{"report_id":"8dbdb5bf-6d50-40db-ae7b-29ab53c7f1c6","version":6,"status":"done","tags":[],"date":"2026-04-22T11:07:53Z","url":{"schema":"http","addr":"h37s.xyz/","fqdn":"h37s.xyz","domain":"h37s.xyz","tld":"xyz"},"ip":{"addr":"122.114.10.205","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"title":"welcome-BET365","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"h37s.xyz/","fqdn":"h37s.xyz","domain":"h37s.xyz","tld":"xyz"},"ip":{"addr":"122.114.10.205","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T11:07:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-22T11:07:12Z","timestamp":1776856032,"ip_dst":{"addr":"Client IP","port":46368,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-04-22T11:07:12.820065+0000\",\"flow_id\":867294219662505,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.39.104.128\",\"src_port\":443,\"dest_ip\":\"172.18.0.18\",\"dest_port\":46368,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=b260f.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:25:D3:C9:00:4A:83:20:0E:DB:B8:B1:F1:34:DE:13:F4:08\",\"fingerprint\":\"be:16:f4:2f:68:fb:f1:93:a5:be:89:7e:f2:51:2f:56:8a:25:85:13\",\"sni\":\"h112g.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-15T06:26:57\",\"notafter\":\"2026-07-14T06:26:56\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3929,\"start\":\"2026-04-22T11:07:12.193705+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-22T11:07:17Z","timestamp":1776856037,"ip_dst":{"addr":"Client IP","port":46378,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)","source":"{\"timestamp\":\"2026-04-22T11:07:17.734400+0000\",\"flow_id\":220424900532334,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.39.104.128\",\"src_port\":443,\"dest_ip\":\"172.18.0.18\",\"dest_port\":46378,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2025194,\"rev\":3,\"signature\":\"ET HUNTING Observed Let's Encrypt Certificate for Suspicious TLD (.xyz)\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2018_01_09\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_16\"]}},\"tls\":{\"subject\":\"CN=b260f.xyz\",\"issuerdn\":\"C=US, O=Let's Encrypt, CN=R13\",\"serial\":\"06:25:D3:C9:00:4A:83:20:0E:DB:B8:B1:F1:34:DE:13:F4:08\",\"fingerprint\":\"be:16:f4:2f:68:fb:f1:93:a5:be:89:7e:f2:51:2f:56:8a:25:85:13\",\"sni\":\"h112g.xyz\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-04-15T06:26:57\",\"notafter\":\"2026-07-14T06:26:56\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3929,\"start\":\"2026-04-22T11:07:17.088174+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"img.esportsdata.cc","ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-06-01","domain_rank":0,"first_seen":"2023-07-06T16:47:53Z","last_seen":"2026-04-21T23:15:56.5297Z","alert_count":8,"request_count":4,"received_data":25485,"sent_data":1904,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rcf-img-hk.gasdg646fs224cn.com","ip":{"addr":"172.67.190.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-09-06","domain_rank":0,"first_seen":"2025-12-21T10:04:01.269891Z","last_seen":"2026-04-21T23:15:56.568675Z","alert_count":0,"request_count":1,"received_data":49341,"sent_data":501,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"h37s.xyz","ip":{"addr":"122.114.10.205","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2025-08-05","domain_rank":0,"first_seen":"2026-01-30T13:50:23.782427Z","last_seen":"2026-01-30T13:50:23.782427Z","alert_count":0,"request_count":2,"received_data":555,"sent_data":870,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ssl.hw301.xyz","ip":{"addr":"23.224.132.157","port":8900,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2026-04-19","domain_rank":0,"first_seen":"2026-04-22T11:08:02.807624Z","last_seen":"2026-04-22T11:08:02.807625Z","alert_count":0,"request_count":1,"received_data":24459,"sent_data":537,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"h112g.xyz","ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-04-14","domain_rank":0,"first_seen":"2026-04-22T11:08:02.810568Z","last_seen":"2026-04-22T11:08:02.810568Z","alert_count":264,"request_count":132,"received_data":8771519,"sent_data":62562,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"photo.365live88.com","ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2022-08-16","domain_rank":0,"first_seen":"2025-11-02T03:06:46.95373Z","last_seen":"2026-04-16T09:23:14.763947Z","alert_count":0,"request_count":70,"received_data":3675139,"sent_data":33530,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"rtt-img-cn.jcjyftf.com","ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2024-08-30","domain_rank":0,"first_seen":"2026-04-19T23:11:36.079771Z","last_seen":"2026-04-19T23:11:36.079771Z","alert_count":0,"request_count":52,"received_data":4395771,"sent_data":26064,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8b733e809fcd514bdf9414ce77e3f5bb","sha1":"53f38e306721e3a00f340b966ac3f7642bebb57e","sha256":"a05c0b1be0d5a6858cd22804367a5d3a2d23e45de4cc9cfea2abd9fc65766b49","sha512":"07dc77674e4408902b7243c9036e85dc45bfa8ccdf839bd0f9aebf8f38209bb773c5c58733083e52f79fc22fb034dd03664c97f2c84d68646a138ab52bdaa6bd","ssdeep":"","tlshash":"0ec022a60b287f14110310230374f3ac5431c029bc15f202321f42018f50b0d0830a80","size":190,"data":"","first_seen":"2026-02-15T23:20:06.598758Z","last_seen":"2026-04-22T11:08:21.050335Z","times_seen":214,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/config/telegram.js?t=1776856033259","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","size":116886,"data":"","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-04-22T11:08:20.896093Z","times_seen":680,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/45540.1774008371298.8e1e0acf.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"73d56072f100d7a4dba1d3ec60adce59","sha1":"95ced37acd8a0af20cc5fbb00d9029c7b9f5c614","sha256":"f389d3067701de55bbcab812cc14e3a7d748e907d013f5a8255083828c1a4545","sha512":"09ca2a99bd7ebd8007d607c7d0013477bc75221494621d2f049b4aba25edcbb6f11fffe45923da65cf5e26f60044e50d0cc60042c76cc7caa6e88d10787f945b","ssdeep":"6144:RYD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:RYD4wFsYiSAKNH3TY5","tlshash":"8c24f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","size":229344,"data":"","first_seen":"2026-03-20T12:57:26.643076Z","last_seen":"2026-04-22T11:08:21.051985Z","times_seen":102,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/13575.1774008371298.cda1d494.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9de10d20d4ed770b75dd9f421eb52bff","sha1":"5926e3803a70e5777431792f8eecffb397befd45","sha256":"ed2e831a13c3e0119a06da00c996b1aaa4a03a3c4d84516b9f8bb7ec5903329c","sha512":"07d4fc561d5dccb175c0929ec1e9003ab35fe56d6091554cc639e9433e1b3b0fba0e05128d1fa77af463d2aef97f368a591eea31487c4d4c52c502577592663d","ssdeep":"1536:d17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:bjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"dd141a84764170b8c396a175322f601ae22f789650dd9c24f3789aa47f7470df26fabc","size":194938,"data":"","first_seen":"2026-03-20T12:57:26.726636Z","last_seen":"2026-04-22T11:08:20.975725Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/index-399e2569.1774008371298.c3f996ec.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7281b0c3d5b81d6d50466efdf4616bc9","sha1":"9cdb8fdcc72d98626e6de1148171433ea36cc670","sha256":"3c2d80ca77fe1edd82ed47c962b352972ca03fee24f7c1676b49422dd72571a1","sha512":"993bf96fce0cc88af80aa0b0b0985ff637f4ef2f34b180817ade85a5f3fce54fd2ba01fe6a13deb8c2f7f0477f9f1b6113455af5def3ebba1d5d3ad946b15fcd","ssdeep":"384:sZSANHmDGlVaJPzBTbUyB+r0hb0VtzgAHKdDNZaloL2Tex5F3oWf0Af/nHtU8B:fnDGboPzRvB+YhbYtUoKrZ0A5FYxAfPv","tlshash":"d9b2b5e63392bdb8c24f9276f23a68ecc43f9141c34fc4f8d265bd947c98604a952784","size":23689,"data":"","first_seen":"2026-03-20T12:57:26.675029Z","last_seen":"2026-04-22T11:08:20.865401Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"h37s.xyz/","fqdn":"h37s.xyz","domain":"h37s.xyz","tld":"xyz"},"ip":{"addr":"122.114.10.205","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"1d3ec7d431842a5877ddc9120b8ad46d","sha1":"05bf985bd9c94468b2110c72b41b101377a016db","sha256":"deb79955073837d77b1d27a48d9aec263460a93dcd462ce67eb3a728db9b62b4","sha512":"e3da773034c6c6945abb9022918e08036412a9eb6e76fb6118ea57a8d9294aa56d6af8b14ba85de3eb9a15115c4b3d4e0dccc33bb9dee2df5e5a4ae3be9c3ac2","ssdeep":"","tlshash":"75e086f324418a7066fa225bab57b7553d2250c72e52700540185c51a12cf8ec63df99","size":320,"data":"","first_seen":"2026-04-22T11:08:21.052825Z","last_seen":"2026-04-22T11:08:21.052825Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"46c37814c8d855f8d26c8922d6a21d09","sha1":"77a8a7d835aacf3d4c325605b153d011418518a8","sha256":"bf3b91fc06aeb59c3f2832583ce2b70b2b8f4dc45df941aef8611949220ddf84","sha512":"24308fb6d5a6b83f2f8a328fde19300d8ab2a8f2d8116ef4cb160275ed664391e3d52794d94de19ab1a0feadab0168bf0a5e86e2066ccad31c2af2bc0a0ffc4d","ssdeep":"","tlshash":"9531e0282eb29531d423617a1f5bf2843235e62f3148ef043f0dc7661f24d6ba6356d5","size":1702,"data":"","first_seen":"2026-02-15T23:20:06.601892Z","last_seen":"2026-04-22T11:08:21.055287Z","times_seen":212,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/8544.1774008371298.875d684f.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"34f32e63de85d447747fac95e333d215","sha1":"e1c3bf318441d00ced2a613161862bbed9dbfda5","sha256":"936c3da85d53ee12dcbc04708e57a79c5ef799414aa00f35dfbf70322970daa8","sha512":"4cef2d95fdf4a7447992aba713ac723305df791663247fb91261ecea0233673c0a7095b666a9e72020cedd32931f77f2ee35c4d252c13a3e893e063b1aeea876","ssdeep":"6144:u/rOTURxxB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:uiJjytgPJPT3p2YpHrrL","tlshash":"c9442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f295f990be7555c927fbfc","size":261977,"data":"","first_seen":"2026-03-20T12:57:26.652616Z","last_seen":"2026-04-22T11:08:20.99812Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"5281f83487c386b7836c0a61310eee71","sha1":"b69aa5eb7750fa2d18540f7a8f28dab10d4b2631","sha256":"5c4f27503b020517fa4d8a831ce6ea7c9b425cbda5603e8e6ce9119aa406cea4","sha512":"4d7ca7094121bc51fd7e24de7f2b9218624f1c7c2b5949e25ad2be53f4b1babc0ac6265a9e20acd2d51fec4e844baebdd7d1aa300a7f52f3b360bf36a8979ca2","ssdeep":"","tlshash":"5c8004047d5d50540000503014740c0d5c133c57403f0314340dcc013fd5c401447441","size":36,"data":"","first_seen":"2025-03-03T20:54:16.013922Z","last_seen":"2026-04-22T11:08:21.056167Z","times_seen":2403,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/22872.1774008371298.dbee35b5.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7175b6eb280645cb927a6029a62c7c21","sha1":"264fbb24690994bc08e806084b2ef95a873a15b0","sha256":"bdfbca520ec194cc9ff168262b9782d417b0eba0922a4795838bd42516cb0ce2","sha512":"76eb372bb0a5a8b4cfda738a06ee8fe14926addf2c20e31851a8555160fd682583d83ee493c23d71c5f2423aaac32b41dd591347a5834111548cfbf97ade1d21","ssdeep":"3072:pPHW7tB4Vgj5tNlxyUYwOW1YegxYffj7TEOiG1Zl+DJVkzEcx1nKs:tHW7tBwgttXxyUYwOW5ffjAG1T+DJVkV","tlshash":"52f30bd4f2c070f6475f85f2a22b5065b26f4d92318c98b0e15ba6547f21b48c7abeec","size":158150,"data":"","first_seen":"2026-03-20T12:57:26.639894Z","last_seen":"2026-04-22T11:08:21.030833Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"49bea4e1330b9d3f17c1c143ce23cb3e","sha1":"3a8874032b5979ba1fadfe141c0ebf28baa32fc7","sha256":"07f2a8f457d336c5a0cb2267f53a4be2676d30140da225305675f4b3957eb68c","sha512":"9cf0ea9cec23fb496db40aae14fe1df1a305d4a847e23a724645052c742a5995250f9d7f3f0584d3226aa17c6af04201f72cf7fca01bf4c788df2ab4cf488ad0","ssdeep":"","tlshash":"b580040cdc5544570000501014500cc57c170417453f435f750c04451fd34700007c40","size":36,"data":"","first_seen":"2023-03-08T15:23:49Z","last_seen":"2026-04-22T11:08:21.05703Z","times_seen":2470,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/index-a3dad144.1774008371298.5bb7afbe.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"15f2357a3eef3d90e84f430e303002f1","sha1":"793f9e00d525522f8b621f36e92c8b037d473a80","sha256":"fc46407fdae3f669d6b159bc9215e988c25ccf1bc08df1602cd7ef0e7f12e43f","sha512":"4ab010d8cfe1fa737fae540cb711ee15e217f01cbfff5814be0ecc6b384d6965b51b874dbd55ab0bc9d9a27471dfb182741069e1fbcf756cf8fc9c8e73453535","ssdeep":"6144:nybhFOufhIRBpryMzrqsq1yHk1YlRlNCmq9n/:yzB6RBpryMzrqsq1yHkMCp9/","tlshash":"d7742c90f76ce1bd875e95fe793290a4902c1b41b0c89e58d29d2944fe6b385feb04bc","size":353005,"data":"","first_seen":"2026-03-20T12:57:26.743525Z","last_seen":"2026-04-22T11:08:20.906663Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/44623.1774008371298.474b3ce0.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"16428ee8976bf56a362d9b976d6b73c6","sha1":"023a332478407d1a977d46247b190d74437bbf11","sha256":"577d1d64522233b18540fce51e117d3c06719117dccd0e80bde436089f3b8ba2","sha512":"d5cebb264f3430589e2f8b35cd8040888c3d92a9be839a9f9d3cd6799c4567846396ff4c5b1313057dcfb533859e76bb30d05d635e68faf69de410b719a74bcd","ssdeep":"1536:kLUw/AG+HRNnKXpJwTl0sIycK/enOMTGVMBC7iCljkqpQs+0fedt+HmQ:kowoxRkwTl0sRMTGVMBNClwuQsItkr","tlshash":"9d83f8c4b5f4f4f9669ed6a2973244b4b01527c1b0c8ace0d2a96e147f1db66b8318fc","size":88472,"data":"","first_seen":"2026-03-20T12:57:26.682071Z","last_seen":"2026-04-22T11:08:20.992115Z","times_seen":101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/31098.1774008371298.4108b3dd.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d62372c9bc6a97e80e0163fc49bf7f8","sha1":"8885382acd157ef9cfbe341d861ea44154abe474","sha256":"3b59590fe1183e142757fbeeaa131d06cf5878eb5ce4ba227d15ec7c0fe303f3","sha512":"040920f3ef7e903de94d40533c6dad6b4180c9f6fabaf3748cb8da2658651032947b138690529736f94f73e2f7805129e03bada219d367926688831f949b8183","ssdeep":"","tlshash":"7511c949f9a0b0b283fb6eed853b0349b26a15c1347da0d8d4a84ae2acb1b094176d0c","size":1000,"data":"","first_seen":"2026-03-30T00:17:59.485269Z","last_seen":"2026-04-22T11:08:21.057868Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ce02dcf11f1634908b4afc4e1bcc632","sha1":"f8911bd806c6ddd3daab7f3eba10081d7af38f74","sha256":"46c7be5f428c72dac25551dbcf74f494989a3cf773ff04f9e115e15ad7dc2893","sha512":"c4f56e0a143f096a106956d55a60f07405a2418d8eec9917a027d0ede74e7119884002051c598445519ff87ad5526d035c221bbcfc65ce817539e6162f157ac3","ssdeep":"","tlshash":"1901735d483748107b2225bd537f5045f1a2516f9e87cc103c1e5b00eff48a72591bd9","size":750,"data":"","first_seen":"2025-08-16T16:35:14.594808Z","last_seen":"2026-04-22T11:08:21.058667Z","times_seen":1995,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/chunk-init.1774008371298.833a06d6.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bfe603e28e5e2ba4c2ce2eb194ad9e1","sha1":"da473d072f47cf9ea34b6b98768edb31d9bb43a0","sha256":"db49da0b3c77eeaabf0f5b7d950521830d16460c3d9b54a242d75cffc679a96c","sha512":"38d2f08ea71d52b838495954f50f4e8abde57dcca9ff6078491a0ddc0bff2d49dd770f98e5db3bb8aaad7c46b35541e9f1b26fca853c152d5d3164e0a61c2af5","ssdeep":"3072:WtwqhOIKENB85doKa/x5wc0dB5/J+UUknCqd7ACifMur0g/C:fENm5ox2Br+2nCoAlfMu0T","tlshash":"c5441b98b3d171b847cb52e5622b1035f6ba1c933098e4f0d219ea947f3168dd52eeec","size":272725,"data":"","first_seen":"2025-12-29T19:25:01.962012Z","last_seen":"2026-04-22T11:08:20.881006Z","times_seen":878,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/7653.1774008371298.5eafcc69.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4849391ecd3ae7038c8eca5da5af6cd4","sha1":"6316de5585ce9c3c90e92da7f445df0f1eb06f39","sha256":"7ace68dcf17129b57d79ff5a5ce030178b60d463fa0b0d1027ff5a62981ae2ef","sha512":"04bf30f23c9fc4ee7df1d106f541932dec50cf5794d313087378b16ed5430d29f75a5891abf4e84657525774f2ee231ac62d9e7640000390ee29a08bf23fbae4","ssdeep":"","tlshash":"47310e98b6a171b243af5af98f3f168bf16794c064edb094d096e2e07cb420c4937d29","size":1501,"data":"","first_seen":"2026-03-20T12:57:26.686565Z","last_seen":"2026-04-22T11:08:21.02658Z","times_seen":101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ea4e17d9cb45ced9899e4c1741864054","sha1":"f5c105014743104951f3e7ef274c5b701771f7d7","sha256":"5c980ae7600309f5ff0fbcf676f9577d92f6fa8e45c6a5c20f597ad8873a3ef5","sha512":"5f71afdd7fd3a66c0408bbc80f7382f79014017adcdcfe9c58fdecbdc1576edc2f102aa95e09f381d2514032b0396769485666c5dc9d37c4883bcd26444d6063","ssdeep":"","tlshash":"7a41e27d826345951973346a1f9e730836f340b31249e9113d5c9a802f99a5f83b7bfa","size":2290,"data":"","first_seen":"2026-03-16T07:09:28.208399Z","last_seen":"2026-04-22T11:08:21.059492Z","times_seen":143,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/21954.1774008371298.57c97863.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c37046d6415189d71e476a96168144d4","sha1":"e60fd0f50c7ced9c708158a6f1fa6f5f16edfa7c","sha256":"4d372d0cdd07bdabc7f443b0f2123468bda757c07638ea20753ad1928c62426f","sha512":"fcb8fb515e88306c32d647822e4d7ae942ec23540654a8ba6937850ba58b810165c546e6ed05c2e0ecebd43da2e61c6b893be3625ee346e820c0ef1a5410a7d9","ssdeep":"768:TWaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:n81R6Ipyk6o","tlshash":"4c132088fac2b06dd3eb7330857f505ae66a1dc0668c5434e260d6917e7198dc1fb5f8","size":41946,"data":"","first_seen":"2026-03-06T18:01:11.532425Z","last_seen":"2026-04-22T11:08:20.902098Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/configPage.js?v=3/20/2026,%2020:11:10","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","size":949,"data":"","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-04-22T11:08:21.015479Z","times_seen":1320,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/config/initGeetest4.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","size":14975,"data":"","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-04-22T11:08:20.855896Z","times_seen":225,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d053d2da6a5968d7b648d3f7360092a","sha1":"32ae5713edeb00288a3f8f3c02462a5d0ca9dbb3","sha256":"8896d194e4c39e87f52924073dd2d56b4aaab46fc9f7c56a57534545eef1d7f3","sha512":"01f9b63cd24ab6e0e097637341b78cda657192f98e37a39f0f75548f8fe0180418a86594df76858aee7d514282ac4dfb8263e1729ff325035897b841d09206a3","ssdeep":"","tlshash":"82f0a00e0ee548131963707a4c0f9201203b2513414eea08bffe9bb24f92a688a679cc","size":550,"data":"","first_seen":"2025-03-03T20:54:16.018132Z","last_seen":"2026-04-22T11:08:21.06031Z","times_seen":2467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/theme.config.fc203cc4.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e39ced69d69f9688784395377564c248","sha1":"606635fa0c6e2346e8a73f078786c6bd6c52e6d0","sha256":"9160870cf6a7c38e4b1143f917e0f6de3a84e97b1c65640456f05af40344481e","sha512":"916149035ec7a0a71867dd77a38aa3c16f3b352f325e1daf384d4a8db0e27582e8b8118961292a2836821d2ac5d1f5b0b0780df0e739612382e7c9769649be57","ssdeep":"1536:D2JREobnmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qKtlGu1Jnz45Hl","tlshash":"67b3aa7ee20c963a6177a8bfb46ce111d12e9c0cab1d5fdef03d60a25610669c831de9","size":108069,"data":"","first_seen":"2026-03-20T12:57:26.635497Z","last_seen":"2026-04-22T11:08:21.035185Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/35142.1774008371298.3cc050ac.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dc1a689b76ff5bad0646d54ec0a9c05","sha1":"797feeaf7f90219f3165ca0d0470cda8c3af210e","sha256":"5d8368dbdb82a8a24ee7b3c6b027e9b375b9241ac1eebbb7ad071055e08a590f","sha512":"cc14c86a64ed978529316706abe98ca1c2c882b0d05d18c146037cf1440dac24d5e9103c368726bcd9945099308ddac934040c12bc8e70a41427edfa32ed8f1f","ssdeep":"6144:2jhhkpltqniyveBHlBfb04ae7Ancbt8ZijKfILToSlthWe/futUDvaRtZYD5jMDq:2jhhkplwniyv0HlBfb04aaAncbt8Zijn","tlshash":"19643c84b690b17883af86fb721a9195d24e0e9460ccace4f33d6e40bf15746b8775ec","size":336838,"data":"","first_seen":"2026-03-20T12:57:26.765153Z","last_seen":"2026-04-22T11:08:21.040798Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"25ba01da3f0b1b471747da4637862cd0","sha1":"0c5b0ce449b041467ab3bf825d2cb6c5dc9c8250","sha256":"5f9229d7d1276d1475836391ce453b7432244854be7368ae4c4c590f22789af0","sha512":"58d82418709bd36179a89dd6af167368c35512e8abc68ead43e9be0e5c5fd5027d83289b2ee30e6a211239b4d67790af51039cba61a54b4184e556741437c4a4","ssdeep":"192:K2wqx5Cvtib5XOQRzlaECoXZTAoV51nsPhwzvBa/id3+36a/E/97g6I52MdobsIc:K2VwiYwJvSoVXsp+pa/iZcVk97g6nMu6","tlshash":"8e323b69a5b71bba25673036277f301889b080630319fd947c0ff61e4fa5436629bbe3","size":11906,"data":"","first_seen":"2025-11-05T12:10:48.37972Z","last_seen":"2026-04-22T11:08:21.061155Z","times_seen":1277,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-22T18:08:30.451513Z","times_seen":623429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/chunk-common.1774008371298.88ebfd55.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"55005e42f3f7487242691c6e3bae37e7","sha1":"0b2f0e741debd86b2a844468aa7c29f88e0de0ba","sha256":"7c8812c815d75a60422c193a271ddb7875a53afa441a0456aaa7659d674437ad","sha512":"5d0d7c8bc6fabdefe7be0891828248ba339789d078881e44faa3f6db53255ad43b269972ec075b6a30aad8fe8036cd37e40416f8994d4ef01607f931ca973598","ssdeep":"1536:KHjBzbnNcdWUa2UTf6oryXHuLmbErF/G7D1dMI59HvsY5AN/voVGAClVbGD3tFkK:KHjBf/Tf6yjFetHvsY54/voVGAcgD3t","tlshash":"8df3f8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade67f1a704a436ca8","size":160182,"data":"","first_seen":"2026-03-20T12:57:26.740685Z","last_seen":"2026-04-22T11:08:20.983436Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/home.1774008371298.7efffea2.