5d96fbc689f0ed37ffcbcaa","sha256":"670ccce96c9f21fc7364791b4870e1915788e14fb105a16cae131cae271279b4","sha512":"93a7b9e3a5b4438343a8f1abe967cf1b3d21a347b42526dd8604da5f9c953c14ad2dc83bcd7e3f340a9b3b90b9a4c98f90ec88c689875b8e2b0536f0b9ca7975","ssdeep":"3072:nO0/MDrjGP/ngyzlMkxT730AhwPBv78vHWJ8AxCsDozmmeYj:JgrA/nnKBrpvovHWLxCqImE","tlshash":"a0c312ee7ec309b8e112676d12dd07968e16e06f482b0d959e2f40392b02716ef7dc5d","first_seen":"2026-04-24T23:10:16.785822Z","last_seen":"2026-06-06T14:55:48.609821Z","times_seen":248,"resource_available":false,"data":null}},"time_used":4613,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2488,"wait":1207,"receive":918,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/gpmaster/_webp_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 11120\r\netag: \"c2103cd78445d5d98b8a8a38dee95854\"\r\nlast-modified: Tue, 02 Dec 2025 14:12:18 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YVzLrNkwd9gWERneXdTts%2BqxQSnOpr14V4glYCtKOpffUEDoEp3iWp%2FEkiN29R5vWk4%2BjjEiICMdGmALcP5dCPORXuYlQslV9UIiPbIba24dqHYzp2mUyEG43XZADwuvMQPhYEL5%2BWm%2FaBHoHyZvyAg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 65088\r\ncf-cache-status: HIT\r\ncf-ray: 9f96c97569f8219a-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644db13ed2\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11120,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c2103cd78445d5d98b8a8a38dee95854","sha1":"77e8b55343bf4092e6a298d564b828b7167d73a7","sha256":"23f7d437c49f455c0bbe3d040982bd6cf8d25411106c3eaa156cc3e4760c3c1b","sha512":"c1f7b1f8f0187dd22795297f21febc867932be6f47b9d033e4df6dbe5f456cf4f7b97d88fff1320945d581b13e4e23cd66330b4432f6f506e504b9dcc01776fa","ssdeep":"192:UFGWMz7rqmua13y84zY36YC0JwSCH2XOc1wK3/RZ/dHGKFdVr5suOWQgcSQBO4mZ:Qmus3ytKC236rKJr53IW4mZ","tlshash":"1f32afcec9dc3b159c35837d36252988ea4909130b3762d2752a64c646eee8a3196bb3","first_seen":"2026-04-24T23:10:16.81812Z","last_seen":"2026-06-06T14:55:48.634414Z","times_seen":252,"resource_available":false,"data":null}},"time_used":4272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":2459,"wait":1205,"receive":608,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/img/home-bg.1e09954b.png","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /img/home-bg.1e09954b.png HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://j53g.vip/css/home.1777369843125.0fc9d8d4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-fae\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458578=tLgvFt1z8jFzQRhncWi/oy30Kp+gtc4vvTtSMAfT8iqKPE5I5/glwJsrgUgibV8Oq1T89RvQ5+BjRR93cSDrQF0xIVi0SgUykK+LzgLRn6wOi3thzVjM+/l6t7xyYOrgTgWFPHdNyt2ozAMvtRp/SCvuZJUo80Qf0cWnpW9yyUPaAlAcuUcGn2gPEYjfmiLM\r\nage: 63103\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d62719e14644c873ec3\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4014,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 278 x 80, 8-bit colormap, non-interlaced","md5":"ed0eb6c81f949885511fbbe4d666a2f0","sha1":"d74fb98c3b01727753bb182eb5ee5d6eedf3da4a","sha256":"7fecf4ed61ab1535aafe2800474ac643b49264b83f54fc1da596d7334868ae75","sha512":"dd2f749e24e6b35f80fa77856c9c8b1cb1e0cacb9250b947403283e152d8bb9e7bf539df00ca6743d4162aeac014e47ce82191b62847fabe6cbb5693b4cd7fec","ssdeep":"","tlshash":"1a816c7eb31a4997296ff194138b387d74b0709d0b546934388a9c31a4791fcf39e526","first_seen":"2025-08-29T11:05:53.155399Z","last_seen":"2026-06-06T14:55:48.609227Z","times_seen":1513,"resource_available":false,"data":null}},"time_used":2586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":1979,"wait":607,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/js/22872.1777369843125.dbee35b5.js","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:06.