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"638bb57e93d3fb016b31570897194907","sha1":"685131d157d0143d2d702cd269121fc822c2c686","sha256":"b351fe7403bc37cdedb78b20b0b62c6c5abeb5734d9e7a07789cf236e895a751","sha512":"c3d18f43b130d5aad58cb6a306e607572bd7b9741f9382c8fc4468473196a990df3b11f703c92f0402b1c564ae8e519185a419ab5ec67debb03aa7a0b78298b2","ssdeep":"3072:f+YNGVSIMctwiYJBuoCQuFdBlGLuJuhxffj7TEOiGR2p:f+YNGVSIMctwi+YjFwzffjAGsp","tlshash":"6b140880b5f0e275576fd2b7d7371024b2271686d0ccac60e1f66b187e28796b236db8","size":193514,"data":"","first_seen":"2026-03-20T12:57:26.696741Z","last_seen":"2026-04-22T11:08:20.866788Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-22T18:13:47.616721Z","times_seen":212971,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/65246.1774008371298.c40b56f1.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ed1a382c70d231f3a659c2acc1658eea","sha1":"de0ef21e4aafd93d086ffc396323ca5c190c6412","sha256":"2a20c3f199887a60f91fdbde7abf58e080ca48e3238c940a5ead402daf9cb7ab","sha512":"a303e2c93fab473f86567fd222719fe8c1151e43f83d0febb54d23eaa68aced7f3dff1e5743cbf549f801e789900d9a78d28c4e853ee4b154ec3bd76e14ca8a3","ssdeep":"1536:/2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:++iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"e573a501f78272384fa7e290220f2026e16e191505ac5ad8f179ffb93ef4954aa7d7b4","size":73516,"data":"","first_seen":"2025-12-28T13:10:26.276855Z","last_seen":"2026-04-22T11:08:20.857351Z","times_seen":221,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-04-22T17:50:32.48442Z","times_seen":82514,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba4d957ec99a023d40fedffe8f2c9132","sha1":"32e9e162bad0ea93fde3f137877e95bbbb574327","sha256":"24e8b158f0130e4778f80107b4c038c9edda27db68dd815e66221cc1fb5837b0","sha512":"d0e45e79632f3ec13d043d91c87ef458d1ded7256a3aebe641b09e205ccd00b863424342238a41b73fd7173eaf8a260640fb3110c8a48422ef03050b691d5e2c","ssdeep":"","tlshash":"0311c05a59d18132665b303735bd43887724a013d184df413dcc99557f98da5cabf6c4","size":934,"data":"","first_seen":"2025-09-26T05:04:14.419402Z","last_seen":"2026-04-22T11:08:21.062047Z","times_seen":1424,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/chunk-svg.1774008371298.1e4dfc16.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"60ea8e82c4faa8daca2d833fb2853bf7","sha1":"526b96b2b45c8cc703e954cb89bb96025db0e7d3","sha256":"333f43aa9716e828751498d9a23a98931d609433d99f21790f93e9a797a0804a","sha512":"9f65be830d9cedcb63ae71c67467a827a3ad8006111236319758846e2d1700240e15905590503182b6348712dc50bdd20e7c21ff90503d80a53a7089a490973e","ssdeep":"3072:z8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:z8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"b6a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","size":464052,"data":"","first_seen":"2025-12-29T19:25:02.023641Z","last_seen":"2026-04-22T11:08:20.834047Z","times_seen":879,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"0b4f95dd39dbda962a2b68465e3ea408","sha1":"8164d82659b6278921bdaf23920da24bc261f8bc","sha256":"3233811e527c5eefd790270819ac1b6ae6ddf329908a7aaf0dcc3f075eb52886","sha512":"48e1462a77eecba3f465a41957a342c6333a9dfc19be3e3d8ba5b86a7dc86adcb9bedcede08e75d52db792ba6a3cbf710fe3f9409b9215d27a2efc352400384e","ssdeep":"","tlshash":"5ca002933f08c5413105185bc562b18da854d595f669a82432b45201ab207985c11944","size":59,"data":"","first_seen":"2026-04-22T11:08:21.06288Z","last_seen":"2026-04-22T11:08:21.06288Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"h112g.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nx-request-source: https://h112g.xyz\r\nXign: QGY8QkO+1JnxcExIrLUv4owUhS7DLDBdZ5jLysoR7DfUKsD10u/N99L4LQqpGP1/ddgv+hdIkbQfxEigroCvwqesuu2c6w7fjTXtX5HcKj9Fs55S36zSTu4ujDfBJJ0cL1cXTabEXC+6x/0Z93dSRXvl7aqnpwkR67ISMQUmdWY=\r\ntimestamp: 1776856036028\r\nsign: 1p5r3v512a691j1p\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df733c252c\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20726,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (19860), with no line terminators","md5":"82484d740b6f5bcb7c9fb6d007087c28","sha1":"6c795b4e3389fb5f16e6750bfa550613af28c71b","sha256":"4879a9503f4c03c4777480fa208bb20a53357c0eb3f15ff40531de02069fac0c","sha512":"7eb7a64f85715a829e99943264b9cd2b8e56db285883f98b4b78e2a6a2a3776c29db72abc39ee45936b1d368173677872906ea084a851a011a4cdf1c0f23e098","ssdeep":"384:e+Nh2rKmwfOm8C5/mXhX8mmQ+mdcWg4JwWsIpRe9BaZ0XM+Nr7ExuIS4aNeI2/Vl:eeh2umwfOmT5/mXh8mmnOc14JwWsIpRH","tlshash":"8892cb9281ed18d51f9c61e16e1e3b4c847eb95b0a9ef6c6ee0ecf0924b43f78640d21","first_seen":"2026-04-22T11:08:20.81429Z","last_seen":"2026-04-22T11:08:20.81429Z","times_seen":1,"resource_available":false,"data":null}},"time_used":518,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":518,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75ca253a\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/177599c9a2a84e588c15c6ca0ef8a888?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/177599c9a2a84e588c15c6ca0ef8a888?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 54030\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 84731\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"177599c9a2a84e588c15c6ca0ef8a888\"; filename*=utf-8''177599c9a2a84e588c15c6ca0ef8a888\r\ncontent-md5: 2cqg3rC6CGO1Vx+1F1IcAQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fp1aR2N7VPHnw1frSeGAAcXsRN9v\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:16 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:11\r\nx-m-reqid: GCZo0cjQ1\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ejkAAABcqycXXKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54030,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 182, 8-bit/color RGBA, non-interlaced","md5":"d9caa0deb0ba0863b5571fb517521c01","sha1":"9d5a47637b54f1e7c357eb49e18001c5ec44df6f","sha256":"3f5ce91e87bfb2844ca164ea817cb3b18087ab06173595c09c1b1facff793b1e","sha512":"f5c7791ed7f44f094794fbaeb32b5b87f291168c7d7712ef101602191e533f181f4f9531d0caf53e844258660d9e86773fc481a769eef8446f19c3882995b1fd","ssdeep":"1536:RjMpe9ILDL0xtTtBBXLifdU00QNR/Q5kdk:hMpe8v0/TXBbifdLnQT","tlshash":"78330170efa5bb2e23f4d162f7968e43320ae6e8712e881790d3d50cb55271e83d0c64","first_seen":"2025-04-01T11:41:17.755018Z","last_seen":"2026-04-22T11:08:20.821136Z","times_seen":28,"resource_available":false,"data":null}},"time_used":3218,"timings":{"blocked":1044,"dns":0,"connect":0,"send":0,"wait":1298,"receive":876,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ca5b2e86bf3f4bb7a843acc38fe83070?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.362Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ca5b2e86bf3f4bb7a843acc38fe83070?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 27726\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 83230\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ca5b2e86bf3f4bb7a843acc38fe83070\"; filename*=utf-8''ca5b2e86bf3f4bb7a843acc38fe83070\r\ncontent-md5: uS19IKsxmofEQxS/d58Rmw==\r\ncontent-transfer-encoding: binary\r\netag: \"FgM8WoddJSJhpAbBJijqIdeXScF8\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:24 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:4\r\nx-m-reqid: dJ5uVfvPv\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: FEQAAAAm7aV0XagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27726,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"b92d7d20ab319a87c44314bf779f119b","sha1":"033c5a875d252261a406c12628ea21d79749c17c","sha256":"489cbd723256fb665e160db96761a3095fd9bbe21c29049adb21a64c7cfa8f3f","sha512":"a77f984a96b09acbcd3659ae7569ddbdef794c78d5cdaa392447dce0fa3e7a6e0254349c058f295463088b1fe45fa6fc984496864de283692171648b75649f80","ssdeep":"768:hexKfZi/N1Dcdeabcun13eOffsQCQ/5t8XBhe2fWtjzY+cZ:oKfZs1ScQ13DcA8XXBfU3M","tlshash":"eac2e1396c58ade49794058826a73fd3b4f1e283cdf81f4326763027808d6fd56b4ac0","first_seen":"2023-05-19T01:28:08Z","last_seen":"2026-04-22T11:08:20.822135Z","times_seen":196,"resource_available":false,"data":null}},"time_used":2772,"timings":{"blocked":1035,"dns":0,"connect":0,"send":0,"wait":1296,"receive":441,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6ab4b5fec32a4557b3655d9e57f1c74a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.366Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6ab4b5fec32a4557b3655d9e57f1c74a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 37024\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 68813\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6ab4b5fec32a4557b3655d9e57f1c74a\"; filename*=utf-8''6ab4b5fec32a4557b3655d9e57f1c74a\r\ncontent-md5: rcqtwfv47bpi97ouG3CdXQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FkzetRxFOyk2DzZ-W74EeoKvblmR\"\r\nlast-modified: Mon, 20 Apr 2026 01:32:13 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:29\r\nx-m-reqid: f8MiLszCy\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: E7UAAACSx0aRaqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":37024,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 243, 8-bit/color RGBA, non-interlaced","md5":"adcaadc1fbf8edba62f7ba2e1b709d5d","sha1":"4cdeb51c453b29360f367e5bbe047a82af6e5991","sha256":"f7a473d42928176a221370a1f69814e1c1a297100628334fbd174ba2f5a0ea32","sha512":"c1f227a52ff207841b580235ef22501f5a4a98ef7cad5ec5c323ace41bd5ea06e9b91846e4beba997beb2fceb6dcf35e5c441bfec2caa001d8334fed419198cf","ssdeep":"768:Fww6uNWQhltxgZ07ESJRH889aqig/eaizHK2hMZO5:Fww6Wzn3Jp88RiwGlMZO5","tlshash":"2ff2f1e3d1c523358e737ab21920e44678ca1601c2a5dcb11de726b9fa95cbd432cddc","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-04-22T11:08:20.823041Z","times_seen":171,"resource_available":false,"data":null}},"time_used":2954,"timings":{"blocked":1031,"dns":0,"connect":0,"send":0,"wait":1297,"receive":626,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/f9240c3b3f014055b9ff43189fb72584?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/f9240c3b3f014055b9ff43189fb72584?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 88074\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 58024\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"f9240c3b3f014055b9ff43189fb72584\"; filename*=utf-8''f9240c3b3f014055b9ff43189fb72584\r\ncontent-md5: xKZSii7hR7mcmIXvJDhaTg==\r\ncontent-transfer-encoding: binary\r\netag: \"Futc7GbUHdaLTk9DXTcr1ES4e9m1\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:09 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:7\r\nx-m-reqid: 9PlSKEuN0\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: tD8AAADB91xhdKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"c4a6528a2ee147b99c9885ef24385a4e","sha1":"eb5cec66d41dd68b4e4f435d372bd444b87bd9b5","sha256":"e8111ed917172505f3c61bec2cefc0920e02c557cbfb587ab694545d3ede1e3a","sha512":"017f52153011e1e68c1fa47bc017f54789a78cedcd922d7376d98bb59081559b3541adbe5cad192796d8bbc74bc881e6e915b640e5486731fd0d2663cbb5df39","ssdeep":"1536:WmlDudvPFEbf8thcMRpOXFCPBs89hKkowwYRmRmsjP4UL92ILB77tVC:Wmlsv9Ebf8thcM/OXUBs89kk9wNRB9L8","tlshash":"8b831264ecd8f2857dbf9c471ab0d722e05231d34f2372449b789443fe2aa0a1ad67c5","first_seen":"2024-12-26T20:26:09.835412Z","last_seen":"2026-04-22T11:08:20.824011Z","times_seen":530,"resource_available":false,"data":null}},"time_used":3133,"timings":{"blocked":1002,"dns":0,"connect":0,"send":0,"wait":1279,"receive":852,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/bj3.a7dbd558.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/bj3.a7dbd558.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-16cb\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322518\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1003 x 171, 8-bit/color RGBA, non-interlaced","md5":"b79234bcd23ce7e063481b3605bcdd45","sha1":"eace4c48cc352cfb10fb6fcffed50748f18aa78d","sha256":"2dbca2ee9a515b178cb6a5ce670a5dafa30941ad8c753fa3e94642f8dacca13d","sha512":"40fa685181391f1ca805440f53683045d1fbd5c0f36cf471f53641c6f289481f42fefc4d1f2b2fdfe8a20d7488ef0537f10352492e46af76770b49fe8876def7","ssdeep":"96:brOIaX7VK+RUSrZ3rnZ1L++y+hsVoK4CBVVikox3n0muoE7Nqh7zwGto:K7VK+RBZ3l1i+y+3peikr3oEJqh7MCo","tlshash":"91c18f03f313ed339b875f190abe4dc3498b2f9a4725a7d6285b5aa89654819c062e82","first_seen":"2025-08-29T11:05:53.328141Z","last_seen":"2026-04-22T11:08:20.82497Z","times_seen":1248,"resource_available":false,"data":null}},"time_used":593,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":593,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: uc2xAHjIhu5FUtHVMA7f2Lw2gIRWeWnmsd6NVUt0+jYW5nR64Rk5i/sJPRiCVDIDhCN94zcR5nPWmdzytge7DvVDQ7Qy/Pi0MG5UgavstmTxtX/BYfrkZJ10zCL1vOsLC8beZm02rW5y9o1yM05WJUwLVDqRPuJDE0uvrAfmV1A=\r\ntimestamp: 1776856036032\r\nsign: v2t3v3g4l49b7854\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:17:16 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df732e2529\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7135,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"47c0dee9739eea9688bf651b1c53ff7b","sha1":"8cd98ccb36313b697f8e9eb766e58572eb000718","sha256":"2c98ac186cc6e4e9493fbfc8f201bf49201582c7c6f0cf15b0468c8d8fe7b7f4","sha512":"c09766fc3fc14b2ad2e8e0888766ec1acd363952d80b11ac68a471f26597ce6307a8dade63807bb3cb8db11c6fd4af9ee37de8ba0ea616d31d2f13444ec297e3","ssdeep":"192:ViTYCgXtXTGxT9yKlPMNZqwBd9+ZvMkq/Z9/Zrv2AESddh3RTU:0XgdjrKlPMNwwBd9+ZoRfSAr3hho","tlshash":"6c22bf5589b093b44772e4c2bc23c0dc11c69e49aa9faf16ed8146027d9f91f17ec9e2","first_seen":"2026-03-20T12:57:26.750869Z","last_seen":"2026-04-22T11:08:20.826416Z","times_seen":99,"resource_available":false,"data":null}},"time_used":531,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":531,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: IB9W4x6REkbjKcbEP2OBd9NFTBiV9Xl0HKiS0AyAPcnWNsG5JYLyVqhn9FuMLd4WnQMUHZktNLNQ9C3vMnOiv4FkmTmtuVBF7Dt1BTA902Y0exKlOO2EG9rmOddS+urdSgXX4qfGQ3krPOLqldTklA7PjnpffHke413OlH9Kh24=\r\ntimestamp: 1776856036032\r\nsign: nl617e7943236t3s\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:17:16 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7345252f\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7135,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"47c0dee9739eea9688bf651b1c53ff7b","sha1":"8cd98ccb36313b697f8e9eb766e58572eb000718","sha256":"2c98ac186cc6e4e9493fbfc8f201bf49201582c7c6f0cf15b0468c8d8fe7b7f4","sha512":"c09766fc3fc14b2ad2e8e0888766ec1acd363952d80b11ac68a471f26597ce6307a8dade63807bb3cb8db11c6fd4af9ee37de8ba0ea616d31d2f13444ec297e3","ssdeep":"192:ViTYCgXtXTGxT9yKlPMNZqwBd9+ZvMkq/Z9/Zrv2AESddh3RTU:0XgdjrKlPMNwwBd9+ZoRfSAr3hho","tlshash":"6c22bf5589b093b44772e4c2bc23c0dc11c69e49aa9faf16ed8146027d9f91f17ec9e2","first_seen":"2026-03-20T12:57:26.750869Z","last_seen":"2026-04-22T11:08:20.826416Z","times_seen":99,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75c82539\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/dd6ff9813b0e4cfbaa07ea6baaad3255?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/dd6ff9813b0e4cfbaa07ea6baaad3255?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 89072\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41827\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"dd6ff9813b0e4cfbaa07ea6baaad3255\"; filename*=utf-8''dd6ff9813b0e4cfbaa07ea6baaad3255\r\ncontent-md5: V08e5WDog15gUXbKw2qH2w==\r\ncontent-transfer-encoding: binary\r\netag: \"Fp2N1sBGhizW0WwX0N9DmZOXrEOS\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: L8qxvQwS3\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: rwQAAAAHUZ4cg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89072,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"574f1ee560e8835e605176cac36a87db","sha1":"9d8dd6c046862cd6d16c17d0df43999397ac4392","sha256":"b72ac0032443939477eafd622be761c57eeb4d6a0db3b2022428140dbfa4b6c2","sha512":"9a709073179d1a1814b27fcdac590083c3cbf8d7d1a7c1ebdabcf2f02507e2c6f41bf221f1cb51806ef2a5581949fc219dbacac8de43f9f62cd40473c737e9ed","ssdeep":"1536:RSyA6SodnvJVJ7rvby264D/oPJIvlbrHPbpmMdCimS+NMkgWF1Z6YVSdwCd:a0dRVJ7XyKD/0uvhrHTAsCiTd2n6Y4dD","tlshash":"329302e4c6b100549ae0fb2bc3a75afeb1fb1da412919b49502437fc5590776ee0ccab","first_seen":"2025-03-16T19:56:39.364906Z","last_seen":"2026-04-22T11:08:20.827489Z","times_seen":30,"resource_available":false,"data":null}},"time_used":2208,"timings":{"blocked":232,"dns":0,"connect":0,"send":0,"wait":1271,"receive":705,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/bfdc6b54d1bb4853ad116d2e529a3f67?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/bfdc6b54d1bb4853ad116d2e529a3f67?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 21596\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 31033\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"bfdc6b54d1bb4853ad116d2e529a3f67\"; filename*=utf-8''bfdc6b54d1bb4853ad116d2e529a3f67\r\ncontent-md5: 0Pk1EiJXAbLtVvQyHy2Fig==\r\ncontent-transfer-encoding: binary\r\netag: \"FsRJdz7GfaXl0JLgvriWAz_Nh6tc\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:21 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:1\r\nx-m-reqid: HS6lvuvFn\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: r1gAAAApqZvtjKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21596,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"d0f93512225701b2ed56f4321f2d858a","sha1":"c449773ec67da5e5d092e0beb896033fcd87ab5c","sha256":"67bb410039c00cf299252112175029a827e0cae82d864234a5c4248e46f2d5ce","sha512":"2c3d0589f5a496429bee8d0211a03c63ef3c2a6df1f7366fe8ad7b6339dc9432266be5b79c75773a8b626b07dc3d05fc3babef1b589d660a91fd646fa2fefc6a","ssdeep":"384:PtgQHmiAoyOuklEcz15vUtOgDD3Ek+SJdlqYvPEOu5aOoo8yWsVUQRgDwH5+sXkv:1rHDRFllEcXUtKkvSdjFJbVUcgDqAis","tlshash":"17a2e09dd677d8ba1050e909509a305239beee31096c628cf3be5c13e95eec15e3ed60","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-04-22T11:08:20.830301Z","times_seen":49,"resource_available":false,"data":null}},"time_used":1534,"timings":{"blocked":90,"dns":0,"connect":0,"send":0,"wait":1259,"receive":185,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor_web_2.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_2.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-a049\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 441181\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df706e2509\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41033,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"66036fddf71ff69f45c146ca63883070","sha1":"4b3076a271d5042ef1b6cffc2ff49f421a819f08","sha256":"93c59a52fe04b0050dd4552a135177533afbe2dec54f10c516610b0dee857e0c","sha512":"29c2fc65e144e5d13c011e4897e0bdf771c7b4c249875eca4fa25589625696c71ec015e7e8ef3a5ee45f2a6ae9df3663da0bb736a6fb13c9628f0d0957827c71","ssdeep":"768:6eyNeN9huVfPKv0KhazApErcA6cFKSkS+pbTCx81TxUqIUgYWxDHc9wZGbYGniRl:6eXXh8KcQakywKK++tTCi6xD89HbxiD","tlshash":"b003f15c4c413e7777f19baae00ac84224d11fd4fdd5e3e61a8bc659a843a68bc2540e","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.83131Z","times_seen":1307,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":311,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:10 GMT\r\netag: \"df68f353c4e753dc68726f8cf495ecc0\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CjVBr2AGXVJ43o7%2BUV06av0S2%2FGGzdB7KQH2OiPFbdEy4O1DEYtgfTZC9omo0vK6%2Fc9z9gV71Zor%2F06WLHafWBHmeg%2F2AolfLGe7NMpA88annO%2FehhCA83LLcwYjrfO8TGLg61bDS%2F10Kw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492f93dd13-WAW\r\ncontent-length: 87818\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 2824534717121505840\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87818,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"df68f353c4e753dc68726f8cf495ecc0","sha1":"5cf4b394b9aade87e7c792a353b0b47654e3aac0","sha256":"a474c9fa06cd735002d1daeaf703b3fb50497056d31c69053da9f1564d8eb917","sha512":"2bf0097c10779d0ad3f74d8641ab0ac7d2459d934be56d3b2a33b06908228fe7938cf6e6e17ea07f71325e02b0c666fffe53099078dfe6f323bdf4731c75329d","ssdeep":"1536:wBPumsnGpw4JOOR/fiF4kRtopUtzjHjt/UEqVo0xrQiGkw88TpGwB3EVchMbYi+D:w9AmJOyHOqUt/XWoErQi/wywB3miDz1d","tlshash":"3d83021fd6c96f65d8d871fd28e8735258add1835ed12e43a001a7ec8f498f0a027ee5","first_seen":"2026-01-10T05:58:33.987107Z","last_seen":"2026-04-22T11:08:20.832288Z","times_seen":115,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":218,"dns":0,"connect":0,"send":0,"wait":121,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:10 GMT\r\netag: \"37590fa25c13386eaeb6571b33fcc201\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YPGiBkudugmjwTSASmEc8A7CHcNLYDm3%2B2RJvd00064t4I0azjqCss6rFpuBH542FPYmIg1GkheTDZe1yQzDt7JJRggR1HOI%2BWDPKg6c3u7u37L9fBVJoY%2Bzx%2BaeTjQFSxFVWQazsgF0ng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049b9b0bb79-FRA\r\ncontent-length: 10536\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 3213032292975007067\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10536,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"37590fa25c13386eaeb6571b33fcc201","sha1":"ba9135096015eab487eaa3c808fe78f3f493e0bd","sha256":"68b4350f567b62a5f955eb36376357f869db1dc32837e83d7cfdeeffc71bfaba","sha512":"291cf36fe417d14bb90c002ea85709515c9338d2d699e02e0ae2db6b8494b2f4199811c0f93bd95f371a72f242621514e8c19a4cf8c9c7b5601cc086830fd36c","ssdeep":"192:6rxa2Dv2+2JgMsTWhgDPkmw0OwIK1AmEIDvWrxaiXFr0NN2uCd16Abhu:ea2Dv2vJmTcgD8mw0ODBmilaiR0P2xJ4","tlshash":"1722b06ad71a5b23ca0056163faf3476c1517c271b2eec6429eebd0112309e469f9317","first_seen":"2026-01-10T05:58:33.867411Z","last_seen":"2026-04-22T11:08:20.833134Z","times_seen":116,"resource_available":false,"data":null}},"time_used":332,"timings":{"blocked":198,"dns":0,"connect":0,"send":0,"wait":127,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/chunk-svg.1774008371298.1e4dfc16.