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /js/22872.1777369843125.dbee35b5.js HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-269c0\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458566=FqGJY1k532ChI3k/oD3fAPu6welwhIu8DWp/+cspT1GcUUpTmB/CbvnsRZyjPj2aiYFgyVINMimnAQxCGmunPV7HrBnl5I66SKGBUhBMNOupLH+Ieb7JgzvsjQiNUMQlYyHtVgUDXPC32Ilfol0qLT9S49ttbW0wOJJh7mmM/CZ5mV7dhTTCjy2dkdzl8QTW\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14642012d594\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158144,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e916996ddfb5f1c6e2f6cbf5a87b5565","sha1":"7b3812a3cf8758cd6ce5a442d899048e27d1790b","sha256":"a50d9c1f28c0948f0d468428aec46c5d300a84fb71ce27e6790ca8e0f40a955a","sha512":"c5fe69584b305477ce1b4bb12d6a9b4ce2c73ddeb07c133f14d7ec7782b743769b4f48824f326be1ea00c53835dda635e0011b055c6af3ad0876a0344d6be794","ssdeep":"3072:PHW7tB4Vgj5tNlxyUYwOW1YegxYffj7TEOiG1Zl+DJVkzEcx1nKs:PHW7tBwgttXxyUYwOW5ffjAG1T+DJVkV","tlshash":"76f30bd4f2c070f6475f85f2a2275065b26f4d92318c98b0e15ba6547f21b48c7abeec","first_seen":"2026-04-29T03:41:13.30041Z","last_seen":"2026-06-06T14:55:48.679574Z","times_seen":352,"resource_available":true,"data":null}},"time_used":1738,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1738,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/css/7653.1777369843125.0ab0fca2.css","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:10.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /css/7653.1777369843125.0ab0fca2.css HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 28 Apr 2026 09:55:48 GMT\r\netag: W/\"69f08424-1439\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643069d5a1\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5177,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5177), with no line terminators","md5":"a0ef4268641ef0b005737ce8cc0c4b44","sha1":"9bb50b9000a419e7a701392b0d7d6c992cf585bb","sha256":"f64c7a7e6ecd620d1c7f8cc67e1eda83a0a115a8d86f3954efdaba3c09d62e66","sha512":"07605ebd7e16aef28f0ad5ed406f29ea9b77e8ba6b2079c810aacf8faf0b4a8d18d4f7775c62860cbf6d4379729a60076103a4daa833c860ddebeee3793ccbe2","ssdeep":"48:ZSPkOO2s2L5Pukasq+nArLkrL4QuQKhUjUkM5P6CdRDRWURcWaTHR/:iOvyP2r4rEDFP61LR/","tlshash":"d1b1412f01703349641bad6807dc67098325d8b399eb37da259d2a0dcbc3f861eb718b","first_seen":"2025-06-26T16:31:28.933081Z","last_seen":"2026-06-06T14:57:21.028573Z","times_seen":2536,"resource_available":false,"data":null}},"time_used":1652,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1652,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/kc523-1/sponsor/sponsor_nav_web_1.png?1777369782162","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:11.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_1.png?1777369782162 HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:11 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 24 Aug 2025 06:03:49 GMT\r\netag: W/\"68aaab45-1e8d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1778458571=IJUX2BSbr3N9k9h7ERQ9sk+yE5ueDLHUVKXOGekTGKZEsYTafGeJ/PvixdfJYaVC4M71GDidygH+mJKfPwBfsfZFcXejV+sSSl68inB1dhxmmorKLKOJVzdZO6bGaRHBSe5YrXijUj4NktOYcH/YEDoUIHUEdP1RxSlxza+9KsihT63YVeP+A0aGhiHSPm6I\r\nage: 