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/chunk-svg.1774008371298.1e4dfc16.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-714b4\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424ea\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":464052,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"60ea8e82c4faa8daca2d833fb2853bf7","sha1":"526b96b2b45c8cc703e954cb89bb96025db0e7d3","sha256":"333f43aa9716e828751498d9a23a98931d609433d99f21790f93e9a797a0804a","sha512":"9f65be830d9cedcb63ae71c67467a827a3ad8006111236319758846e2d1700240e15905590503182b6348712dc50bdd20e7c21ff90503d80a53a7089a490973e","ssdeep":"3072:z8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:z8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"b6a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","first_seen":"2025-12-29T19:25:02.023641Z","last_seen":"2026-04-22T11:08:20.834047Z","times_seen":879,"resource_available":true,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/SPORT.aab253e7.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/SPORT.aab253e7.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-d854\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125ba\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55380,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"3990a0dcf110f100c97ab413079e969e","sha1":"8087b72a149b71f4f5fc43b0f8bc07b89b621583","sha256":"6ddc189e7780b1313933d4903be9fbf6644b6a590e9aba83a6e4e50fdafb170e","sha512":"6b092584d42ec1423ecb94383907f29571e93308944813286d6e74b10f6eccb27536924220780f9a080dc259a095718a33f0757fc0adb04d737c83a6fa1647e5","ssdeep":"768:aEivx5zbZ4L0zze87wWbuKu4YIsZdCPX4ueh17yEs7NsGJSLsBQ1MDAaYHKJTbYC:aEi3eL0za8xbw4UmXI1VfJIRDYqz6W","tlshash":"bc43022944944c242384f1a6ac778dbc6dffa348a5f38f639a842bec7dcd84d95f4811","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.834989Z","times_seen":1248,"resource_available":false,"data":null}},"time_used":1654,"timings":{"blocked":-1,"dns":0,"connect":0,"send":833,"wait":821,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ecdd97d22449408ab312788c2abfcb2a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ecdd97d22449408ab312788c2abfcb2a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 341767\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 4128\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ecdd97d22449408ab312788c2abfcb2a\"; filename*=utf-8''ecdd97d22449408ab312788c2abfcb2a\r\ncontent-md5: nj1gg70KqudsxguW9V3/fg==\r\ncontent-transfer-encoding: binary\r\netag: \"Fgl83rrj0lCrbvJr9v-Fxh4ah2mV\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:9\r\nx-m-reqid: kHAHrid4s\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 2pMAAAD9hvxlpagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":341767,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 959 x 1354, 8-bit/color RGBA, non-interlaced","md5":"9e3d6083bd0aaae76cc60b96f55dff7e","sha1":"097cdebae3d250ab6ef26bf6ff85c61e1a876995","sha256":"103d4eec6572142aa9670bf72bc6e8744bc4b1bebe875c8dcc18613b28d19f7a","sha512":"127b36938213f99cab957524ec3961bb46e5c05f95c5adf1b18865569b2fae0df2729ee63460e28bbe332f70fc60139a3664fbf967d6693ec0291a37f1f90e1f","ssdeep":"6144:TiD9XxQLvd7H3SosTGksYz3w94ik4GqEDNo9iDb6rFcaJLedHHEfSL1URanbaj+G:GBB8deVlsq3w2Ms+kDugTL1URaniwm9","tlshash":"6e7423f4e18d9aa4c7de9179d124099b39806be1525349e88f51a3e40dab03c5ffbf32","first_seen":"2025-03-20T08:28:26.362699Z","last_seen":"2026-04-22T11:08:20.835948Z","times_seen":5,"resource_available":false,"data":null}},"time_used":4844,"timings":{"blocked":1295,"dns":357,"connect":258,"send":0,"wait":1278,"receive":919,"ssl":725},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/left.34013cd8.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/left.34013cd8.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\ncontent-length: 237\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: \"69bd395e-ed\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322516\r\nx-cache-status: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 44, 8-bit colormap, non-interlaced","md5":"5ecca260da6fc5e2843405c20ac69817","sha1":"3918cfad7493b6860ded9e259ba90bc6a853f1b1","sha256":"078a4aac39c49a33cbabf23cda7579fa7b76e875e6b6d24d16cfcbf9f8b250df","sha512":"b76a870a79a87a450e5d30a218d75093b57415c563e64a8ffd6839a31b36379dbc08398698b9c1368ecda671d65045d5cfebe3363b98d746d89dcaad15bcd8ce","ssdeep":"","tlshash":"6dd0a99be2076faed1c70bb3732e0ca18a8124e892944b088042c622ca663a1dd82042","first_seen":"2025-08-29T11:05:53.221032Z","last_seen":"2026-04-22T11:08:20.839071Z","times_seen":1254,"resource_available":false,"data":null}},"time_used":559,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":559,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/css/46431.1774008371298.7dc7cfcf.css","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /css/46431.1774008371298.7dc7cfcf.css HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-552d2\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424e7\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348882,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e9d628daba48b940e276f091325ad9d3","sha1":"fdad8ce2a89ba61e92793906f2c486dba4ab6830","sha256":"8335d1e28f036809b567aa56d38506372340045a62595b1d896dd659faf5ec5f","sha512":"ca21fb5041ed2e5dfc57f5080b7cfc4bfad2aa4f9e7556680d57ac7d82669ff16ee746998b3d016994ae96c770b8a582ef129b01f52e5dace961e2625cc15ac9","ssdeep":"6144:z4+4r0H8Tu4+4r5cRlGuEQUQ929sYbnpTP40:z4+4ZTu4+4La0","tlshash":"0774fa6caf1030ae15a7cb27b660f5199c36a443f9bfde9af3e53d580789a510623c13","first_seen":"2026-03-06T18:01:11.525986Z","last_seen":"2026-04-22T11:08:20.840114Z","times_seen":116,"resource_available":false,"data":null}},"time_used":485,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":485,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df764a2552\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:01 GMT\r\netag: \"209a79dd2654ebd211d71e0b0a604a0f\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y0oi6klC8iPXJsOcMtxIUPggN2ZlW%2BLpbAYdIa1bInm1C3DL1EaJenTKWZEEo1qAYzG1laX4o0EsIDlNt9aMqTylWQbj7EXbznYeSaZe8oRhTvu2jJbHkazLPfLuXIatVUnlp8rQbvvVAQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492c3fd350-FRA\r\ncontent-length: 15438\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 6790431958725549369\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15438,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"209a79dd2654ebd211d71e0b0a604a0f","sha1":"3639783354a2a3d14b090468592dad03a2ce9d8a","sha256":"c61e848d300c724304cc826272863bacdd6a1ee96bdfe936cf0494d5f8f290c6","sha512":"f242f15a7018fd8edfe58eb716c436c3ed404496a6669b221b985530d58dae478de18918f72fd986c83eb21439b85ede0d082d3e804ffb70df0f16ed3d47814f","ssdeep":"384:v33ZoVI43DY5WxPnFK9OMJuFUzYc4Ig30k8E2:BobD3xtwn+jc4IgV8E","tlshash":"ab62c0402d8ab1723ba1781ebbaef08c04b49977b45a764658b70471b66e4ae13960f3","first_seen":"2026-01-10T05:58:33.898672Z","last_seen":"2026-04-22T11:08:20.841069Z","times_seen":116,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":188,"dns":0,"connect":0,"send":0,"wait":127,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/27a47f26a37c420980cd21bc85446f04?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/27a47f26a37c420980cd21bc85446f04?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 29107\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 40926\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"27a47f26a37c420980cd21bc85446f04\"; filename*=utf-8''27a47f26a37c420980cd21bc85446f04\r\ncontent-md5: 8c2I2tnEViXldHmCC5oMbg==\r\ncontent-transfer-encoding: binary\r\netag: \"FvEDXiblKaOnn4v4235Jr1J0ysZm\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:02 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:9\r\nx-m-reqid: Do3cFlEYU\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: -sgAAADIUGPug6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29107,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 190 x 190, 8-bit/color RGBA, non-interlaced","md5":"f1cd88dad9c45625e57479820b9a0c6e","sha1":"f1035e26e529a3a79f8bf8db7e49af5274cac666","sha256":"ea06c29c19fb0287757594b70506d515f4327c89fe91c551c6bac6f5fde2ca46","sha512":"d67653fe4b8aa75d2a8b3311d3ef64f68acf95077e12b193f5b8c782b04d2175359f21e55de174ee7232662d87b7e1b8f92b0cf818aa031f746854e20c84838e","ssdeep":"768:Vjv8cvccToMzo8UzqPrR+E2rfokSJvEw8Iu:BTDUiR+E2rT2qIu","tlshash":"e2d2f1eba7076cfea14603193959bbabcd621c40b3a2ca3888e5f794dc404d43ed0647","first_seen":"2023-07-08T08:51:55Z","last_seen":"2026-04-22T11:08:20.841923Z","times_seen":60,"resource_available":false,"data":null}},"time_used":1925,"timings":{"blocked":227,"dns":0,"connect":0,"send":0,"wait":1292,"receive":406,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/44d27b0d6b9f4c76acb2979286bad763?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/44d27b0d6b9f4c76acb2979286bad763?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 20901\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36420\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"44d27b0d6b9f4c76acb2979286bad763\"; filename*=utf-8''44d27b0d6b9f4c76acb2979286bad763\r\ncontent-md5: UcjjCkyXW82B79w0+4GNUA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fq2ut6F_DIUwxO_DcdKarQiq2gtT\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:2\r\nx-m-reqid: ocDTSBJXU\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: B3oAAACbAlQHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20901,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"51c8e30a4c975bcd81efdc34fb818d50","sha1":"adaeb7a17f0c8530c4efc371d29aad08aada0b53","sha256":"d7eef2a96da73395164d8554a2ada4e5418f730c763147dc3ba2b3f6a0d87889","sha512":"07727066ea69993cf4d84931bded0dd55ab9c9e072a43685a37a6006c5e9cd165b2c9fb884354585bdb718913d9522df423995a698695458b22252afc2ef4155","ssdeep":"384:79u/INL4d1MJJPuv+2G6GJ4CPpXnWW47Dgh0ZXoK7ymda58nl/lfQuYH+HhmCv:7nLq1oE+x6GFxXb47seZJ458nldffHnv","tlshash":"f392e12b209581a8366bdbd6f39599328cfa4986291e317fc605dcb3cfd845f005bc9e","first_seen":"2025-04-01T11:41:18.037862Z","last_seen":"2026-04-22T11:08:20.842783Z","times_seen":330,"resource_available":false,"data":null}},"time_used":1878,"timings":{"blocked":221,"dns":0,"connect":0,"send":0,"wait":1282,"receive":375,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/342caa878c834f059c83e47bf5b6a171?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/342caa878c834f059c83e47bf5b6a171?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 17560\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 34616\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"342caa878c834f059c83e47bf5b6a171\"; filename*=utf-8''342caa878c834f059c83e47bf5b6a171\r\ncontent-md5: sbeYQss0HxJGNO6PkDBVdw==\r\ncontent-transfer-encoding: binary\r\netag: \"Frld7GdY55ny296hBBdDjNtulCml\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:5\r\nx-m-reqid: z2ZjEzhqK\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: JvAAAAC2K4WriagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17560,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"b1b79842cb341f124634ee8f90305577","sha1":"b95dec6758e799f2dbdea10417438cdb6e9429a5","sha256":"94b287b928dd9ec7c57c13cc0f590565d471ec8f9d8d800fa7856daf06e42967","sha512":"c627851738b270ac15cb5f67b0038ecd78fdf096f8a7666d4b09c6610a651b2dd2325d8450fb3e7d0fde418953267d4e050975481b7c3eb8a124762b7d0191ff","ssdeep":"384:/EFutJtIj08NIs5KCW8H9eL23bqZ+mC2+mPqsqqx1EBbWqy:/EVj0WWpsbqsmwm3qcqaqy","tlshash":"a972e1fea1dabe194d800ba76b026975e6034737074420dce99cdd902361af75c9773b","first_seen":"2023-07-08T08:51:55Z","last_seen":"2026-04-22T11:08:20.84368Z","times_seen":46,"resource_available":false,"data":null}},"time_used":1712,"timings":{"blocked":217,"dns":0,"connect":0,"send":0,"wait":1261,"receive":234,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202506%2F_enc_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75c42538\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/db09a81736b24b25bd6ad4973b14bfe7?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/db09a81736b24b25bd6ad4973b14bfe7?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 70226\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 4128\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"db09a81736b24b25bd6ad4973b14bfe7\"; filename*=utf-8''db09a81736b24b25bd6ad4973b14bfe7\r\ncontent-md5: 8NC4G/q7JwtJcltSjzKVTQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FtvSJjVd9u0rkPVWwRo9kTSf2p5Y\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: UdiG0tqrx\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: aJEAAAAEgvxlpagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70226,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f0d0b81bfabb270b49725b528f32954d","sha1":"dbd226355df6ed2b90f556c11a3d91349fda9e58","sha256":"ac9c1bd6f0c3a22c2fc08b5c4639d0ac2c7b01a0c288e29e7e05064845f04325","sha512":"b1395291c76436b02fbc3b43a413e1355e348f6324922ae56b37c5d9639fe9ae8bea5c81b2fb035c1714ff857c44c7c8670e163d67ac63d0ae2b56d49eefaaeb","ssdeep":"1536:chKfIoNbjovoMZ6y87qVJKdPaAqgmUT+7zwuQVy:+K9u54wRAqgm0EQVy","tlshash":"9d63f1e798f1322cc46d9a748c9434935e5c02937920fc61b8dc9ea95f0af837cbe41a","first_seen":"2025-08-21T07:38:34.867169Z","last_seen":"2026-04-22T11:08:20.844697Z","times_seen":18,"resource_available":false,"data":null}},"time_used":4749,"timings":{"blocked":1296,"dns":354,"connect":255,"send":0,"wait":1260,"receive":844,"ssl":727},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/pay.8f35ebe1.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/pay.8f35ebe1.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-154d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 454121\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7132251f\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 492 x 132, 4-bit colormap, non-interlaced","md5":"05d444b76263f6958a37ac82e45daa67","sha1":"a067d3a654da1ec4c51d8f049aabaa112183e355","sha256":"49166910b376f5487f30174e60fcf13aaaca9620ef1aa58cfb2c94a8c111ea8d","sha512":"7d276d57b068ec4a0125512e0781c501a96bf6c30b30304d247251190c6421a9ed7a03ec208a590d19d9a1183e3837b06d141bddd99abb7b0ee4e2a1ba28b28b","ssdeep":"96:u9g9Yof8+keuD1Kai/MXG5BHMsDiCNPFH/qX4iWXnqvcIzDRHSVyl07TrOKCm0R4:u9g9rJuYai//7FiSXnqvNYGmrOKcPwzp","tlshash":"74b18e749d6efb2a26b315c30d7499c21ea45c9e0d94f1c2244776963c732de3270985","first_seen":"2025-08-29T11:05:53.301829Z","last_seen":"2026-04-22T11:08:20.847667Z","times_seen":1201,"resource_available":false,"data":null}},"time_used":713,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":713,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df764d2553\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.910Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:26:39 GMT\r\netag: \"c52d2466fd690c6aa6227524649af402\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YX3rEO02dDOqotcIRzDDQIELc%2FV%2F98eYbtwolfDtovOZ5s7urfGmQagAGYZu91hm1IU66d00vE6YWg1jCs%2BljUowRaspZnD5Wegnx%2BDupq%2BS5%2BX3bljpWFdhynpagTMSlAwEBMyA2mB%2FOA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40494900dca6-FRA\r\ncontent-length: 46184\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 16512366958445730694\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46184,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"c52d2466fd690c6aa6227524649af402","sha1":"bbd8e713eb731312a8960ef8933b71b5cfdfa34f","sha256":"3103ce7f7dca2abb49efeef4628884734cb5c267f1502b2b33bcbf8647a310c8","sha512":"0c3981540186ec40fb01b5ab3496d736fd552d3019c1a8521a72644a6176756951de203f0cfcccd8aa6be67f76547ebc6e06ff4e8a3dd85780d1fe7d1e7d91ad","ssdeep":"768:9s+YB8yjw8RTKT4uT+QCkrgAEnaCA/RE4qehyRcQsII+IYJxT8sJk2RaA2b:9sDjxR+LT+vkrgAZ/R1hyqQ5IeJxTbR0","tlshash":"1d2302781bd5a7b7cec731f89ce2890a4d17c2d5d483b066bd68abd6aa114c1f4c0ed1","first_seen":"2026-01-10T05:58:33.861593Z","last_seen":"2026-04-22T11:08:20.848679Z","times_seen":116,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":125,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/5111b04292e344989a8e97b1e19aa5d9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/5111b04292e344989a8e97b1e19aa5d9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 81766\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 65206\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"5111b04292e344989a8e97b1e19aa5d9\"; filename*=utf-8''5111b04292e344989a8e97b1e19aa5d9\r\ncontent-md5: 5ezQVTiF8aOvcxdY3dzi7A==\r\ncontent-transfer-encoding: binary\r\netag: \"FgfFTo3q_IS0WIPJGx094i0c0HLU\"\r\nlast-modified: Thu, 16 Apr 2026 19:28:37 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: VJiWiPvK7\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: HqQAAAA2winZbagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81766,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"e5ecd0553885f1a3af731758dddce2ec","sha1":"07c54e8deafc84b45883c91b1d3de22d1cd072d4","sha256":"6bbafa08d73b473f020a3276dc719cf890e607168b2591a9d12b4efbe426916f","sha512":"29b4caf8b0c068bb9bced69af1a5db24e404468d08568fa0a1421abd40f41c8f6a99462ae68e90d7d75fbc1480bfa900b56d34b0da2b2e733d247e6038c6f27a","ssdeep":"1536:fDFvjF9e7fVvXWEw83bX79Otjfm5SqQ/djZLKOC/DCm02b:fxvjF9e7l93rktiIn/3hCr","tlshash":"a4831267aa82baa30e73517834f4339ca29534780ff5cc8215561ed4fdf89ed7a2a510","first_seen":"2025-07-30T10:38:02.639508Z","last_seen":"2026-04-22T11:08:20.849593Z","times_seen":204,"resource_available":false,"data":null}},"time_used":3269,"timings":{"blocked":1029,"dns":0,"connect":0,"send":0,"wait":1089,"receive":1151,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/vs.21f89f73.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/vs.21f89f73.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-51a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nage: 448231\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7b9025d2\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1306,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 28, 8-bit colormap, non-interlaced","md5":"41cff06a80e61ee3fcd32f7c29a6493e","sha1":"bb70bb0a3a0fde7a132788777aee629392c756e9","sha256":"3240fcea2e4168dc863b8aea602750e6a1fe11a557c18ac6a381781ef487746b","sha512":"fce7ff9f62b51c4f8994f0a8ec4a56f21570d0cd163471d99b357eb0a9a735c800b389c4a8a611ba441b208cea7eb483140042f5d11ef110b591c1c1898bbb8d","ssdeep":"","tlshash":"e921eaffe15b2c75ccb59bb3bc6c12656809582970866b137125e7588c539217f0c461","first_seen":"2025-08-29T11:05:53.184813Z","last_seen":"2026-04-22T11:08:20.850589Z","times_seen":1239,"resource_available":false,"data":null}},"time_used":986,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":986,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:45 GMT\r\netag: \"de74f0edd03d014ad273645588230ca5\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RQuYvs3Kmpzc8i1KzrrPaUPdM3CJUv08ngIuk7toj5G7Ka34NDuHqfPmEuD3xfWSvvFD%2BlNfWL%2FhlUeni3nlHnChx7TEnzMPu%2FclJ4RvNhS%2BTvLAj1UO6Dj8eaEHgiKcjOQlkL8FjUeIBw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40490f08dc6c-FRA\r\ncontent-length: 72698\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 6741816354953070894\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72698,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"de74f0edd03d014ad273645588230ca5","sha1":"04f654f943053cf12ad25c034c307ad6b1fba8ff","sha256":"fada7da48bd79d1c48a7068f5a3befa6bac8c5a2266a65a4dba58122d7a1807c","sha512":"57e6cea62619806c4da73b08ffaad0a0cea21ba3fb093b4cdf7d52e0e1174500c67e8e7159fe7fe6f74b051cc4ca2da6aedd3819fb80ac2a28093216c0c84736","ssdeep":"1536:rYxIgPfY+3lbLKrfSQK0ds+ePjygtx4Ifql:r0vfY+3lKrq4ds+QJtx2l","tlshash":"4d63020b5a1dcd560ae20441673a5bdeeccb2324e2b535c5a075fcbefad3f75414281a","first_seen":"2026-01-10T05:58:33.788326Z","last_seen":"2026-04-22T11:08:20.851413Z","times_seen":116,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":268,"dns":0,"connect":0,"send":0,"wait":119,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/024dfdd938b1487db459020d9485344b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/024dfdd938b1487db459020d9485344b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 54142\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 58024\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"024dfdd938b1487db459020d9485344b\"; filename*=utf-8''024dfdd938b1487db459020d9485344b\r\ncontent-md5: CWi7ioZE+0S1gcSetpb9LQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FnQYmDIF5GNICdqo4E8jzlTRV9nu\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:08 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:8\r\nx-m-reqid: 6sKWxT08T\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: dXQAAAD16lxhdKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54142,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"0968bb8a8644fb44b581c49eb696fd2d","sha1":"7418983205e4634809daa8e04f23ce54d157d9ee","sha256":"87dac5ec07340804d58dfe54c5a20e20835bc1c5dd066a34215422db25637830","sha512":"baeec27cd7d7e3f91b477fc26d873af98bc556d067b5137cd599cc87f965abd66095ddbb475b3dd3144ce28031c71bd07c9ee285e3b553d283aea71440b8f095","ssdeep":"768:iSDik3Jwb5VEi07aI2bujTteEfk0zq3QqEGFGAeaynrIY44Z/ZEr0jLtggEnHWzE:iSDiR67aI0ujoT3QqXGA2rDTjZgdn2zE","tlshash":"d33301ec8fd6338627e464bbd344d25a898ddb16c99f08a4ff467afd6865911328002f","first_seen":"2025-02-04T17:13:00.980594Z","last_seen":"2026-04-22T11:08:20.85229Z","times_seen":167,"resource_available":false,"data":null}},"time_used":3157,"timings":{"blocked":1024,"dns":0,"connect":0,"send":0,"wait":1292,"receive":841,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/50bc02083f033800a5c2c77b40c2422c.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/50bc02083f033800a5c2c77b40c2422c.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 10399\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"d8054effde60a8702b54f5091c966e1d\"\r\nlast-modified: Thu, 06 Nov 2025 04:03:51 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18A8824CDCADAAC3\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 3297\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yCYZCxqWHJPvt2b%2BaKMMvJZ1nlSqnSk0e0a8m9ARCsghYa%2F%2FkwcfVs%2F462dRWhMyiWGPai%2Fj1ndLZ84t7dXKGDvfrJU6iuOVX8MVq8V4pdzc8nY63gK%2Bd33i%2FlIY6YwXCgk4iQ%3D%3D\"}]}\r\ncf-ray: 9f0429f86f92723c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10399,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 271 x 271, 8-bit gray+alpha, non-interlaced","md5":"d8054effde60a8702b54f5091c966e1d","sha1":"e94b78885cbc183ea81b2fd7b2c9e9f99a4ad2df","sha256":"a3257989035bfb87fc7972891f46e5fdf462518c4330f0609f32aff7fe44caab","sha512":"f11319488f5705935fb281f1a3d73b7daeb8837d200297c6f0954a1c66764769271eb0e519c79655098f465c2cd512b0b7f5fa24c80c08c94ad3b2e9d036abcb","ssdeep":"192:E7DR4Sd2aHHpnLPzmmXUTxddr9unC5ROh6Gnw686wXqOwuJjfacPpvm:E7tGwHTsFUnmGvMfJjfaopvm","tlshash":"2c22b04744edce941d0ae03b4722f28dd3f565512a3c47e4147874bf785a7b1be8a883","first_seen":"2025-06-12T02:01:23.969751Z","last_seen":"2026-04-22T11:08:20.853104Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/012d138d3ee04b2eb5544991a10c101d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/012d138d3ee04b2eb5544991a10c101d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 21673\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 28866\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"012d138d3ee04b2eb5544991a10c101d\"; filename*=utf-8''012d138d3ee04b2eb5544991a10c101d\r\ncontent-md5: C1OY3946Ti02Lk1AOyH2Ig==\r\ncontent-transfer-encoding: binary\r\netag: \"FjbmlSiIoA2wFoOgogitS4MBCLI8\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:24 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:6\r\nx-m-reqid: U42zgVPjT\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 31cAAAAgtB_mjqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":21673,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"0b5398dfde3a4e2d362e4d403b21f622","sha1":"36e6952888a00db01683a0a208ad4b830108b23c","sha256":"03e2fdd629714bbdcc8f8ff0e68ef7ecdeb22726a72b97c4b69a922688f21d69","sha512":"995de9adb2bb0e5916c71ad4ce52c14c89449e164125cb623cf58205274193639977498a11ee7c5454a0ff4f22bbd1ad18385e191328df10ace741bec9b149f7","ssdeep":"384:Vi68KXX5vYA8aP9yTGRm3BcP7rJAAhp4R4hcRp26XS63c/pXrERD9G:FFHGeP9yPkJAAhWiWR4t63YgK","tlshash":"daa2e0d126a9e8498fe24d49cf20beb04a2884758d71be663e5b62d47703b30e7dc459","first_seen":"2023-11-10T19:11:58Z","last_seen":"2026-04-22T11:08:20.853939Z","times_seen":183,"resource_available":false,"data":null}},"time_used":1710,"timings":{"blocked":85,"dns":0,"connect":0,"send":0,"wait":1274,"receive":351,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/api/sport/match/player/match","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /api/sport/match/player/match HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nx-request-source: https://h112g.xyz\r\nXign: Zal/DLfq2yifW8K1CUSIxXvJGmy09LQmjUCKyEH5cG9njZ7PcJ902MA6l9u8lGvyusQM5kw7FalW/AryvFd3V7fLc0nGewHIYi8xK0TpZyj+/2B2vZwgoQ2AWLzPnzygT3kzuGdFli+A+8pIYyRcLJ7paGe94d/z3qxScY7f/IQ=\r\ntimestamp: 1776856037130\r\nsign: es3h5f4q6j2b5f7e\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7c1b25d5\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ad1b5cbc37e087c212a41eca07a863ae","sha1":"f990fb40077ca4c90bbde8ffb87c73e1c06fd931","sha256":"0fca88eefe8bb5f59242b88e2b8b179148a088b4cde3499e1c56fef8c84c309a","sha512":"fe056eef22791a958cc37f63c1cc4b3f35bd990c34d1d321f34504b7b99769b571fe46cf18ede31f7ca0e564baf63aaca9d4f3601395bd7a3ce424e50a2aaf87","ssdeep":"","tlshash":"56a002473a282ea49bc31066b50e7a5500a421749a55f469cc8e623dc755453b546531","first_seen":"2024-05-26T00:49:06Z","last_seen":"2026-04-22T11:08:20.854753Z","times_seen":1339,"resource_available":false,"data":null}},"time_used":848,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":848,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202502%2F_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75ed2542\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/config/initGeetest4.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /config/initGeetest4.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-3a7f\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424e5\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14975,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"87855e19802d75b55afa7bcf3af515c1","sha1":"4af373375728a98d623f2299a68a91e150f2672e","sha256":"9ec8a5ef8c8ffe369dd1a5c4730dce6570c0d90955798c0be4ac04ef1c8f4baa","sha512":"3baa6d9e916abfb3d38b7ebb9372c5987e8f10534bb978383751c0094f8f5a3e764f9b8e44a73d9d4871cbaeca7e1939f0ffaf9499af5c4a71f64c3588167d85","ssdeep":"192:23aP8Ha0D+Nu5dq+EvNiqc4K25MB5VYaiQwSL4SScQVy8QRHIsGiz0iX9rES6Myy:2fe61w1iXKb2sMGUI+KQTwwHlB","tlshash":"00621d0d68f764534553b4388b9fb014b5388a53042cde41be9ce354afa843d9bbabdc","first_seen":"2026-02-16T20:32:40.162764Z","last_seen":"2026-04-22T11:08:20.855896Z","times_seen":225,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/65246.1774008371298.c40b56f1.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/65246.1774008371298.c40b56f1.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-11f2c\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70c7250f\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73516,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (48688)","md5":"ed1a382c70d231f3a659c2acc1658eea","sha1":"de0ef21e4aafd93d086ffc396323ca5c190c6412","sha256":"2a20c3f199887a60f91fdbde7abf58e080ca48e3238c940a5ead402daf9cb7ab","sha512":"a303e2c93fab473f86567fd222719fe8c1151e43f83d0febb54d23eaa68aced7f3dff1e5743cbf549f801e789900d9a78d28c4e853ee4b154ec3bd76e14ca8a3","ssdeep":"1536:/2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:++iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"e573a501f78272384fa7e290220f2026e16e191505ac5ad8f179ffb93ef4954aa7d7b4","first_seen":"2025-12-28T13:10:26.276855Z","last_seen":"2026-04-22T11:08:20.857351Z","times_seen":221,"resource_available":true,"data":null}},"time_used":534,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/appdown.6e7c9177.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/appdown.6e7c9177.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/index-399e2569.1774008371298.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-277f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7132251c\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10111,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"716d097b193628397635cfac41b561fa","sha1":"545d1876219bed15fe850a499a08322de6a26866","sha256":"50276d87fae9c1e30a32c32b4e90dcc2e227cabb4e3bb1d60ecb22fb50c5f2ff","sha512":"47ea5928e921bec4ce4d9c807ee921f6115a6dd27af6fa7325e6d988058d22cf36c03693ebc56665203809cfd6d008cd410380e688e90b36d7eeec18ce6aa92f","ssdeep":"192:cALsiDRih/bWKl4Hq2BHZE6+3paMeCsuTvB6hi6tswYmd:lBEv2Hq2BHS1ZaMJtB+tsud","tlshash":"4622d047a584327b826ec79c8fe98c112470ad1ce6f04d5ac44e711128e8df3503baf2","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-04-22T11:08:20.859039Z","times_seen":1260,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":715,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df760d2547\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 15:07:05 GMT\r\netag: \"76d1f22a14240df440d611d67b4d223d\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IBZ7iGKF8%2B1KeoY3lQa%2FvkiqPwnLVIjsDzU%2BYoOfzEZQ9RvDX6pXkIF2kOlJA2k80fSUzPwHr3c7ZrKVerDmbdR6lMt9UVtbJ1zjAvywqGx65VCkReU05NYpv8GOwNd2U0rUV6yZPdnjIQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049df18028c-WAW\r\ncontent-length: 10174\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 9189922586745801251\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10174,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"76d1f22a14240df440d611d67b4d223d","sha1":"d2c9f1fe53e81fdc12ca7cf1e23b6cd142f9bfcc","sha256":"6b641b4f6a3a283a49403efa4df8a8c0212601eee6b7e5369616e82654a46ea1","sha512":"9e1c0fc0455e258855ed79c5f4f625c2079143ea9937ab43387200f6ea7befbf9e1985c97c5f568d93b0a94a248f734e4ef6d96008f8f8212dd93168b24fd7fd","ssdeep":"192:OIkarrboesyPUh4c/gp+sIR6RxWiH21vZgiClgKV16Lq1eM9h0K+B5pZrgVWPWoi:1k8rboesiUec4p+sIAYkgK7eQ09B5pZz","tlshash":"e222bed269c948a0f5d3d62229578a89d3be3c0f031db2d4acacb4ce9886dbdd4d4a41","first_seen":"2026-01-10T05:58:33.791606Z","last_seen":"2026-04-22T11:08:20.859969Z","times_seen":116,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":196,"dns":0,"connect":0,"send":0,"wait":86,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25cd\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22430,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"01cdda84f7c571c7cfde4756e7d5126b","sha1":"16e18e2ba317de2d047f6adf3719abec042a0f43","sha256":"1e5212ada81cbccbb9807f56043fbbf999155441f5d39481a0adeb6613c411c4","sha512":"7ab3b1815054542d9d87f4cdfec453734fd73ebd5e589dad3aac38c8af4e66529d8b057007842afde3bc7a3ce1889cc3bfde7be41f7efd52874f4dfc0f57cd8c","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMuk:5RVqrJUF8iNYiKop/E6wkpcuk","tlshash":"38a23a6a8df30a762423203a2f7fb1086ab1c0174309ed443e4df7594fd59aa51e3be6","first_seen":"2026-04-22T11:08:20.860747Z","last_seen":"2026-04-22T11:08:20.860747Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":849,"wait":1028,"receive":1453,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:25:01 GMT\r\netag: \"3355a86fc0f4b383a45510e1270a1fd7\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pwMEO2yZ49nnxpVK3NRhIYvYofx9OjSmSMKFwfE0SlXYdAfjdwfzz6yW76hCdWXzfi%2FMNMEmyUmakGChWXeSg1Zlk%2FadAjmAyeBB2UvsNhnZZH1srUO8%2BgaiwIQKczpqU7sbqsE5MSrR8A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9eec4c2f2f55dbb7-FRA\r\ncontent-length: 73462\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250257\r\neo-log-uuid: 305064246579868360\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73462,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"3355a86fc0f4b383a45510e1270a1fd7","sha1":"dde3c8d2b82553cc1eccfc7b70e86a18a308a2fe","sha256":"75c93e454fc814e8aec32eb80b089d68c524fcbfd2aaa2ba9e8f706e16f55451","sha512":"3df1bc0718c0bcdc0b7b2ff62843712fda939cbe986a44e3dd57ad5c687ea9c8748445b7ad990b911c5662d0cfe63da3cb3e7d43a28c9fc5989a2303c82a22bc","ssdeep":"1536:dNU9iSoOFwtZ7MTOwbD5vjre3CDYP9B7/+wbU5yMNg7Rlbpecj:bU9vm77MTOwP57mCDY1cwQslocj","tlshash":"3e73028a87e1f2c32e756ce211792dad416066763f7ef6262ceaacb187604d54a04327","first_seen":"2025-12-29T19:25:02.003586Z","last_seen":"2026-04-22T11:08:20.863466Z","times_seen":844,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":96,"dns":0,"connect":0,"send":0,"wait":126,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/index-399e2569.1774008371298.c3f996ec.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/index-399e2569.1774008371298.c3f996ec.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-5c89\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df693124f3\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23689,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23689), with no line terminators","md5":"7281b0c3d5b81d6d50466efdf4616bc9","sha1":"9cdb8fdcc72d98626e6de1148171433ea36cc670","sha256":"3c2d80ca77fe1edd82ed47c962b352972ca03fee24f7c1676b49422dd72571a1","sha512":"993bf96fce0cc88af80aa0b0b0985ff637f4ef2f34b180817ade85a5f3fce54fd2ba01fe6a13deb8c2f7f0477f9f1b6113455af5def3ebba1d5d3ad946b15fcd","ssdeep":"384:sZSANHmDGlVaJPzBTbUyB+r0hb0VtzgAHKdDNZaloL2Tex5F3oWf0Af/nHtU8B:fnDGboPzRvB+YhbYtUoKrZ0A5FYxAfPv","tlshash":"d9b2b5e63392bdb8c24f9276f23a68ecc43f9141c34fc4f8d265bd947c98604a952784","first_seen":"2026-03-20T12:57:26.675029Z","last_seen":"2026-04-22T11:08:20.865401Z","times_seen":99,"resource_available":true,"data":null}},"time_used":845,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":845,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/home.1774008371298.7efffea2.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:14.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/home.1774008371298.7efffea2.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-2f3ea\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856034=g54iPfEydgw012d6wpp1pBzrCCA2Rzo7OV4+S5PLmIYcgnZuNZkRMoBvcVvU75kzoHH4/yuhI5jk8jPYFs3GP+pua82nJrtzTrlOzkYWXYfk8gcqADM9RKXuzuCSEwc01XQhQ7XhfxNqThEosQwGV7RTuFMlhrqpDudfSrlQWwCLmTeoeGt7D+5lv6euTFgx\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6e6124fc\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193514,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64126), with no line terminators","md5":"638bb57e93d3fb016b31570897194907","sha1":"685131d157d0143d2d702cd269121fc822c2c686","sha256":"b351fe7403bc37cdedb78b20b0b62c6c5abeb5734d9e7a07789cf236e895a751","sha512":"c3d18f43b130d5aad58cb6a306e607572bd7b9741f9382c8fc4468473196a990df3b11f703c92f0402b1c564ae8e519185a419ab5ec67debb03aa7a0b78298b2","ssdeep":"3072:f+YNGVSIMctwiYJBuoCQuFdBlGLuJuhxffj7TEOiGR2p:f+YNGVSIMctwi+YjFwzffjAGsp","tlshash":"6b140880b5f0e275576fd2b7d7371024b2271686d0ccac60e1f66b187e28796b236db8","first_seen":"2026-03-20T12:57:26.696741Z","last_seen":"2026-04-22T11:08:20.866788Z","times_seen":99,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/logo/logoWhite.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/logo/logoWhite.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:03:35 GMT\r\netag: W/\"69bd3797-547d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 454122\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70672506\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21629,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 318 x 144, 8-bit/color RGBA, non-interlaced","md5":"0fe99b7761db545277ab76a5eac225b7","sha1":"c0ae9d5f9473be88b84d7d46d1efc51283a57a76","sha256":"e74b087729f820069fc590a73411d4b19d3da8a22ad1d127d4e4109be832cd97","sha512":"848f1da518a00ef98cf0e70429260b91720d3f139ed89714536d0a267aaacb8acb9779dfb1c0b42b134f81cb1ec0f5af97a160f1fc327750b111e88d7c6cc239","ssdeep":"384:Ok3FHRYfLVQEST+Yh9YDQiIkXnq3H+PxYi5JLL5PI4v2Kee/0Aytd:nFHRYfL+r9AQiIk0H+ZRGQHee/yr","tlshash":"aaa2d0d63930414ec49128de0fc1b9285cb6858847fd1e944f9f5eb2b4a3df62b4b368","first_seen":"2026-03-22T09:12:55.770605Z","last_seen":"2026-04-22T11:08:20.868432Z","times_seen":94,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":324,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75bb2536\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25cf\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18750,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"9d013ed32f0c68229db0be74325ccf7f","sha1":"bd6bbe5fb6e8a28d26856cde63f14582c175f2bf","sha256":"c1950ac795526bc22f353af20f47b30d698b34a589351d758dc4b571cfc321f4","sha512":"5aa828277b89154052e899076e3917fb37a97fc49901c34933bfe8315b15b6057888866760a7f4059e6dc9155de808727fa67affc84cf279ee963c7a6817c269","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZc:5RVqrJUF8iNYiKop/E6e","tlshash":"d3823b5b8df748662523202a1f7fb2087a71c0574709ed803f8cb7584f95a9f45a3bd6","first_seen":"2026-04-22T11:08:20.870083Z","last_seen":"2026-04-22T11:08:20.870083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2849,"timings":{"blocked":-1,"dns":0,"connect":0,"send":759,"wait":1027,"receive":1063,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/541924598a134405aeafd53e187bc02f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/541924598a134405aeafd53e187bc02f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 16928\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 38206\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"541924598a134405aeafd53e187bc02f\"; filename*=utf-8''541924598a134405aeafd53e187bc02f\r\ncontent-md5: STey2IjcZ8r/Ffevkdm9Qw==\r\ncontent-transfer-encoding: binary\r\netag: \"FpLB25DS44EIgMeLFc4mcJnesTAB\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:06 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: 2xxwlwfES\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: WmMAAABo1qRnhqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16928,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4937b2d888dc67caff15f7af91d9bd43","sha1":"92c1db90d2e3810880c78b15ce267099deb13001","sha256":"1006b31a4ffefe271fd3656dd596cfa643390b4e262607ba6c9f082793ed2447","sha512":"a322741554f0f0684b41f24fe89605aee4a4ab1ca82b5c82582eb7a8aabd54b9862bd7361a8150ce85eeb545a1f446c63f92761ce5390e3de617cc4101959262","ssdeep":"384:0vuNPv5LIGCWQwrrANImBGsfPZOCFICqDwin22IrIbo:0vud5p+wrrAyKJOn7winUV","tlshash":"5d72e0f87f4418b02ad8e48cad6ed8146f52ecef744a054cf18ea8611450f6d52f436c","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-04-22T11:08:20.872783Z","times_seen":77,"resource_available":false,"data":null}},"time_used":1856,"timings":{"blocked":227,"dns":0,"connect":0,"send":0,"wait":1285,"receive":344,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rcf-img-hk.gasdg646fs224cn.com/202603/_webp_size1080x1196_b15d1708-bfce-458e-bd99-5bc1134b7122.png","fqdn":"rcf-img-hk.gasdg646fs224cn.com","domain":"gasdg646fs224cn.com","tld":"com"},"ip":{"addr":"172.67.190.197","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"e61ca915.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 05 Apr 2026 16:34:42 GMT","end":"Sat, 04 Jul 2026 17:34:32 GMT"},"fingerprint":{"sha1":"C0:B6:23:89:86:74:7A:F5:AC:0C:AF:1C:EE:19:4F:D8:B7:D7:95:F2","sha256":"10:18:0C:17:D9:D1:67:DD:B9:E1:BF:E2:12:69:89:F4:8E:22:F5:84:37:49:C4:BD:90:B9:DC:F7:C7:F2:37:59"}}},"request":{"raw":"GET /202603/_webp_size1080x1196_b15d1708-bfce-458e-bd99-5bc1134b7122.png HTTP/1.1\r\nHost: rcf-img-hk.gasdg646fs224cn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/webp\r\ncontent-length: 48628\r\naccept-ranges: bytes\r\netag: \"170614bf75e281d0f05503cdeab75a59\"\r\nlast-modified: Thu, 19 Mar 2026 14:50:59 GMT\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r1pvN6XHHfqL%2Fwfamdkps1pEKb4uPizErfOyo7Pvyw4JFVEVV%2BJzA%2FPYIt67jjU1iDiMjs5M7ThNxwtfRzf2Yfbm9oL8sdwRKq0MMFSQod0qsSKLl6kqQOIu9aJ6XJNTgsufehz9qyGjpoUMD7C%2FWl0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 72777\r\ncache-control: public, max-age=2592000, immutable\r\ncf-cache-status: HIT\r\ncf-ray: 9f042a0028db56c9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48628,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1080x1196, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"170614bf75e281d0f05503cdeab75a59","sha1":"32025008b56adf94f2a64724f1b00f55939db943","sha256":"010f104d5782b172955179537b5945b89f7a5ac32185a63d67ea5405d5c13733","sha512":"e11fa01405248d40ad8f95f335734207193356f418418955cafc6ebdfa04f5a08d8e304d23c34b211fd9dc7cdab36710694ccd0585c79778a156bf214750346a","ssdeep":"768:tk9BmrgO1s4wjUc8pqYtHwHGvhSgV1iCdmcmxWSqZA16T2rrKhv0cQ6ZQOc4vS9P:tkbmrgO1srjUtkEn5LTdmcmxnqC0aKhm","tlshash":"4223f124d4de0cda1978e776f637574cdb8b325fabc4601f82c9499f800ab04c6628ee","first_seen":"2026-03-20T12:57:26.684793Z","last_seen":"2026-04-22T11:08:20.873878Z","times_seen":98,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":23,"dns":22,"connect":1,"send":0,"wait":17,"receive":3,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/20a1bf652a00485e839d782c2d280a3b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/20a1bf652a00485e839d782c2d280a3b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 41506\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 58024\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"20a1bf652a00485e839d782c2d280a3b\"; filename*=utf-8''20a1bf652a00485e839d782c2d280a3b\r\ncontent-md5: +Qjxz9uhdIfOkFP3wA7zmg==\r\ncontent-transfer-encoding: binary\r\netag: \"FrK-53_AaaNYAtW3HxzPHNYELf1i\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:1\r\nx-m-reqid: lXFOB4ouo\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: SLIAAAA991xhdKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41506,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f908f1cfdba17487ce9053f7c00ef39a","sha1":"b2bee77fc069a35802d5b71f1ccf1cd6042dfd62","sha256":"4a8967941cad1617594d4d19979d30048464e705f2d59cba860a3c9faaf37480","sha512":"e1760887359009203147109d799b0dc5c25ad8f5670a16b71c15ad05d4b46e441453812356a0a9fb15477f89e27eeea9dd2ff34f72777cd3528645c4c3b3807a","ssdeep":"768:kYh0gfd5Y2LmFZV/1Gx6wjBnmsyW2kLJ5FbStS1OujduPwanvl6ItMhv:ztFSgtlk9kN51S01Judn964Mt","tlshash":"2813f268c1c694110a373c7d640c58f8b89fceb4c9fb96dbc4a7b8131d1c425575a7ea","first_seen":"2023-11-01T21:19:41Z","last_seen":"2026-04-22T11:08:20.874827Z","times_seen":186,"resource_available":false,"data":null}},"time_used":2804,"timings":{"blocked":966,"dns":0,"connect":0,"send":0,"wait":1089,"receive":749,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/275e463ffb6a4c0095a31adbf5dace59?