65102\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14643239d5af\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"0eb441aa3c30cc3c92da984283938f90","sha1":"74a769808afa9b87ea483a82d47958bf05ab9b87","sha256":"146f45de163728bb850c9a8e6c1693dd4c82caf7b6e1f58728395003b84f286c","sha512":"d1c9c8824c4f42f71db8ce2b62955647aa55bb590305765cd931000d0fc6023f7d57cd3daf6992094365ca6ecb42f02f93d606d79f6643a2f89d52f71200461e","ssdeep":"192:AnUYZGCj89cpWsWKE+hAqF7k4Pk7KJw7OjF57HUNuvs7alaUd:AFEijWKE+hHF7kt7857HU/eRd","tlshash":"20f19f3eececd52cd1a745f68caf47a6142c5031ee9d7929b82fdc728649a409d403c5","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.976955Z","times_seen":1563,"resource_available":false,"data":null}},"time_used":1165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j53g.vip/jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg","fqdn":"j53g.vip","domain":"j53g.vip","tld":"vip"},"ip":{"addr":"154.39.104.140","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j53g.vip/","date":"2026-05-11T00:16:15.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"j53g.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 09 May 2026 04:18:02 GMT","end":"Fri, 07 Aug 2026 04:18:01 GMT"},"fingerprint":{"sha1":"9A:B6:9F:54:A1:C5:AE:15:3A:AE:77:49:7D:EF:47:65:07:BB:EB:55","sha256":"10:B5:CD:92:BF:8A:8C:32:E5:A6:F9:F5:54:00:8A:AF:37:81:2C:CD:B6:56:69:73:AD:67:0E:90:CB:F3:24:AD"}}},"request":{"raw":"GET /jumpto/img/https://rcf-img-hk.gasdg646fs224cn.com/202508/_webp_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg HTTP/1.1\r\nHost: j53g.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://j53g.vip/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 11 May 2026 00:16:15 GMT\r\ncontent-type: image/webp\r\ncontent-length: 35652\r\netag: \"460db28ebf94215162fde2f45aa09227\"\r\nlast-modified: Wed, 10 Dec 2025 10:48:14 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=usA84N0iNrBBCWs1B8Da1M7XlNeEA6QPhC71HMv6oucFtbofIzzVGmw%2FPsz8eL2h9kLsawFB4pwbreY94zbKMqmXnbITdcBbEt7rKrBU%2FPjCVIKr3YAAnKm9P5J7zUpyC%2BC3hHo1zxe2EmNMNAem%2F0Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 50201\r\ncf-cache-status: HIT\r\ncf-ray: 9f9cfe70dc15a67c-HKG\r\ncache-control: public, max-age=2592000, immutable, public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1778458575=yEPg8bP1KWw0XVpSd4f8vx5xJb0z3i8hpaiOkJQmnr2vDF7JAvg6poyn3HPLIFq4/KlDBAu0ZczRUTmD90nGmK5/y1TELs3xF8xwV/JUl7RA9CyGzRlw4SO3x8wtH4OZQXg3+pFsbRMLqXJ7vDAZPKOTnZxRhS3Vi1BJbs4wbHzCwh1a3Qe7D7JwbHLDYgHq\r\nl-via: l1=CJR9oEa4UnlD0OBR\r\nl-version: 1778303795\r\nl-request-id: d61a19e14644204d5ce\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35652,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1884x434, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"460db28ebf94215162fde2f45aa09227","sha1":"0225f7e91dc41547efad18932766b6c015ad8067","sha256":"6f2bb6b02eec8a75b36f50f9a85e80a7153785bb31d41c7204bfd276c6407fcc","sha512":"e95968ce697aedd21f9c2bca132aeb5704265c25d540eda3e4d08832b3d0d0e71e454d137ed5de531807499279ab56121b0a5975f340670b2ece902d60fbcc0d","ssdeep":"768:tNbBFG8Mzu+7ftXGrZ98VqOhCHza3+conChKku0aOwq9J9r7Z1I:bDG8MZh2rZQqYNUkWOR9J5jI","tlshash":"44f2e18ec1c932eee97bc29101be2be0ff89966bf15857662dd2c0c98e51311848fc5d","first_seen":"2026-04-24T23:10:16.885462Z","last_seen":"2026-06-06T14:55:48.684994Z","times_seen":264,"resource_available":false,"data":null}},"time_used":1428,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1183,"receive":245,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-10","alert":"Phishing Block","trigger":"j53g.vip","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-10","alert":"Sinkholed","trigger":"j53g.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}