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/275e463ffb6a4c0095a31adbf5dace59?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 25643\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41828\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"275e463ffb6a4c0095a31adbf5dace59\"; filename*=utf-8''275e463ffb6a4c0095a31adbf5dace59\r\ncontent-md5: smAufVVZjotwNwJ3iYHkag==\r\ncontent-transfer-encoding: binary\r\netag: \"FvzbPe0DrChiQr6XipNJb01YMKkB\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:50 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:4\r\nx-m-reqid: 4VlRPMlRO\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: pNMAAAAPyUQcg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25643,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"b2602e7d55598e8b703702778981e46a","sha1":"fcdb3ded03ac286242be978a93496f4d5830a901","sha256":"8fb093b13b46ca32eb38410c1fb151c9058fa4d0ffae0d585090ae27963e84e0","sha512":"03411c37467ca9147988ad2de40c5246256724d70c7438cfda38766cfd0449ea02461c354265011b09a49eb04c1d591c4cbe8a378ebc62f10318131ae136bf42","ssdeep":"384:NfLI3kzefrNhvXwKxYAK683s5PV/DPNA32jUQS9juv5ZHdaighJc5c:NTr4nw0Y8RBDPjVr5dU6c","tlshash":"27b2e1f73c34fd38bddb5202ba3129067f1eaac73bb6168a0584cd8de860c85595a707","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-04-22T11:08:20.875745Z","times_seen":83,"resource_available":false,"data":null}},"time_used":2468,"timings":{"blocked":904,"dns":0,"connect":0,"send":0,"wait":1277,"receive":287,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:19 GMT\r\netag: \"d0e3b3b8ab5b8a14bd815c33b4fe2231\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vmzjKUs5ON7Rw0VRvA8oy7AnDiBdGkfZCySwRMqsloPxVaB7HnBCJlDkYCF0GaICdqeTQh%2Fx%2FFHv4a2h%2Fil1%2Fx2d7hP0wQ9HxOla%2F5KXE7VhOIFiN2f5EIqbO%2FmvGZvI13%2BAROHniqWCPw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049a96bd565-WAW\r\ncontent-length: 178321\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 265565828841498859\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":178321,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"d0e3b3b8ab5b8a14bd815c33b4fe2231","sha1":"514090e57e4abd092003c0e70ee1031f9eb30957","sha256":"63a370dd26df5e7104cfa502af65c92c6fd46e8ec486cc74d1b64211169fe9e5","sha512":"f41b0118149afa685ec30fefbd953197e8db37be134295ff7a76ce45bdbc55235d0cb89e3f908dd696353bc7412ec5eda1fe1e925d9dfa147026471f3b251afe","ssdeep":"3072:dnMfyun8IhspJcDnsyIKybNZZ8a0hobkT7ICDhSxrQHcAV:5myDIkJcI18ebeNHL","tlshash":"df04129aa304dfffdb7d2e3319aa221772530be0cd07c85692f63691401702495a3afb","first_seen":"2026-01-10T05:58:33.834913Z","last_seen":"2026-04-22T11:08:20.876638Z","times_seen":115,"resource_available":false,"data":null}},"time_used":468,"timings":{"blocked":231,"dns":0,"connect":0,"send":0,"wait":186,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c2\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2947,"timings":{"blocked":-1,"dns":0,"connect":0,"send":868,"wait":1027,"receive":1052,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6324b6fe851044a2ae4fb57609c42795?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6324b6fe851044a2ae4fb57609c42795?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 20882\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41828\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6324b6fe851044a2ae4fb57609c42795\"; filename*=utf-8''6324b6fe851044a2ae4fb57609c42795\r\ncontent-md5: zVHyz+JSW48BkKAMKLzudg==\r\ncontent-transfer-encoding: binary\r\netag: \"Fl2IdxHfAqi9C4i6oTUX2eCEQSz7\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:52 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: CN1w9HUx4\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: rgsAAAAE10Qcg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":20882,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"cd51f2cfe2525b8f0190a00c28bcee76","sha1":"5d887711df02a8bd0b88baa13517d9e084412cfb","sha256":"f804b3f445cb2fd89022d1aea7690d38a82f34008959fe9a2aa55fa6036455bf","sha512":"18a68300b292af272858c942f3c7f6aa4c740e21c04fd4c28c5cd7583a436abfb670aea8ce97094ebe01f7316b78992240b1787ede66f9b22ec84ae8b42471a3","ssdeep":"384:ryNgVoUT9bqjtxGm4wylZ5z693l4zJJNh7hOzWMdrsMxk/XP83zlbt:mgVtRejbKngCzjNAW+saPZbt","tlshash":"1492e0feb9e1aa287edfd004c80c5ed80fa137406531b3621b64f626509353779b55bb","first_seen":"2023-06-26T22:05:04Z","last_seen":"2026-04-22T11:08:20.87748Z","times_seen":53,"resource_available":false,"data":null}},"time_used":1979,"timings":{"blocked":709,"dns":0,"connect":0,"send":0,"wait":1087,"receive":183,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:27.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nx-request-source: https://h112g.xyz\r\nXign: L9lotgU0xihAqm7/AHE845rm+9Jcnsi/9cqL/C5+ENkByYI0Kf3Uo666nbwvwFHzskbQEiU33X9cLlAN4xXPTAG37gF+j7MoAT4ztZri0nAXd5eA16zRFN7yMbpcNyzwCAm1Tp8k1N83O4gFd/y1sG+zjSrfr21ZrvqpFYhllDY=\r\ntimestamp: 1776856047259\r\nsign: 4k6774169492i25b\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:27 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856047=i2nBrQqUPuVsMHpJSIcAIbq60Hfgu4+G+t6S5GYTBlvyvJCfs3c/bpeuIx6ozjEWGsWzdvmTWbRljbR+p6gcr7V1YesxvPLfwjdmO86QlqkyLIwnbL0PL9wz/ABjjN/u/WiJbb+IZLz8HIk4A4Sk4mn7nmrtxvtIK+KmRgZm7GEzpgzO18hmUHt213Zina4e\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df9f0825d7\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20726,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (19860), with no line terminators","md5":"82484d740b6f5bcb7c9fb6d007087c28","sha1":"6c795b4e3389fb5f16e6750bfa550613af28c71b","sha256":"4879a9503f4c03c4777480fa208bb20a53357c0eb3f15ff40531de02069fac0c","sha512":"7eb7a64f85715a829e99943264b9cd2b8e56db285883f98b4b78e2a6a2a3776c29db72abc39ee45936b1d368173677872906ea084a851a011a4cdf1c0f23e098","ssdeep":"384:e+Nh2rKmwfOm8C5/mXhX8mmQ+mdcWg4JwWsIpRe9BaZ0XM+Nr7ExuIS4aNeI2/Vl:eeh2umwfOmT5/mXh8mmnOc14JwWsIpRH","tlshash":"8892cb9281ed18d51f9c61e16e1e3b4c847eb95b0a9ef6c6ee0ecf0924b43f78640d21","first_seen":"2026-04-22T11:08:20.81429Z","last_seen":"2026-04-22T11:08:20.81429Z","times_seen":1,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"h37s.xyz/","fqdn":"h37s.xyz","domain":"h37s.xyz","tld":"xyz"},"ip":{"addr":"122.114.10.205","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T11:07:10.180Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: h37s.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.0 200 OK\r\nConnection: close\r\nCache-Control: max-age=259200\r\nContent-Type: text/html;charset=utf-8\r\nContent-Length: 426\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":426,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (426), with no line terminators","md5":"b854c238fd029427158464b60ebe7927","sha1":"d4daabb9280e6d3c7e10324e464c7916c92aa186","sha256":"ee100daeb3006dcf4d05fe36aff90c85fd1e57ae5dc12c9d8298e4d1afc4ef55","sha512":"4920115ff8bbadb6edb6ebd100d84c972a3a0c63f2f536c991751e4671be854d60669dcdf6a7022de474cbbfe06884c81480a8b3555c8dd13b38f00b29dc693a","ssdeep":"","tlshash":"70e0ecf72891857469f53287ea93bb553c1251c72e01b40140445ca1a51cf8ec639f99","first_seen":"2026-04-22T11:08:20.878383Z","last_seen":"2026-04-22T11:08:20.878383Z","times_seen":1,"resource_available":true,"data":null}},"time_used":693,"timings":{"blocked":230,"dns":1,"connect":231,"send":0,"wait":231,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/chunk-init.1774008371298.833a06d6.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/chunk-init.1774008371298.833a06d6.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-42955\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686624eb\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":272725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44101)","md5":"8bfe603e28e5e2ba4c2ce2eb194ad9e1","sha1":"da473d072f47cf9ea34b6b98768edb31d9bb43a0","sha256":"db49da0b3c77eeaabf0f5b7d950521830d16460c3d9b54a242d75cffc679a96c","sha512":"38d2f08ea71d52b838495954f50f4e8abde57dcca9ff6078491a0ddc0bff2d49dd770f98e5db3bb8aaad7c46b35541e9f1b26fca853c152d5d3164e0a61c2af5","ssdeep":"3072:WtwqhOIKENB85doKa/x5wc0dB5/J+UUknCqd7ACifMur0g/C:fENm5ox2Br+2nCoAlfMu0T","tlshash":"c5441b98b3d171b847cb52e5622b1035f6ba1c933098e4f0d219ea947f3168dd52eeec","first_seen":"2025-12-29T19:25:01.962012Z","last_seen":"2026-04-22T11:08:20.881006Z","times_seen":878,"resource_available":true,"data":null}},"time_used":435,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":435,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 09 Nov 2025 14:10:40 GMT\r\netag: \"2fc946187f7f1461045c70405bbac0d5\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u5jcYEEWG9cIRi0pauXGg%2FFPD%2F3RJl8qTV7669o%2B00RQR1A0h92frazKQHMXeD4qIUdvDFByS8fE7wWrSfa%2F62k0plsW64xF7Cm%2BAdQWQjPQBWEzncTRc3iYP7wk1phUfTuWyPZ6fp%2FbrA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492fd94dbd-FRA\r\ncontent-length: 7390\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 8492461039873237444\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7390,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"2fc946187f7f1461045c70405bbac0d5","sha1":"792317365bd54c3ff14fb09699146141b25dd756","sha256":"4e8825ec832d61d0cba5e9596cacbb5a39feabfe97d0ab196cc9c72d46e3a823","sha512":"c7fad0a7cfc94b36a4b7cc35258b9127956b6269e7311f473721156239df17dac29ed04f34d982ba24becc5261d2c7fb4fd92dcea2c2da135846e3ef0983ef07","ssdeep":"96:7r6jHvysggvfrPtYvuy3/9Ic5G1SB2P80d2QWAqhs0ufLIbqvfgJ965FkBYUU:Gqsggvf5Uuy3lQ1Yues0uDlngJY","tlshash":"79e1af2cec5e26809c1d3cf8e442115c6b48688cadcc8dd55a19be25f277bdef5d6d01","first_seen":"2026-01-10T05:58:33.894867Z","last_seen":"2026-04-22T11:08:20.882046Z","times_seen":115,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":206,"dns":0,"connect":0,"send":0,"wait":128,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1501dd99e97e4db1abee1d914fc22fd6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1501dd99e97e4db1abee1d914fc22fd6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 5167\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 88630\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1501dd99e97e4db1abee1d914fc22fd6\"; filename*=utf-8''1501dd99e97e4db1abee1d914fc22fd6\r\ncontent-md5: JdK0gy0z2luPrUwLAkKkVA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fp284jU2Dav87JbTO2YHNrVhvIas\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:11 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:2\r\nx-m-reqid: PWGk6QtJ8\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: tHYAAADMZ0GLWKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5167,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 74 x 76, 8-bit/color RGBA, non-interlaced","md5":"25d2b4832d33da5b8fad4c0b0242a454","sha1":"9dbce235360dabfcec96d33b660736b561bc86ac","sha256":"7173157263dbbc4875ebee9c040a3d575bd59a018fe10136ae65ffe610ac071c","sha512":"1f32fa5144fce53fd56741115052b73fb071f67089e278f75ef2dc7ae98458031c760888d6768efcd6ad2122181d55983c55e275d8ade8cc8451af62e7e418c3","ssdeep":"96:kbfbGAdGIi00LZuWH1kceP4vbTm5nJ/9o/SQl066q25A7xj5uzlXqrqO9Pu4qwAB:y9dGB9b1syvInJ/9sn6TA7x/Fb6B","tlshash":"9cb18f97ddadb393f5cb77230d8f20239eb5d9b7834230581e627f32da40459b902481","first_seen":"2023-06-08T21:23:36Z","last_seen":"2026-04-22T11:08:20.883094Z","times_seen":32,"resource_available":false,"data":null}},"time_used":2306,"timings":{"blocked":1242,"dns":0,"connect":0,"send":0,"wait":1063,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/zeren.c0aa584f.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/zeren.c0aa584f.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-cfa\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322520\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 130, 4-bit colormap, non-interlaced","md5":"217588cbcd6216a09cac17953ae710b1","sha1":"de250755d284bb75dcee38ee45f2fc839987dcba","sha256":"24c2821b322d0c9087bcb0727dc0307311f6cfbb52af9f8a93308e48705f706e","sha512":"da190054ec0862c9927bb3bd928481459d53d4d778e9b2928c2507f2a34df5791d43adda750fcf184b767c1ba3a3f92e45dc57242a80869e253a9b37639abb4a","ssdeep":"","tlshash":"50616c01eb9130b8129c286701bd3fcda4c64d993d203d798d87b29bd6f970d288b123","first_seen":"2025-08-29T11:05:53.326961Z","last_seen":"2026-04-22T11:08:20.884392Z","times_seen":1197,"resource_available":false,"data":null}},"time_used":713,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":713,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:06 GMT\r\netag: \"4e3dd8d15b3ee692a0dbc6fd5f6701bb\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n1CLZPJlOoSv9ddeuyaN5q2qltQP5d6TAaWK7XU%2FeNuDpxgyNWI4a4Te%2FVTPhvkb%2FUN%2BWwYHJTJOC4K0q1%2BswYiqlcmKXuUvrererWXGnZen9I9UnhupchrTro2ZKZeD5hh4SU6fZ3K8MQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4048dd8ed9d4-FRA\r\ncontent-length: 10758\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 7901417715871141995\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10758,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"4e3dd8d15b3ee692a0dbc6fd5f6701bb","sha1":"b6ad4c9b9f950522fd12eeb8e78b82f010afeead","sha256":"e939e1946f0589359922b6d3c85062c5e194d1825b8e27ed1b2fa66e2927d11e","sha512":"92bedddd7de2b688f4d0fdc6ebab6f307ece8a2dac7992aa7c33c2bc7a03b64e8a7bf65749231ce2b343b576166c8f1050212c528bb18889efe488a9e3150cee","ssdeep":"192:UnxvnAz9rf9dKD/x0vFIcyKAY7MLUnEpeiqd6ufnQD4rVdg9NpEDy2lc:uA9r76/xEycyUkLuID6Hg9zey2l","tlshash":"1d22bf5b245b7175fd1564bdbd5e9b0750ad8cc0127846290cbe88ba808e9ceecef705","first_seen":"2026-01-10T05:58:33.770986Z","last_seen":"2026-04-22T11:08:20.885214Z","times_seen":116,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":330,"dns":0,"connect":0,"send":0,"wait":94,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:36:04 GMT\r\netag: \"69942ba4ae61d68959322ce67ce23932\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mc99skgP%2F69NoTeiP7rZQSc9QBXofjdnBIQyWTYhNzyT7REqk20%2BN1qO0RjbYb8s2uRL8u7eP9dZbo7U5eFqcjwqhiIX%2FkiCWnzOlRExBKWnnNEukbl3oJeAhdKwB2WFC3bRCbwfRt1L4w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492dc70d20-WAW\r\ncontent-length: 126465\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 9411713337045590374\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":126465,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"69942ba4ae61d68959322ce67ce23932","sha1":"c151a387d1b9494ed69227458c9b36fc45ffb0f1","sha256":"491e792a128a55ece88d75371d9f89d5e2f5adf3c0ecbac351d814ec65942f91","sha512":"f2045c5eb9c6917ed74c98593f41e913d0da3283784d5fc94cb58f85a73e08ca99b2266cf89fdf0198d8418f6b8ca93d997c57381a7952644a687ec69a08cb93","ssdeep":"3072:A0Y8HCYFUXawQfnvWdkhm6yAMwwAMgDHtc2M//qXAvDH8/Fz2e4:ASt2abWdkhxTwAMJ2M//qXAf","tlshash":"03c31295defaab05c0bb21f51685c2d46d940f4bf6b788310c32b9be78466eea5113c0","first_seen":"2026-01-10T05:58:33.908757Z","last_seen":"2026-04-22T11:08:20.88616Z","times_seen":115,"resource_available":false,"data":null}},"time_used":395,"timings":{"blocked":210,"dns":0,"connect":0,"send":0,"wait":120,"receive":65,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:11:44 GMT\r\netag: \"63edab0158abb20aedace0961c66c5f8\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FKn9tA%2B%2FcCttj6HndkI%2BYVjZaOp%2FRGxmyN0a3Zwln6W9l00fV5liMsCiUq%2B%2BKS54uLlqPbt%2BCXFTX5DVGdMBr%2FGNkpyXbOHF1vrGA8CbaNfuY%2FyMwk%2FiTm5PIY1cIwyYChGPEA9KxPuFDQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec404928c1d25e-FRA\r\ncontent-length: 15914\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 4709151616208007357\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15914,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"63edab0158abb20aedace0961c66c5f8","sha1":"b1b8c398eb25c1fe588bd6e470dbc9874970de88","sha256":"3b8dfbfb3187b07c49cfe86e25affb38069f78faa6e6e415080eb3ab6f8978f7","sha512":"20a39a049ae0c146c481a104e28c422e6657af30b654ee29f70d64eaa3a47d1dae965082d9886ac6edbb43e131605208a66905f0a9ed57bb142addcedb606973","ssdeep":"384:zOdbE1lYVo0UOKUjQgxN5voCgMMZUN3GcHHZUX3650gyyY44oDMWQ:z4+6+0URmQ+OMMZUNnnZUX6jyJPoD","tlshash":"8c62b051ba2b30398ea119feefcd1d195800ce60863f6daa6f3cd20d967454ec5aed05","first_seen":"2026-01-10T05:58:33.882384Z","last_seen":"2026-04-22T11:08:20.887209Z","times_seen":116,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":91,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/f5382e596cac431ca2da8b34ad11429b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/f5382e596cac431ca2da8b34ad11429b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 15801\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41827\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"f5382e596cac431ca2da8b34ad11429b\"; filename*=utf-8''f5382e596cac431ca2da8b34ad11429b\r\ncontent-md5: nYJJYfjiyGh5pLqf7Yy+eQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FgmsWIYOZl6koPvWL7_bAoTjM6iS\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:5\r\nx-m-reqid: RX2EYGAAu\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: UjUAAADcEpQcg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"9d824961f8e2c86879a4ba9fed8cbe79","sha1":"09ac58860e665ea4a0fbd62fbfdb0284e333a892","sha256":"613aff513552266acef8405e1f3e50fdaddbc918439a5da912580199d59f7149","sha512":"0e618d91548175f03408ab74ef778429774b0154d0077bae3b6e94a3e3d624195b945246ad33855fc75e4a9b257852207fa4205ab9b326d6905351212cd27a24","ssdeep":"384:yUukVasqygW0/7KjS1+mpXvK6CKY5no/YgCJ:yU7Vmx7Kjhcv/CKY5noQgCJ","tlshash":"c262c05bd85d746a7198a99b58c24bb2c48f988ce719cdc3f4072c36357eb40fd82e85","first_seen":"2025-04-19T22:34:55.247404Z","last_seen":"2026-04-22T11:08:20.888156Z","times_seen":52,"resource_available":false,"data":null}},"time_used":1707,"timings":{"blocked":234,"dns":0,"connect":0,"send":0,"wait":1274,"receive":199,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c9b7642be05c4ff5a53b685e41d93e23?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c9b7642be05c4ff5a53b685e41d93e23?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 145872\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36421\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c9b7642be05c4ff5a53b685e41d93e23\"; filename*=utf-8''c9b7642be05c4ff5a53b685e41d93e23\r\ncontent-md5: JGVtAkS4A3CB552Vfpq9pA==\r\ncontent-transfer-encoding: binary\r\netag: \"FuPeCttkhZKm_KfaEaKV2S_JbSst\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:15 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:4\r\nx-m-reqid: q1eETDgA1\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: mZcAAAAxl0oHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":145872,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"24656d0244b8037081e79d957e9abda4","sha1":"e3de0adb648592a6fca7da11a295d92fc96d2b2d","sha256":"1cebf1fbfec8578d4811c7ee2cdd146f71595896dc5c74aeded8913c53a54c2b","sha512":"4f3b0f53db5a6fa5975d24870439c413eb5be9796bfc197b56a333efb3f807791b71954237c3adb556e454bedbff6ce015d194b7e4ed291151add8a526a256d6","ssdeep":"3072:eVZMGiuE8xSeDTT9eFwf+zFFmBPMzYu+U8VrvRej3pM:eVU8xSySwGziBjMUc6","tlshash":"39e313d24887d770d4e46abea74236f917a2ddb5f62e9fb10b30d97c8407a5900e2864","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-04-22T11:08:20.891001Z","times_seen":276,"resource_available":false,"data":null}},"time_used":2378,"timings":{"blocked":224,"dns":0,"connect":0,"send":0,"wait":1284,"receive":870,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9bfac6f9c9cd4eafa660aa4b11ea6090?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9bfac6f9c9cd4eafa660aa4b11ea6090?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 15490\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 29229\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"9bfac6f9c9cd4eafa660aa4b11ea6090\"; filename*=utf-8''9bfac6f9c9cd4eafa660aa4b11ea6090\r\ncontent-md5: KupjWjgqYoMGBD1GdHkfiQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fuz15ne0ZxJ9NKm7CDgJTkaoHWCM\"\r\nlast-modified: Mon, 20 Apr 2026 13:32:53 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: HlxOagTUu\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: s60AAAAxENGRjqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15490,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"2aea635a382a628306043d4674791f89","sha1":"ecf5e677b467127d34a9bb0838094e46a81d608c","sha256":"a8b2759f445e4fadd70d19fa1c8de282ae83689049b66e00eee92a3b10b8cbae","sha512":"6d77e7ba1990955b9cd1ade573d3a2a091963654bb97dac6a6f93bd933478e448b34123d9efbb303fa0e0dfddd6fa5c69f2147ee231306c2b77cc503962bd395","ssdeep":"384:6g7G2Xjn7tFcHM/yLV+v9/IFYYMDkyog2WVfxi2czoAWAU:D1j7tFmiCo/8MAy3xDi1bWAU","tlshash":"8e62d0e1eb055b811530d6266447d50a68829fb833b55df0cabe423cf692af63ad3f81","first_seen":"2025-03-28T18:20:50.14237Z","last_seen":"2026-04-22T11:08:20.891999Z","times_seen":124,"resource_available":false,"data":null}},"time_used":1558,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":1260,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/loading.da46bff6.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/loading.da46bff6.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-7384c\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322522\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":473164,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"ac7ca483f10bc73cffa89f639f6ffa56","sha1":"03873b9607c635752526968af31773498d259afa","sha256":"a054b81d2850fe2da5b4f97a1c50c05ee59a24c37f1c700e5cc45fe6079598b6","sha512":"caa6b3e243f02c86ccaf71aafd0e716834a7a0cf07305c5c7cc0a1b9d637cc2802caa067b0010c7c3c064e3fe8f7881b26992f57137f98477266653342257760","ssdeep":"6144:NFoYczeWIF3Q/IUPYhuF0KX38I4z/tcKZPehCIjAl/CS+b:rLczeTUPpF083CBdeh7MlvI","tlshash":"79a423929b411988e1096432215fab4d23993b6458ab5fbf78843d88893cf059ff763f","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-04-22T11:08:20.892825Z","times_seen":1255,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":715,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/LIVE.88ccbf98.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/LIVE.88ccbf98.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-f0e1\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79ce25b8\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61665,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"372d01a2bda7ccdca1e7966af39c2327","sha1":"d438c1947b711d032c5621a6b4b08bbbca2c338d","sha256":"4eac7be4c06fa607ef5e95789e3ead43806bfeff97872ed6567e3810f2f661bc","sha512":"9f04160df8696cf984cd77604dddaea73969479e4f1c5050e53351df7f11e85d8ecccb14ecb87dcd58bea0ba04d9ba5ea3f99c69a179ba88ad38d5416b7a94d3","ssdeep":"1536:jTjrlfQBxhFWiXt2lnJE9mARbSK0k2C8ve1HfarCtt:jH1QjwWUC9mA10jC8WZfaQt","tlshash":"dd53124a2ecc3a1f7bf21e5e06f286814d36a186d0f9ba5bc6e70ef1218521de0e4535","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.893668Z","times_seen":1238,"resource_available":false,"data":null}},"time_used":1198,"timings":{"blocked":158,"dns":0,"connect":211,"send":833,"wait":207,"receive":-1,"ssl":421},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/7fab177825fb46c086bfe71188fff31f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/7fab177825fb46c086bfe71188fff31f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 22666\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 88632\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"7fab177825fb46c086bfe71188fff31f\"; filename*=utf-8''7fab177825fb46c086bfe71188fff31f\r\ncontent-md5: si4Mqh5RyuaQIotPmdO4Dg==\r\ncontent-transfer-encoding: binary\r\netag: \"FiP2zV2O72jE0RdtMMBsoXgPuJWG\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:08 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: dXCwHPWHV\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 7TYAAAAOT9iKWKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22666,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"b22e0caa1e51cae690228b4f99d3b80e","sha1":"23f6cd5d8eef68c4d1176d30c06ca1780fb89586","sha256":"d424ec3b24e8fc8a24048d87645ada059bdd266dba476fe05c7cdaa36fdb56d1","sha512":"71b571d24042f5095ebbabafe4a3851d9483e9d223bcb9fbb1803a6a17f70cf3ea50b0b73c8c276e48a4ede6f2157577ca6d79d00d23b2ffe3e3cf3f389b8c88","ssdeep":"384:UR+eswKdTTvZPlgt82RU2vaPUlU/mC+nccbVP6i2/Lu2zUQo6AGfadQPmL+k:UR+hwMTvZPlc3dIBp+PVku2YQcGflPeB","tlshash":"41a2e108cf9405245e6b3d2e49f5697a6d33b32d435c2221eb80b59de9c41eafcb5732","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-04-22T11:08:20.89451Z","times_seen":66,"resource_available":false,"data":null}},"time_used":4073,"timings":{"blocked":1286,"dns":363,"connect":260,"send":0,"wait":1258,"receive":171,"ssl":713},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ddb2f28edde6492fae334c9f398a843e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ddb2f28edde6492fae334c9f398a843e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 27775\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 88632\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ddb2f28edde6492fae334c9f398a843e\"; filename*=utf-8''ddb2f28edde6492fae334c9f398a843e\r\ncontent-md5: 6VNgyMqugavrLcGRowWBRw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fiu2dUnRGJnG84hnacg9TShZlhhw\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:09 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:6\r\nx-m-reqid: 7eNJduLRS\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: YBEAAAAQJOCKWKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":27775,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 174 x 174, 8-bit/color RGBA, non-interlaced","md5":"e95360c8caae81abeb2dc191a3058147","sha1":"2bb67549d11899c6f3886769c83d4d2859961870","sha256":"db4d295cdac05e696faf44f87d34f74e5b42d7f7264067447647f3d9e6711000","sha512":"fd193cdac3be9027203ac8bde77f6d21c3e7d17c23a290cccfaf1dbe88dc43bcadb3cadf2cc0838a88f177a4d0563c880ea5a66c8536e32dc5fa41c92d0755ef","ssdeep":"384:iarCA0a/XfhbsEi0++eP8CB4DwsMzs4SX6cUyJdf3Gqra09Waem8nTZQienel:iIv0axniulCWDMzspFdPprdkznTZQ0l","tlshash":"7ac2f1051a28334f3051e98e4f2f6dc7e81b155147d943f7eeaa06fe1762e246230d63","first_seen":"2023-06-08T21:23:36Z","last_seen":"2026-04-22T11:08:20.895273Z","times_seen":177,"resource_available":false,"data":null}},"time_used":4346,"timings":{"blocked":1283,"dns":358,"connect":263,"send":0,"wait":1278,"receive":431,"ssl":723},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/config/telegram.js?t=1776856033259","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.307Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /config/telegram.js?t=1776856033259 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-1c896\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df693124f4\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116886,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (483)","md5":"4ef2154bcfb8399f256c2da15a4cb409","sha1":"e0f8f5578b2e0773ec1d79bb1cec54e1f5d6373d","sha256":"73fa4926373755b52fecfdf3145a0c9953c08af374ea69dda46fe2b3b9ddb022","sha512":"8b64643161386bdefbb7eab04416e78e5e183c50acba7b25b146aa6e733744a326566a01eb7eabb1a0a3f5b87ac8461a7ab3b9ad1c44de37ecea25af09e3eb41","ssdeep":"1536:WK4KZK+Klt3LbbdS4V+vO14KtA9phXTQ+fcZl8LDh7j8d3K+V4WMrnf/NunqxF00:Wj+dgdLbbdSA+1XTQRZ1jSBl","tlshash":"14b31c4c5cf3216285a7b1be8b9f925072759893304def203c4d9ba45f98d3c53eaad8","first_seen":"2025-05-31T08:16:48.368096Z","last_seen":"2026-04-22T11:08:20.896093Z","times_seen":680,"resource_available":true,"data":null}},"time_used":844,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":844,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor_web_3.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_3.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-9faf\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 441181\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df706e250a\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40879,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"c26161f438986f6e2d677c34d653285e","sha1":"faf6c47a013a9944bb8cac197688908422992039","sha256":"58d11e173550b3420b35c4e4be3eeb76b59ac790d9fb59b535ffe55d3b470fa9","sha512":"97649de556447ef6aa6cdd7d0bec46837cfb328335daa3b862cbaa5e23ca5a8f2af296703c9e961cbad02bb797ebf1f99ced2d1d245fbbb3a428e39d26428c76","ssdeep":"768:ub+4OMIuYE3McXMuDR64Q7sRFKJdsCA1Hunj5tyKxGGTVtkDGlT2oTO:uS4OMXYODNDR6XsRFisCAk39t6oi","tlshash":"db03f108254f2d4466ec90bbc7a1e0f7ee1d103dddb7e30c35a685163e46ca559fa0e6","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.896905Z","times_seen":1300,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7621254b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125bf\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2941,"timings":{"blocked":-1,"dns":0,"connect":0,"send":864,"wait":821,"receive":1256,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ec1ecd8979e74f61a335028e2f398bab?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ec1ecd8979e74f61a335028e2f398bab?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 59144\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 58023\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ec1ecd8979e74f61a335028e2f398bab\"; filename*=utf-8''ec1ecd8979e74f61a335028e2f398bab\r\ncontent-md5: JX11jFz0NFPs+wqR0YAtOg==\r\ncontent-transfer-encoding: binary\r\netag: \"Ft6R4U_JGSUPGPyycw-4lOxAPWm1\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:2\r\nx-m-reqid: koQ1izHvs\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: iBwAAAAA0qJhdKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":59144,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 368, 8-bit/color RGBA, non-interlaced","md5":"257d758c5cf43453ecfb0a91d1802d3a","sha1":"de91e14fc919250f18fcb2730fb894ec403d69b5","sha256":"c60f9d9513d6d579348be9f3733ab92012f2bab1c4017c76f1e4af8ceaa91f7a","sha512":"04d4b411e739aff3442acf11056c2e48afbd914af97150f5f37d6ed55ae80fa51296b067387b0911e4a2b900cce33aa31b94f2c17f8bcc29e6b5e59a8da6e327","ssdeep":"1536:yzZBupZGeUt1MQ1eM3uOQTavZO4x26n0XNkIb:y9ApS173MuvZO4Ig0XK6","tlshash":"eb430284145d62d47abaff6a6a04a4264f21ef2a5d5b1137c438e06cfd0977312ba3fc","first_seen":"2025-02-24T02:30:01.441461Z","last_seen":"2026-04-22T11:08:20.897721Z","times_seen":276,"resource_available":false,"data":null}},"time_used":2897,"timings":{"blocked":963,"dns":0,"connect":0,"send":0,"wait":1272,"receive":662,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c453c39183cb4c819892779f560203ce?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c453c39183cb4c819892779f560203ce?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 22808\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41828\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c453c39183cb4c819892779f560203ce\"; filename*=utf-8''c453c39183cb4c819892779f560203ce\r\ncontent-md5: LHzuyWqU8zdBbBDdelCqAw==\r\ncontent-transfer-encoding: binary\r\netag: \"FgWg-d2PwAITCqQ_c4HgUpsv17Jn\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:52 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:12\r\nx-m-reqid: Wj0ZCsUOj\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: LScAAACPj2Ucg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22808,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"2c7ceec96a94f337416c10dd7a50aa03","sha1":"05a0f9dd8fc002130aa43f7381e0529b2fd7b267","sha256":"578e12b533bd8774fd8462381f6a36637cdd7c209122133d15cafcdaac6ac29b","sha512":"acbe7a13efe6db4d8f0a7d0cd85606a15577a8e2bb497dc9146553530e1f251085b38c05b580ade6afbc73876596843ee1424f1c39bb32a12efdab067b888a1f","ssdeep":"384:1ozC9LvbT/GHL55EvhFwz7jObmz6jsHNOUkvmdz3gFPh/EcjvRhw/D/GZ:1ozC9DbT/Gr55+cyA6jJB5M+vRODI","tlshash":"0fa2e157e9053688e95f60338b4018c6066e7ec6cd1573c1be234d4fea862f13e95e99","first_seen":"2025-04-19T22:34:55.206693Z","last_seen":"2026-04-22T11:08:20.899083Z","times_seen":27,"resource_available":false,"data":null}},"time_used":2204,"timings":{"blocked":707,"dns":0,"connect":0,"send":0,"wait":1275,"receive":222,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/38beefbfd1f9423e94760a20618051df?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/38beefbfd1f9423e94760a20618051df?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 101500\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 29229\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"38beefbfd1f9423e94760a20618051df\"; filename*=utf-8''38beefbfd1f9423e94760a20618051df\r\ncontent-md5: 45JO1MIKyqsiYuxV2TqMEw==\r\ncontent-transfer-encoding: binary\r\netag: \"FgD8HHVRdI9sbIkwy3Axx24lBZ0N\"\r\nlast-modified: Mon, 20 Apr 2026 13:32:52 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:1\r\nx-m-reqid: aYshcph6m\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: nfQAAACa29CRjqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101500,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"e3924ed4c20acaab2262ec55d93a8c13","sha1":"00fc1c7551748f6c6c8930cb7031c76e25059d0d","sha256":"7d9e3cf1f9fa848d134400634c201c99599fc4f5c2dc899a59f830a41d17aa95","sha512":"4e2820fcf49d7e85409c129f3272d794c05629e9b20cc3baa1fe0ef0c3b5e33ae857573bde1dcd92fd4d463b0ff79a0fa6c2913bc4d4b4bf3879b84e9e889011","ssdeep":"3072:rSlpq+FkXlS+U1hp0sdlQGKxUE9aGJYi+h5NJWob:uOVS+TAlGxUEYGJhoQob","tlshash":"c1a3124b10cfb65a7c9115ebeb95e3b8a1b3c6d14b0d1c0215c1d518a8e7be2fcb0929","first_seen":"2025-03-30T02:59:21.178727Z","last_seen":"2026-04-22T11:08:20.900598Z","times_seen":137,"resource_available":false,"data":null}},"time_used":2187,"timings":{"blocked":89,"dns":0,"connect":0,"send":0,"wait":1259,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/21954.1774008371298.57c97863.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:14.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/21954.1774008371298.57c97863.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:14 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-a3da\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856034=g54iPfEydgw012d6wpp1pBzrCCA2Rzo7OV4+S5PLmIYcgnZuNZkRMoBvcVvU75kzoHH4/yuhI5jk8jPYFs3GP+pua82nJrtzTrlOzkYWXYfk8gcqADM9RKXuzuCSEwc01XQhQ7XhfxNqThEosQwGV7RTuFMlhrqpDudfSrlQWwCLmTeoeGt7D+5lv6euTFgx\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6e4724fa\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41946,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41946), with no line terminators","md5":"c37046d6415189d71e476a96168144d4","sha1":"e60fd0f50c7ced9c708158a6f1fa6f5f16edfa7c","sha256":"4d372d0cdd07bdabc7f443b0f2123468bda757c07638ea20753ad1928c62426f","sha512":"fcb8fb515e88306c32d647822e4d7ae942ec23540654a8ba6937850ba58b810165c546e6ed05c2e0ecebd43da2e61c6b893be3625ee346e820c0ef1a5410a7d9","ssdeep":"768:TWaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:n81R6Ipyk6o","tlshash":"4c132088fac2b06dd3eb7330857f505ae66a1dc0668c5434e260d6917e7198dc1fb5f8","first_seen":"2026-03-06T18:01:11.532425Z","last_seen":"2026-04-22T11:08:20.902098Z","times_seen":114,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":309,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/undefined","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /undefined HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70c5250e\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":538,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":538,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125c0\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2953,"timings":{"blocked":-1,"dns":0,"connect":0,"send":875,"wait":821,"receive":1257,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1ab80f8e1e9940e1bace9edac657d7bc?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1ab80f8e1e9940e1bace9edac657d7bc?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 23653\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 88630\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1ab80f8e1e9940e1bace9edac657d7bc\"; filename*=utf-8''1ab80f8e1e9940e1bace9edac657d7bc\r\ncontent-md5: rrhG2bMRj2qg3CpBa9UPYg==\r\ncontent-transfer-encoding: binary\r\netag: \"FozLqXqIBId2CI5umgjNYI0yWSv4\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:11 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: Jtrw1MuqP\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: -fAAAACcfkSLWKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 174 x 174, 8-bit/color RGBA, non-interlaced","md5":"aeb846d9b3118f6aa0dc2a416bd50f62","sha1":"8ccba97a88048776088e6e9a08cd608d32592bf8","sha256":"5116e8f1a61d300e6fe500dc8d1f51e8057f1f577b09fc142aa6c93f3c1f08eb","sha512":"30d772c92bd72dc475789bcb391cf528be8b830a724cde7a07f04c5157b4543ca006832a029b5ccd5c1135c54d4a8f281ef6a5884cbb508808ab04e1473a47f5","ssdeep":"384:pO8xxIPrInyDF4xTxhTHnYR9wSa5/lRf4MFHV00ztEz2XuZoADshuRDV8ET+:QTcTx+wSadjF100zK2XMoAZ58e+","tlshash":"7fb2e0cfe92acf52a0c61cb29bc0c6f2a93451198961ddff36e45903497d1e8cc7e505","first_seen":"2023-06-08T21:23:36Z","last_seen":"2026-04-22T11:08:20.904132Z","times_seen":44,"resource_available":false,"data":null}},"time_used":2122,"timings":{"blocked":1234,"dns":0,"connect":0,"send":0,"wait":849,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7642254f\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/home-bg.1e09954b.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/home-bg.1e09954b.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-fae\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nage: 448240\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7b8e25d1\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4014,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 278 x 80, 8-bit colormap, non-interlaced","md5":"ed0eb6c81f949885511fbbe4d666a2f0","sha1":"d74fb98c3b01727753bb182eb5ee5d6eedf3da4a","sha256":"7fecf4ed61ab1535aafe2800474ac643b49264b83f54fc1da596d7334868ae75","sha512":"dd2f749e24e6b35f80fa77856c9c8b1cb1e0cacb9250b947403283e152d8bb9e7bf539df00ca6743d4162aeac014e47ce82191b62847fabe6cbb5693b4cd7fec","ssdeep":"","tlshash":"1a816c7eb31a4997296ff194138b387d74b0709d0b546934388a9c31a4791fcf39e526","first_seen":"2025-08-29T11:05:53.155399Z","last_seen":"2026-04-22T11:08:20.905424Z","times_seen":1242,"resource_available":false,"data":null}},"time_used":988,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":988,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/index-a3dad144.1774008371298.5bb7afbe.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/index-a3dad144.1774008371298.5bb7afbe.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-562ed\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df693124f2\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":353005,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64580), with no line terminators","md5":"15f2357a3eef3d90e84f430e303002f1","sha1":"793f9e00d525522f8b621f36e92c8b037d473a80","sha256":"fc46407fdae3f669d6b159bc9215e988c25ccf1bc08df1602cd7ef0e7f12e43f","sha512":"4ab010d8cfe1fa737fae540cb711ee15e217f01cbfff5814be0ecc6b384d6965b51b874dbd55ab0bc9d9a27471dfb182741069e1fbcf756cf8fc9c8e73453535","ssdeep":"6144:nybhFOufhIRBpryMzrqsq1yHk1YlRlNCmq9n/:yzB6RBpryMzrqsq1yHkMCp9/","tlshash":"d7742c90f76ce1bd875e95fe793290a4902c1b41b0c89e58d29d2944fe6b385feb04bc","first_seen":"2026-03-20T12:57:26.743525Z","last_seen":"2026-04-22T11:08:20.906663Z","times_seen":99,"resource_available":true,"data":null}},"time_used":638,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":638,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor_nav_web_2.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_2.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-1922\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 454122\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70d82511\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6434,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"e31cb9f70abcc458288bb53868031352","sha1":"965f7cb9aaf0d166c21b8681b0671d17e019c74e","sha256":"33295ad776e1fde54dace5b0343c9aab9a2d70cfa8848e5cbd09065c340e294f","sha512":"acd328b1f4cb6e1c7267696487f637ea5ae4b724f7ab32516632a3eb2c8b4e374fa472ab77120230258fb49a23f54ba3988b155004b46e69519fe3ef57ee79c9","ssdeep":"192:RYc0QiGWn0WG2WmjNJMjOluoj/xrASMJmoJESULHT:RYc0QiGlHmjOo1j/xPMAG2Lz","tlshash":"c9d18ea6ea2a4a52cf8d0d633efc5b0671508e582f390826809a1d1d57767fa24a13e7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.90808Z","times_seen":1219,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:31:50 GMT\r\netag: \"1e418083b3908fab83f51851eb4f3ad8\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4Sw%2BDTaGgJwbRzj%2FY2j%2FZ%2Fsv14YqXFibCuJ2jBFGUBUuLRs2I5Nog%2B%2F%2B%2FCTtEfDHwpTlJnFtqyvSYBKQsqOUpXxlnNlfoCGVBaXIw8oqqcFBXa%2Fb41ZvVRYSExIwWjT3xrPCVXg%2FoMaqGw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40495bedd38e-FRA\r\ncontent-length: 69604\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 11612339412930059246\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":69604,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"1e418083b3908fab83f51851eb4f3ad8","sha1":"a14b0f6302b7661df06ba4484c4f7ace1d584b3c","sha256":"acadbc2f2592cf8504b505a6e45a5c8cdc96e53e476bd5a38ed35309cb66295b","sha512":"3f5824449b0c20f75f235fa4105570bfd55d49128afadaa6425669f41e19eccb9c46941fb8f576258e42f1274f92ef7be64f1c4573f0c40b8a5f95a8dfb4afbc","ssdeep":"1536:2zZ24Ia5yjsOfOLgsOtyLr/i7deYSzcwqzpf1btvhp61:2zZDIa5yjDMkyLr/z/cwqzpdxpp61","tlshash":"f56302aa4a11d1c8bf757507133a9da677ec93eaa09612f04077944f162bddba2f0c0f","first_seen":"2026-01-10T05:58:33.917341Z","last_seen":"2026-04-22T11:08:20.909132Z","times_seen":115,"resource_available":false,"data":null}},"time_used":864,"timings":{"blocked":393,"dns":51,"connect":22,"send":0,"wait":67,"receive":20,"ssl":305},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125be\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5844,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"7915cd476e315efd029b06d4e628ee77","sha1":"b8bdbfe82856d1fbed114d3a9537bfab6ecb7355","sha256":"a11f08fc2a1e73b483ba7f8ef14e19f8bb2c34bb2db331fe531a5bd2d6b737b8","sha512":"659368c5e089fcd01f93ad5748189f53c118cd2c98d4416f084fe736adff70e192e73e4091f4ca1754a2d7ab602ef4c5fba3192407805ea8272deaf9a60a28f3","ssdeep":"96:dugpmdawIifNoAJRaL3a2HGnsm01+mA5Jhn6S3WJjXCAKSxqL:NyawIifNhJRaL3a2HGsl1+mA5Jh60WJS","tlshash":"d0c1631b6df304296413a1290ffef2143a34e017a609ed547b8c63a98fc0b9a54f37d1","first_seen":"2026-04-22T11:08:20.909961Z","last_seen":"2026-04-22T11:08:20.909961Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2411,"timings":{"blocked":-1,"dns":0,"connect":0,"send":755,"wait":821,"receive":835,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/2e69cbfd140a4d3fb47f076f4a95da34?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/2e69cbfd140a4d3fb47f076f4a95da34?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 16355\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 38\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"2e69cbfd140a4d3fb47f076f4a95da34\"; filename*=utf-8''2e69cbfd140a4d3fb47f076f4a95da34\r\ncontent-md5: pU5PtF2PzSd+6xc/fPGitw==\r\ncontent-transfer-encoding: binary\r\netag: \"FgIKfQD5syxg_hvvEAufwjyVqj_K\"\r\nlast-modified: Sat, 21 Mar 2026 18:20:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:28\r\nx-m-reqid: 6Zrv9eLBj\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: KDUAAACHVkAeqagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16355,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"a54e4fb45d8fcd277eeb173f7cf1a2b7","sha1":"020a7d00f9b32c60fe1bef100b9fc23c95aa3fca","sha256":"82a0a5f2a2ea865d3b766099de838157241cbb952e1211e14778064c1d933c55","sha512":"dbc8053f4eb58f00b3beef081e2ba864a5a820dd62f1b703482dbec54f797ee3ebaab9eb1cb6cd735cbac260469c3537d1caa07c745bbb6d1deb15126163b260","ssdeep":"384:4e8tKaAGbIpEcQs8OTa4EEImT0MWZnfZQfU1HNKb:4RF7+EcV8gEXm3anxQfU1H4","tlshash":"5772dfcdc52135a18490eb955573c562d24bc9b52eeb0c1b5603acb8bfce021eb2e2e8","first_seen":"2026-04-22T11:08:20.912083Z","last_seen":"2026-04-22T11:08:20.912083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2968,"timings":{"blocked":1211,"dns":0,"connect":0,"send":0,"wait":1298,"receive":459,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:10 GMT\r\netag: \"347c99272e6b5f508846832209fba77a\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xLdeEJEj2rv4n1C1gqAcvRXhoGvWETNUzkuA3Q4mcSlTULdVXVkP4cy2s5VWKeiR03tS0YjO%2F6HiEtcICfVIIb3X7EyuKdc8lccz2vYUcPxEwU%2BYj27FC81TqLEkJC%2B1JtokjGFymAgxEQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40497ceba48f-WAW\r\ncontent-length: 47886\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 3116048887449384086\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47886,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"347c99272e6b5f508846832209fba77a","sha1":"6ad2512733675eb68bc79ab3272989bafb934f8c","sha256":"b6d45a9512c120d8f9f41c1d49645db774b2428dc6e1ade7de9e49d0d7480b20","sha512":"daa7228e24e358e9053b5829c1068981cba91427b85e034fd9e49ca0751da42e335e767aec6661020618d08cca138406aee71be071d58f99b1310bc73ee00417","ssdeep":"768:lpFTQF6ySs7gk0G8b/lE4qxGPlMt63JKVB/JmKjmz+0N2pqQg6yQV:9pyt7y/y4qoet63UbJRa+Fqwy4","tlshash":"cb2301147318d81012a1a6dbebcc1b6d6cae4947a4447a338d8770ccc7bdc9ee93ce82","first_seen":"2025-12-13T10:12:53.147839Z","last_seen":"2026-04-22T11:08:20.913858Z","times_seen":117,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":367,"dns":0,"connect":0,"send":0,"wait":66,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:07:40 GMT\r\netag: \"8e059e4f2161c22e81e610e960997391\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=amdIxMH50iwDOK6iZahn3Y1HwZah8Me0mdXes0CgfBidDO%2BN509ynK1rLMQ9efhZQOUxzM5vOFvXuQyO1wrDqbQ1cvDWx%2BSlSzDGUvfDIQ%2BG4OY2vMawXBUSvuoQdEYOfxpKGpFCJdneww%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec404929eb508e-WAW\r\ncontent-length: 18518\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 7166206982098038457\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18518,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"8e059e4f2161c22e81e610e960997391","sha1":"36de3361f97b1fc7d1d4aa9b33c9bd92cc3984e2","sha256":"6aab58f4e8df1252591cea032ded405229e5474d563c82ae48ce0e08125455e6","sha512":"ec2dcfb861338980fe4cc6cee36e9f9b7ae56974e4b7a59e499804b330c98b50c4e4107fdf46e2d280ffa4d2a5bee185c48a23bd9b11e6509d4e568f0a810c4f","ssdeep":"384:S/SrnnTDDsTm3Dgi6CrYqpWrWrM5LW7A1zNb+EIItGXfeXCq:S/SrnzsS3zJiK81hS4","tlshash":"5282d07a08094e73b22a53616be5e8648b174f98100ca7bf3d0165c9f31de6f74b80bc","first_seen":"2026-01-10T05:58:33.786724Z","last_seen":"2026-04-22T11:08:20.914619Z","times_seen":116,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":335,"dns":0,"connect":0,"send":0,"wait":65,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75f22544\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:16 GMT\r\netag: \"398b754c93a3ed87a1b0eae0ff2bbaeb\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jkcqKlksgLp7ntyMXfazZxS4vBBUGjVngpRQIhv6TB0FVb5SJV2cT0CWl48qvYo%2BRJPkzPYVuTAadxqJoUckQUFPwqJbCsMg3BbjV1jAWZqOC4bANZo0tdoGh4jLNdaXcuC6a7ACkA6Ivw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40491c22b610-WAW\r\ncontent-length: 43980\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 15675261944213407477\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43980,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"398b754c93a3ed87a1b0eae0ff2bbaeb","sha1":"83e9800b2f32bc2f93aa0d4d199868de2b63f2bd","sha256":"605ce08e4cba6ea17cf464ee9804ffad01f5c20de85c42fd6841ade7a0091d1d","sha512":"fcc3339cfb394a06b72ea5e4673fe4123acb514c339c558e415fc168495cc9c60c3c352c3647bce9dba55b3d7edd8c37a12ee6063316457179b7d6ec2668fa50","ssdeep":"768:GD/LEFkjJ0uG775vp9Y25iMxn46PWKhqrJ0bAbhtI0iSRXbs6nuxV8fnxO:GDD9jJ0p9J5iKnQKEriAbhtgcbspx","tlshash":"c413f180b6ebb93680256123673379eef9c87b6fff44872aff424646a9033643119d15","first_seen":"2026-01-10T05:58:33.765641Z","last_seen":"2026-04-22T11:08:20.915353Z","times_seen":116,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":290,"dns":0,"connect":0,"send":0,"wait":93,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1eac8286042346fbae7307bc80678960?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1eac8286042346fbae7307bc80678960?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 20717\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 268\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1eac8286042346fbae7307bc80678960\"; filename*=utf-8''1eac8286042346fbae7307bc80678960\r\ncontent-md5: S4baUAppwbuIZkYzupxqYw==\r\ncontent-transfer-encoding: binary\r\netag: \"FnUjGK_G3BA8j_ZT9aIaPzfAL21_\"\r\nlast-modified: Tue, 21 Apr 2026 20:07:49 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: RptBQjnzE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: C3kAAABcsdboqKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20717,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"4b86da500a69c1bb88664633ba9c6a63","sha1":"752318afc6dc103c8ff653f5a21a3f37c02f6d7f","sha256":"b0b5bb2f0b45f3564962352317e11de5af2d02f072a5b4c04cef3d4626ac80a9","sha512":"32c30466a82ade38bb5062200c1d57fea09efcf8488c755eadbc9088773d61fab41951cc4c048be08696a45c8c5e3b91ffc1dd4955fe1ade1ba7b39b1aacb54c","ssdeep":"384:oJ/OJkDfU2msSE0obbjZpOLsfsBqAfgRbI5BW1hBrKsosMoWD/4R8:ZJkDM1sSYjqsk4R8BIbwoWDAR8","tlshash":"6f92e157d04e5a3577c86841ff74ed5f25e43a43a2ac70381d396a9978c8731ac6834b","first_seen":"2026-04-22T11:08:20.916043Z","last_seen":"2026-04-22T11:08:20.916043Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2326,"timings":{"blocked":1207,"dns":0,"connect":0,"send":0,"wait":1088,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/58c78fe90b0c4f5594b6ae65b5f6f5f8?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/58c78fe90b0c4f5594b6ae65b5f6f5f8?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 319345\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36420\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"58c78fe90b0c4f5594b6ae65b5f6f5f8\"; filename*=utf-8''58c78fe90b0c4f5594b6ae65b5f6f5f8\r\ncontent-md5: qGxDbcfZgKpkCNP6ghrGcA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fm5O0bVvk-GK5YiMVLSgXqv1xwi5\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:12 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: gH6m7qVys\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 5cMAAABffWAHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":319345,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"a86c436dc7d980aa6408d3fa821ac670","sha1":"6e4ed1b56f93e18ae5888c54b4a05eabf5c708b9","sha256":"da01833cc5f5c69919b8bafa6b67336c37b5d37d9307681f92a1a38b560388e6","sha512":"81898abac4d2d8414912c7d7db50888b0b8631451466b73a6b407bf5f53d2d16146c2065f43b5978d9f3efcb5fd84115d95021a5af535327d4613d379464cd74","ssdeep":"6144:+brJHn26wuulbj40uiZslFT1Ws7R48ds8SVEKIvEg/p7:EJH28mj46slLWs1u8SgvEgh7","tlshash":"766423d6cb7a1dcbf8b273b9937f9f5ce8a568339d2610608455a490543212c6fbcec4","first_seen":"2023-07-08T08:51:55Z","last_seen":"2026-04-22T11:08:20.91752Z","times_seen":166,"resource_available":false,"data":null}},"time_used":2293,"timings":{"blocked":220,"dns":0,"connect":0,"send":0,"wait":1262,"receive":811,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:22.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nx-request-source: https://h112g.xyz\r\nXign: dYJEYqN+m+rojUlSc+rnWraNSKPGGmmKihadmXIPONaW28aiaYRo0ETkQl+gcrgYyjFsUEiB6o6vLoRt3ipkD66twX1JGC/bMhZ6PwCWb5KPSyabz56G5MeIc2lZfdiDFvpe8Kyey/1MrcO1CHj9HnoPezJYm7BC+ti4JL1JQbc=\r\ntimestamp: 1776856042010\r\nsign: 5t6vh722qc2i1633\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:22 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856042=TpGtF4wuMThOxFZuxjMbR0PiGe4EOYmupqdz+TEjqd0b6DGlnEQ1zLo+fAp/wYMIvkqgbaNnUEx27j6rWzFVZdOVoTqZaOBUP8dRSPdjffU6F0HZ7/rtp3z77Y6ujk6CtOiAMPhpll8vfOq7GH9fG2wArU+PTJN+oIOt0W0hMPluovu4C9cv8VE07f7M466Q\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df8a8f25d6\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20726,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (19860), with no line terminators","md5":"82484d740b6f5bcb7c9fb6d007087c28","sha1":"6c795b4e3389fb5f16e6750bfa550613af28c71b","sha256":"4879a9503f4c03c4777480fa208bb20a53357c0eb3f15ff40531de02069fac0c","sha512":"7eb7a64f85715a829e99943264b9cd2b8e56db285883f98b4b78e2a6a2a3776c29db72abc39ee45936b1d368173677872906ea084a851a011a4cdf1c0f23e098","ssdeep":"384:e+Nh2rKmwfOm8C5/mXhX8mmQ+mdcWg4JwWsIpRe9BaZ0XM+Nr7ExuIS4aNeI2/Vl:eeh2umwfOmT5/mXh8mmnOc14JwWsIpRH","tlshash":"8892cb9281ed18d51f9c61e16e1e3b4c847eb95b0a9ef6c6ee0ecf0924b43f78640d21","first_seen":"2026-04-22T11:08:20.81429Z","last_seen":"2026-04-22T11:08:20.81429Z","times_seen":1,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor_nav_web_3.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_3.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-1cf4\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70d82512\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7412,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"eb94a297c215863d5d2232eaa67f4779","sha1":"d006f382f63ada4e4ef65d124a75eac2e4e72dd0","sha256":"6bd46b617bf27cb28fb798d50b2d6daa2aaed1a278ed50e9aa549b6e4fac48c3","sha512":"dc7759393acb5e7d1a635b4d91d73e84abc41fe6afde99a85a8e4ed6f4f8b1b5819bbcaa80b1c213c00c89df8b81db512a7bff142b24c50565ff1e6289f1a30c","ssdeep":"192:Sfq39wgHGYB1fcUWobKUUR6IHaDmzDxfbTow:uQ9gCEUWoWUe6DeJQw","tlshash":"94e1ad76a7f6d695a6b7908cfece94050fbba2722c6352762b7b8c02170c339525b411","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.918186Z","times_seen":1222,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:20:08 GMT\r\netag: \"b45eecf92cbb685037d1e16bc4c092d4\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UEhOlXZxKGYRADE0EtM%2BuLFl%2FdwWb10oy18MC6pgy3KEzaBkM0TGc%2B9%2B5NsvRUDF1Y5NktC8%2FC0V9V%2Fp8OxV9uP87nOGbFlIXuGKECPn0wfZJgPdEhkNxdAnm8dEkTe0pboj1nRlaF4Rww%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4048988a39eb-FRA\r\ncontent-length: 79930\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 7033031012664410464\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":79930,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"b45eecf92cbb685037d1e16bc4c092d4","sha1":"345e1976277d2b81f1cbf2991af4edaac9d3110b","sha256":"35998654364772bf6c28b8d79c1590e8f49ee7fb6e36a7405af20af03ed1a4bb","sha512":"23c653b006a7349b7ae583ba8e8f6103edaffbe13da8c716bc5caa67faee623df97b79d2eed809ef3011a2033872d75d22cf800f264346bb1f6d27398fc396dc","ssdeep":"1536:DVx1HKbkHPxLc4OWZ0+j0j8R+dWMIFtCTbYgw:DVx1H6kHZTOWV0kMGsTbNw","tlshash":"897302a44e4e35b3dc0b8b7fb59c8e7606fb9be3281da5c00d55674adbd81ad13a10c8","first_seen":"2026-01-10T05:58:33.934794Z","last_seen":"2026-04-22T11:08:20.918796Z","times_seen":115,"resource_available":false,"data":null}},"time_used":1065,"timings":{"blocked":476,"dns":55,"connect":22,"send":0,"wait":110,"receive":2,"ssl":390},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:17 GMT\r\netag: \"63bd8645bedf3dc30cadb2aff861013f\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=909ysH4x3jWdwL8y5t7m04lV%2F84oWme8MzYFGLEkwYgMelJO0y5zeSpPzobKnqmOuSD54QKtkLBHWTXsFIxH4jXRjP2h8N%2FglUyRnOTC2KlPDwcGZbbfVTi9rsPCtrZ7oJ4Zz02CdTZt7A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40497fd7c12e-WAW\r\ncontent-length: 117319\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 6601891924379405941\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117319,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"63bd8645bedf3dc30cadb2aff861013f","sha1":"17473a5e80a54aa194dc4511a01307d529f2d644","sha256":"edceffbd3f8b4bc4c48996d3984825f1fce938394ce21ad1c580fd562dfbe942","sha512":"21dceb7008b5c59a354b2d6a8e6a5737bc1e2c809b417c76b57ba4499b22751860fa724e39a6ecaab2d589ede48ef1f0a277527cd58b3d6aaeb16cd2f88cbb44","ssdeep":"3072:6+kUtq3tYWiGRJMf+5rzUZpd3F/WKDT7PPrJdd1fExWh:6eqmjiJG+5iF/W0/nrJdfQq","tlshash":"59b31280231968a5c586b83636766d969cb5ec33b3470a0ff56cd0a814468cf6f9fce9","first_seen":"2026-01-10T05:58:33.717967Z","last_seen":"2026-04-22T11:08:20.919391Z","times_seen":115,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":221,"dns":0,"connect":0,"send":0,"wait":130,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 09 Nov 2025 14:30:09 GMT\r\netag: \"ffd4057be0b5aef9d949a861330d93fa\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vqiE%2BwgYWTrdcIaXwvdUZQvIuLseqW%2FugRzjwjRIUHRG1VQpZ58Aaa%2FobJxps3yZWEQ4AgicslEzgUfe4AEqdIghraH4PdrRgQGN%2Bx9s%2BNEI0yZ4Jn8JfDjTKs2qLsKmC%2Bt28ARKRFYROw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40496a94a58e-WAW\r\ncontent-length: 43614\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 15103488100606558624\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43614,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"ffd4057be0b5aef9d949a861330d93fa","sha1":"d709f1ca35db2308274a0edb8b9d1d830b04b9f5","sha256":"dcf847410196354f3c16e0ee9fbc60f3921110ff86013b31b0a0bc35e7a01c6c","sha512":"171dd578a915697c018b14057ff9136561cf339ba417f2dd8f9938532363cb79f3edda22272a80674a59423e20b6c96e3e4e7f3aa61a5a3b8c4c304c147f996a","ssdeep":"768:e8urDr4gpwG3TMvUToCKvqwP9bDPCqO45+V0D63GQu54vlb:e8urDr4VGj9KPPh3+y2Dvvlb","tlshash":"201302a644b110b1cc6da573dda0106a1ab07cb8ed6d5d1e0690e70fadbcdf63ca3e54","first_seen":"2026-01-10T05:58:33.982671Z","last_seen":"2026-04-22T11:08:20.919824Z","times_seen":115,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":176,"dns":0,"connect":0,"send":0,"wait":90,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/67196d3aa1f44e04aaad63d3d22c9a13?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/67196d3aa1f44e04aaad63d3d22c9a13?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 5518\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 31033\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"67196d3aa1f44e04aaad63d3d22c9a13\"; filename*=utf-8''67196d3aa1f44e04aaad63d3d22c9a13\r\ncontent-md5: GPAFIN2TOvxQWAsNxk60CQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fqw8ONr0-tiwxSIn8f0vyou8aWEA\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:20 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: nQa6lsvpE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: VzQAAAARFa_tjKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5518,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"18f00520dd933afc50580b0dc64eb409","sha1":"ac3c38daf4fad8b0c52227f1fd2fca8bbc696100","sha256":"f1090576f06014bb6d902b02a5ef7efbf3c89e3e13db07921fa7cbc0a7c792c8","sha512":"6b662544b7277cb430b25c1f7b35baa4d02814a38eebfd9eab9217f39e50fd7b460d0b3277c09ddc36ea96617d720fc37d48a1abc40e2582551ef6522f0611c0","ssdeep":"96:lqBawNhLEHGOyOoCQtrybGN4h0vfch8/nBP3dOl3946e1Npx72GXsjb/njEkJ+Fn:lq/4/scbGN4EfnBP3gtGz1zxy4sX/lgn","tlshash":"7fb18ea9fe247ee44d69e0271103cd9dde43576bcb480d4dc25c8af46386b5cbd8250a","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-04-22T11:08:20.920388Z","times_seen":83,"resource_available":false,"data":null}},"time_used":1492,"timings":{"blocked":91,"dns":0,"connect":0,"send":0,"wait":1258,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df76072546\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:46 GMT\r\netag: \"bcaba77e3934314a1f3a7142b7e1dae0\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nf6K0uCew3csob4iuduyIr9%2BIQvrIih7oMDcJRdjG0P09qm5yHZ1SgCXTZRjT3acWuj9PABweDXMz8exFpQ%2BGg0oCv9nRKNRa%2B08Dsi1DnorZsdhcgIDAc4whR5TT7GOg%2B0WOnMNNlmo5Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9eec4c2f390d9f1e-FRA\r\ncontent-length: 344312\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250257\r\neo-log-uuid: 13453164570506563675\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":344312,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"bcaba77e3934314a1f3a7142b7e1dae0","sha1":"1e27f881b48b79b3c5f1be3f494ad4b662b72112","sha256":"d1775eee1bd769f62bc7d07d05901605b3169c1268d4ab67df0ef35470575b94","sha512":"d7437defd57a3330d674cc6d61f98b69b5ac8e0268c5f3f474a2ca94505b8d3ff951f0ea871b918cecb279c5ceeaa2742aecf81d8f3af1c3002c165780338008","ssdeep":"6144:GLznFRjZ8DkK4VAJw9ZFDPGVuiuRpBK9ZnAEpTLpzuJt1wfb1iaPH2kUM:y3Wo3PYuz3q/zqwzdHdb","tlshash":"2a7422e87513ca884b2f8f7b14c42a4d6a8d2e10dceeb5e9b479bd471ec380c867d494","first_seen":"2025-12-29T19:25:02.06394Z","last_seen":"2026-04-22T11:08:20.920997Z","times_seen":844,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":126,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e7b51169fe9a4cf8a6e57d5198b7b126?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e7b51169fe9a4cf8a6e57d5198b7b126?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 19771\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 56224\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e7b51169fe9a4cf8a6e57d5198b7b126\"; filename*=utf-8''e7b51169fe9a4cf8a6e57d5198b7b126\r\ncontent-md5: /ZVNCD7oWm8aPyRx3HViQg==\r\ncontent-transfer-encoding: binary\r\netag: \"FlXwTYPQH0AsMIt25PqWp_sfeMeu\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:15 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: w7aus12gM\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: UJgAAAC9EmoEdqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19771,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"fd954d083ee85a6f1a3f2471dc756242","sha1":"55f04d83d01f402c308b76e4fa96a7fb1f78c7ae","sha256":"1576760ad926f7ac4d0daa1f4ddb9948ae4a94b76cadce6ba06aaa7de2fb87eb","sha512":"3a12da7da28de16f0d3c8ae950f38c7279e56ac8911f1723493f4ed50613a02e276396b9e036dd5b0615895340810eeb45fc071f9d348381b0ac54149509cb77","ssdeep":"384:FkY/8NldeH/VQNkZCl0E9drsnYqZVXW9URWkUIHG3nQ6VVwWiAqkNcR:eq8fsf6JAYqP/UImnhvQkuR","tlshash":"9792cf270a7fed708d1ed3466569453e801fb03c392bb794ed8692ea1bd081d8e186b3","first_seen":"2025-02-21T06:40:25.57561Z","last_seen":"2026-04-22T11:08:20.921615Z","times_seen":241,"resource_available":false,"data":null}},"time_used":2516,"timings":{"blocked":940,"dns":0,"connect":0,"send":0,"wait":1278,"receive":298,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/f24ecec914ca47c093e5405cbadaea06?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/f24ecec914ca47c093e5405cbadaea06?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 17960\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 31033\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"f24ecec914ca47c093e5405cbadaea06\"; filename*=utf-8''f24ecec914ca47c093e5405cbadaea06\r\ncontent-md5: euGd9huL/nAsL4fIIQ0k/Q==\r\ncontent-transfer-encoding: binary\r\netag: \"FhE0ggZc_ilsMchvkUnDhIkVntkY\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:21 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: zyVHAyfl0\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: puMAAACzaJvtjKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17960,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"7ae19df61b8bfe702c2f87c8210d24fd","sha1":"113482065cfe296c31c86f9149c38489159ed918","sha256":"0d7564d27f9a7fc8ed6935d2c31ead7b16e4456ea9693440d697394d7128c8f6","sha512":"6ffc1637925d5dd18bf37f24a7be2175672e649cf528df8b7cdf39bf7651468e012569fa012ac2f5873a7316ea85484a7df42295c2a7c9cf4fbfb9dbadc07c88","ssdeep":"384:M1OHnAMf5D8FGkj4HQHvLhxOgeoy3UDn5WxfgThhtcJ18EU:4aBeiHQHvLhxOOIUD4+T5cJA","tlshash":"2f82d0b7bcd0f01e75ac9066924b30817db01644a98483684f6f7586dd6bd139df9fc2","first_seen":"2023-08-31T00:31:19Z","last_seen":"2026-04-22T11:08:20.9222Z","times_seen":77,"resource_available":false,"data":null}},"time_used":1465,"timings":{"blocked":93,"dns":0,"connect":0,"send":0,"wait":1258,"receive":114,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor.json?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/json\r\ncontent-length: 646\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: \"68dbcacf-286\"\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70c3250d\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-04-22T11:08:20.922791Z","times_seen":1400,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":540,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: IjEP74MgU+0AZ/PMS6xJxXf0OWOteNbAxxm8t70ZTnVWfvc06R8Vgiz5RuwNairKEAWSC+8SU/iqBJo+kp/pUSV8+ujg8/EPENxQnEyIHgYcJKmQp+UH0sfryaeDWHc1ekLMwHuicvDZUFV2EP7HyNNzWMJmAVpJYFiIigQ2SOw=\r\ntimestamp: 1776856036032\r\nsign: 7t7dc6k5s30i164a\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:10:16 GMT\r\ncache-control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7340252e\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"aa1fe36cc499baa3fbdc7ab9bda7432f","sha1":"201b0fc1c4c699f3538c8e3992ec08ecd2f3acb3","sha256":"d509d9e26b3c3a371856286d14bcdd4f17125a10d8ee40e119fdecaf964fb478","sha512":"2dff3b34740cc9d3690f596673675516493472f5ad4bbd3536b5b1b18922543771be73e01051874bc7039aef9461cedb841f0cbe4945118bdea5773a4b3f7a55","ssdeep":"","tlshash":"03b012a2d5a309ed9644713104305c414be022ccc9bcf858c7bc4d2b45650210494105","first_seen":"2025-08-09T20:01:46.169117Z","last_seen":"2026-04-22T11:08:20.923429Z","times_seen":1399,"resource_available":false,"data":null}},"time_used":514,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":514,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:32:15 GMT\r\netag: \"0ffbef6a98ea94ec40dde1e250415640\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FLrW8ECFAhGaTp9Df5fbepKmxWhj2jmvDmSPrtEEv3EGEa96xnHjzqIdDkrsCHnybxYCpW2XeJcSUcMscTzoH046Rkrky2vRAd2%2BsEllCF57xCfLVect4oMoASoG1r5qyKg%2F5Z44NP4sgw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40495bde6332-WAW\r\ncontent-length: 83944\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 10546596180935416242\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":83944,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"0ffbef6a98ea94ec40dde1e250415640","sha1":"4fd8d4889382f26ea6af7645fd9f9dccf4ecd7b6","sha256":"470bd1281d480d2db4d32eeeccb00c774b85f75c8055f155dc7a1965f974ecc5","sha512":"c3656df1b92b1a37bf76541ad5512a2fb71a947082b912db55c5e23d758394d2f00e88d03340fb60685d5fc0bf50fef38b11ef8051cbd201d31f0e8c6276acf9","ssdeep":"1536:ia0Pq9/ipy6cNgUraO4ysYwAcTa6bfr9BHltyI4VGeglGZVClKy:ia0Pq9/hzvhsTAp6bhBH7QLZolKy","tlshash":"e283128e457a2ceec4bf7de9266cf94f60ca5e31557b1add437826c9208b80cd327252","first_seen":"2026-01-10T05:58:33.892888Z","last_seen":"2026-04-22T11:08:20.924104Z","times_seen":115,"resource_available":false,"data":null}},"time_used":1053,"timings":{"blocked":448,"dns":73,"connect":23,"send":0,"wait":150,"receive":2,"ssl":353},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df76112548\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/caa49f461bce40b3bdd516ff77b10d73?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/caa49f461bce40b3bdd516ff77b10d73?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 60001\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36420\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"caa49f461bce40b3bdd516ff77b10d73\"; filename*=utf-8''caa49f461bce40b3bdd516ff77b10d73\r\ncontent-md5: B0SzQdZEjYSn9M/OnLlZLg==\r\ncontent-transfer-encoding: binary\r\netag: \"FvmVy63KawAKhFLocIE2D_aynOL-\"\r\nlast-modified: Mon, 20 Apr 2026 13:32:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: YGRGlfhhM\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: on0AAADP9GsHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60001,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"0744b341d6448d84a7f4cfce9cb9592e","sha1":"f995cbadca6b000a8452e87081360ff6b29ce2fe","sha256":"7cddba714db298da531954779d3882b1f20ea52f83a2d1a341024193b970c738","sha512":"2c8974c57c0c9591187dbfd8d1ab5de2294b463d52df7b5adeae9fa8481b1c433cd8c2ab19400bc44020a27c1f37875ed68caa33522cdfe690b1af4f2d75d9c6","ssdeep":"1536:xqwD96WOdPWEAz+U7VMPN/9mX5BVgqZxVZIw:xvgSz+t59mpBVgqZtIw","tlshash":"864302cddf5f212d6f1390cdfbe53687619059a6a8d86bd3cd0d402aa59b07b30b51c0","first_seen":"2024-08-19T15:01:26.073637Z","last_seen":"2026-04-22T11:08:20.924823Z","times_seen":171,"resource_available":false,"data":null}},"time_used":2301,"timings":{"blocked":218,"dns":0,"connect":0,"send":0,"wait":1258,"receive":825,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75f02543\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/css/index-399e2569.1774008371298.a7b0b4f4.css","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /css/index-399e2569.1774008371298.a7b0b4f4.css HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-faee\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424e8\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":64238,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (64238), with no line terminators","md5":"1f30d2cd291b70a1848607e3460d9278","sha1":"e91e48518ec94fcaacf418789927f34d7527dc99","sha256":"8ce1851c7bd6e7db80ee5ee8da7a0c808f29756dda3c941bb3811dc3bd3e5afd","sha512":"3cf09b1afc740c4a219a45a233489d76587ec8bd80a57c52ab133f33fdffa8a3fe35a0a27e386270ebeaa9e86d156897e44733b8eb83ee6935fe67749c30cd0f","ssdeep":"768:E0ouVbMisnf7X8vtr9UL5srs7hAqpLe20TCKiNkZICSA2ohGyHukQ9aaV+TJtU+G:HoGws9isrQAqVe6KekWRlkQ9hf+Pe","tlshash":"c6538d3123e0286ee27b6b16ec51e659352b8602f127625af703362fc1d72f5c67b742","first_seen":"2026-03-20T12:57:26.768432Z","last_seen":"2026-04-22T11:08:20.926618Z","times_seen":102,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202506/_enc_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202506/_enc_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:32:07 GMT\r\netag: \"edaf3a34d49e86d1ff9ac779f4a2d3e6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7uu4ic2xTn9dEZ6pzitPlOLil8neEJjvRZ92iDeHtfo4Cv%2Bb70DfrfHuXhVGWXAqZWUR6fmcHKc5yTnqbfwhlhn%2F%2F5suwy%2B7dSx3o%2FkMbHKQRGVhNH0AhyRteSSjgmZMZ2%2BIhnHRMEx7Ww%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049cac2ee3c-WAW\r\ncontent-length: 148768\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 11421079163100210483\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":148768,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"edaf3a34d49e86d1ff9ac779f4a2d3e6","sha1":"2ac01c9d0f0014981c2f5792f827bae1ac2dc8a4","sha256":"295b30f1b7e5c3c745225612e97e1de23938eac568154cb83bf876ffd2635bd3","sha512":"64ae0ddb5951c860f016e7dd59e0aca072c9d67a378884660318066ad664bc7d7c826a88c0107c9cf808ed0e8de8c3d9ce6728d1bbb00a7a0da7730f704a567a","ssdeep":"3072:sgpSjBxCU8A3MroXYq21tKxGDaxxoyg4KtBHs7T8YMA4q8B4:sgpSjBGYuOYqGKx7ygoBqT8Yln8","tlshash":"f0e313b7f29016bdd991ca376f9f02f832051f64f4077e24a5509801839daada1fb572","first_seen":"2026-01-10T05:58:33.946906Z","last_seen":"2026-04-22T11:08:20.927377Z","times_seen":115,"resource_available":false,"data":null}},"time_used":1088,"timings":{"blocked":454,"dns":77,"connect":19,"send":0,"wait":87,"receive":92,"ssl":354},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.704Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75be2537\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.722Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:17:09 GMT\r\netag: \"2fcc54486b2179e536ba332abd714c28\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GvTmLx%2Fp4prw7WIjxyZwQ4ZElAhNgmZxeoWebJnR1PjPfMsIqWL0vYhXaXUCqAFkw0fZa8%2BciC7ze0wx5vmel5pyBdEyNMc3qle4ImreTgurb8Ld2cG%2FoGRl1KqkMbWcL9fQtAyPOojdhg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049cf96dbc1-FRA\r\ncontent-length: 72760\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 4571832146437869670\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":72760,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"2fcc54486b2179e536ba332abd714c28","sha1":"c6647fa22a586a5857f35324468970690ca28009","sha256":"a51954627839630d868c09113a0772127abaaca17a66d86a6ae32deeaa53f21a","sha512":"8f7ad498380efb6208b3a0d214f008e2274acae9c93374a30f8d35f081df3fb74fffa8468d7a0730853ca6f119793b671a83d695f1f4cb317125e881e3158738","ssdeep":"1536:OqiacLi4hDdd3WrRvp1BtjWbzMEws521D5kBTVhe3w/PKgXJcuSOe:O71L7hgrhXBtjgzMEF5A+VkEPhNe","tlshash":"d06302ccd2c89aa0c4a46cc7f4057b38a962b589664f997303e2e387cac57d91b171bd","first_seen":"2026-01-10T05:58:33.830314Z","last_seen":"2026-04-22T11:08:20.928109Z","times_seen":115,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":369,"dns":0,"connect":0,"send":0,"wait":31,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 09 Nov 2025 14:20:33 GMT\r\netag: \"c863f2d8c28c65694eeb613eee895fca\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3V2RUM8C9oDdna32PhQwooDVq2ZR2PhuCnHojGw%2BShoNFrkBgM4WA2XKzlV12P9LWU9OVo0w3%2F06YfyLZd8acQgW5VlniyTwajBDAxAZ11IdGQ3aSPOg1IjBRxB%2BlYNF%2B8D8saCc2OnshA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40493b341c11-FRA\r\ncontent-length: 26068\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 14128312800293560943\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26068,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"c863f2d8c28c65694eeb613eee895fca","sha1":"8ad8e62d37b4bac510edd70367751b9aa21d0b0e","sha256":"1e5c119590a764413b7a246b4e471028b7ad045ef48fe3b6f4712ffe1eb5058b","sha512":"a029e824082f45a77e7030ef8a7ea40927c5969eeab0373289d97ff09cdb179c8df0afcd4771759ef10487f5ec2e4c37d6981765edd2a751362eae6e87a3f518","ssdeep":"384:Qw9CBmVKxqlIavZBdogyHrWz/1ope325wQBJKn5QahMi7HjOMdOdjawQJoYh:QyYmV5Vv7WZLWhop42525Q0M+HujawQ","tlshash":"d8c2f1c1bd2de5069b37c26e64a6c70f00c49781cfaa2c677736129d4d365abb55900e","first_seen":"2026-01-10T05:58:33.798895Z","last_seen":"2026-04-22T11:08:20.928771Z","times_seen":115,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":178,"dns":0,"connect":0,"send":0,"wait":119,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:55 GMT\r\netag: \"f775bc29d118dfd0ace54fb7bd6c5430\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N%2BRR9JQsB%2BEK022rYpoH%2F%2BeUV1i46zO3ckAFQQIXXOVGw1XzMk4r3ZFvYD7UzpX5zOxvy%2BtFAxOu%2FZjID7NOvDEk4ykY6kAugIvaucCSVGcCjJZHb0TFlb%2FuNgH5HwXtX%2BQBb5cIz5Ya4Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9eec4c2f2b6b1c28-FRA\r\ncontent-length: 363024\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250257\r\neo-log-uuid: 16180128785795253016\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":363024,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"f775bc29d118dfd0ace54fb7bd6c5430","sha1":"cb0cc4b837631474e3aa230ae056fbf0b35a385e","sha256":"835a8c6ac62cb8f7d904344f78ad3d2619c969a8375479269b054c9cb0561eca","sha512":"c97c3af46ca941dd06b6e518279835d910b69248a39fe069671dcbf2fb7d09b1b515da16f95b32bfbce6f42edc839b953f844626794f4c47f9442a38d1f2137d","ssdeep":"6144:iQgiqnqSjhCWWT0HqPrWJehmhH6rFITZWJEkA0DmfsskR7s+kQXpNhd3:iYiqSFMT/jWJehyaJLEFssE7O+3","tlshash":"b8742392ce8f8c8257bf9f7114027d4e9048dbc6b9d107a05338de998efe518d6ac68d","first_seen":"2025-12-29T19:25:02.008858Z","last_seen":"2026-04-22T11:08:20.929479Z","times_seen":844,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":98,"dns":0,"connect":0,"send":0,"wait":126,"receive":129,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/bdb278390bcb4f4e9d7b495f311137a5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/bdb278390bcb4f4e9d7b495f311137a5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 99369\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 84729\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"bdb278390bcb4f4e9d7b495f311137a5\"; filename*=utf-8''bdb278390bcb4f4e9d7b495f311137a5\r\ncontent-md5: iS23IRQtBD8eRf5nex2sCw==\r\ncontent-transfer-encoding: binary\r\netag: \"FtMd_GjcfNhDGgxWbJvjISdSpH0A\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: eh08DRbtW\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: lvQAAABxYroXXKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":99369,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 390, 8-bit/color RGBA, non-interlaced","md5":"892db721142d043f1e45fe677b1dac0b","sha1":"d31dfc68dc7cd8431a0c566c9be3212752a47d00","sha256":"4f4a751d49d688c15687dfe96fa593ed66371e4e587f5f7eeae44fd00fba7486","sha512":"0d7a2446322414a31f7da70644adccb8e4e1e5d01d98333d4ed027d0b08ca5d91c89d3f5f008a45de1fd6c955aae638c39eb7e0ce79a09491bdca54df14c9b96","ssdeep":"3072:MIlIsPv4e3xREI00iwX1Ctf5mI+Ayn7ORS6/:MJkRE0iaL+Z","tlshash":"0ca312c7021dc4c0e3dc5e327384f729ea6b66d994c1a7c53cbe14fb61e7899132258a","first_seen":"2025-03-31T13:06:08.244232Z","last_seen":"2026-04-22T11:08:20.930201Z","times_seen":23,"resource_available":false,"data":null}},"time_used":3276,"timings":{"blocked":1039,"dns":0,"connect":0,"send":0,"wait":1088,"receive":1149,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75b22535\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0d2785b405794ddba5aa2beb48d12cb5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0d2785b405794ddba5aa2beb48d12cb5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 32346\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 84731\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"0d2785b405794ddba5aa2beb48d12cb5\"; filename*=utf-8''0d2785b405794ddba5aa2beb48d12cb5\r\ncontent-md5: sz2QXfndZH++dedVbbGNoQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FnbQOwk1zpDOccYNZHLDZAU3R0ot\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:16 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: OKvhn93pm\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: JncAAABPPycXXKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32346,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"b33d905df9dd647fbe75e7556db18da1","sha1":"76d03b0935ce90ce71c60d6472c3640537474a2d","sha256":"08506ddf0cd0bb3193af4c0457e84d2d504c9a4f8bf567e2b5cf040b7c2241d7","sha512":"df329a4266bb6b732636c9bfcec72b2dbf8c02083e660a695807cd8b31936dccc330f8389b671f47f670bd537ac127dda729872c2b8726237a382c65a73b2c27","ssdeep":"768:WKkxR5GkMxgup4DOWo7NpKWgrufPltiijE/EzEQH8hEa/:WKkJGhx1STWgaeidg","tlshash":"aee2f2ad2194df5fc019836b8e0f86119bd4c96d62533a28ac0e7807f6386ea7fd4694","first_seen":"2024-08-19T15:01:26.13023Z","last_seen":"2026-04-22T11:08:20.930978Z","times_seen":38,"resource_available":false,"data":null}},"time_used":2791,"timings":{"blocked":1041,"dns":0,"connect":0,"send":0,"wait":1297,"receive":453,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/26e8ed23a0804cef920faa3e76b513cd?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/26e8ed23a0804cef920faa3e76b513cd?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 19440\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 28866\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"26e8ed23a0804cef920faa3e76b513cd\"; filename*=utf-8''26e8ed23a0804cef920faa3e76b513cd\r\ncontent-md5: bBWuKREnpZ+04YqiSh8B8A==\r\ncontent-transfer-encoding: binary\r\netag: \"FiH3hFCM7tYfY2XbBqzPILULcyCu\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:24 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:2\r\nx-m-reqid: iEzMkKI2o\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: lygAAADr5iHmjqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19440,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"6c15ae291127a59fb4e18aa24a1f01f0","sha1":"21f784508ceed61f6365db06accf20b50b7320ae","sha256":"a6f47edc16f1ad7c4602695c3067e33dfc999c23c45968637db59ca5c16fd827","sha512":"7dba52e191f8e4abda9ce953efe30bbce707eb8608a68cbc154694973364fb1ed423b79607b0ac744b43bfa80cb1796e170f4e33e333cfd8e0e584a7b06d9424","ssdeep":"384:tlLSLWS9+2PDe1feVS2W27I3s7PGrU267ZLAmev6eGUh72j:tlLSSS9W1feparU267qpGa2j","tlshash":"4f92d18f2f3381cde14877983147ed3d9d5cb2e42311620fe8a3aaf6369645668921cd","first_seen":"2025-01-29T13:39:14.64461Z","last_seen":"2026-04-22T11:08:20.931752Z","times_seen":119,"resource_available":false,"data":null}},"time_used":1662,"timings":{"blocked":84,"dns":0,"connect":0,"send":0,"wait":1262,"receive":316,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75f72545\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/assets/logo/favicon.ico","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 585615\r\nlast-modified: Fri, 20 Mar 2026 11:22:55 GMT\r\netag: \"69bd2e0f-8ef8f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6f6e24ff\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-04-22T11:08:20.932553Z","times_seen":99,"resource_available":false,"data":null}},"time_used":883,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":656,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:23 GMT\r\netag: \"3d254bdd326f3c65bf95165fc295cbfe\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4pgh%2F%2BRJ%2Fm0aIoPT69HBEUNJQzC7uZNUvtrjMa6qdiE3GZI9O%2FNWihAyWACwREzw1nzNY9btAOeUvDw%2BJdy%2Bb6p5NeplHPOBYEdUIYCqAIBiW8xWlIyolnm%2FyLvR%2Fw67j%2BV2qNXoi2c%2B9g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40491a5bd271-FRA\r\ncontent-length: 47302\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 3185869124161492330\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47302,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"3d254bdd326f3c65bf95165fc295cbfe","sha1":"80a20ff1ceb7d4e42820982afd65791962381b12","sha256":"22896dd98e85414cb4b923d315da42c8e438028167e63f551ce55419a1c9ba1c","sha512":"9f0616eb1f040bb2581053ecfdc81c60c3d869138005730649a8f58a2443ad1498953e485ad4106e1fa7811a19590d2a43e1db47ffa023146b6a48b53a18a29e","ssdeep":"768:9ZnM3sRPLsymAdeJz26xNEyuGpVt/5NS6xUdP8Hx3JZa1pASN7ZWjcTH:HnusBypuGLZnStl8HcjASN7ZW","tlshash":"782302c4856c2f711255d3f8ffe06b58c6783940bef8af769f361a66186e1c2c90a44e","first_seen":"2026-01-10T05:58:33.773412Z","last_seen":"2026-04-22T11:08:20.933352Z","times_seen":116,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":275,"dns":0,"connect":0,"send":0,"wait":140,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/4444f5af451542a4b1e1bfc2483d2a8a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/4444f5af451542a4b1e1bfc2483d2a8a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 26659\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 268\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"4444f5af451542a4b1e1bfc2483d2a8a\"; filename*=utf-8''4444f5af451542a4b1e1bfc2483d2a8a\r\ncontent-md5: 6dkxRJhkP6218F/BNWRk8A==\r\ncontent-transfer-encoding: binary\r\netag: \"Fg5zgPS5G-C-wi9qUlmVcSa651w_\"\r\nlast-modified: Tue, 21 Apr 2026 20:07:49 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: KtWYXJKje\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: -8AAAAAFkNboqKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":26659,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"e9d9314498643fadb5f05fc1356464f0","sha1":"0e7380f4b91be0bec22f6a5259957126bae75c3f","sha256":"88d62a113bd7f8fbe4e08bcc5c4f4e570b7340f3c7c4df15e012ea40003002be","sha512":"c172d7075019bd27e645d376a3941f9da119e1ae91fcbcc3f389026edbb568c01d7531319a65629791087d0582dfc5e38ee02c8a1bcf9f1c43b952e298b14d58","ssdeep":"768:+EkKjLt0HkbeLuQjJ3w9b0+IUQ8JyFRVK7z:fJjLQljNiTMFRVEz","tlshash":"37c2f1c18ec4c940b52451bf31acc3dba4ae2da2c2f95dd472e5ab1b212af58c5c7353","first_seen":"2025-03-28T02:30:49.239388Z","last_seen":"2026-04-22T11:08:20.934139Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2424,"timings":{"blocked":1209,"dns":0,"connect":0,"send":0,"wait":1090,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a25e2eb1c9f340cba0c409ce83431c26?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a25e2eb1c9f340cba0c409ce83431c26?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 56118\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61632\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"a25e2eb1c9f340cba0c409ce83431c26\"; filename*=utf-8''a25e2eb1c9f340cba0c409ce83431c26\r\ncontent-md5: Nr9b8Mj98IwScBJICPBg4Q==\r\ncontent-transfer-encoding: binary\r\netag: \"FgpG1pA3Z2x7nDjpQECNF2DXgGAu\"\r\nlast-modified: Thu, 16 Apr 2026 19:29:20 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: ztQAV1hzE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: piQAAACuwU4ZcagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56118,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"36bf5bf0c8fdf08c1270124808f060e1","sha1":"0a46d69037676c7b9c38e940408d1760d780602e","sha256":"418356a85970daaa8cfe95a4531db04a3739609c5ab7d5d07450f53db473002f","sha512":"53b38b34f05f564aafd8d22e0b634b24a9c16f56a8c52ccba18aaa33d54cd0706f7e388ef1657f36ebef98dd213a27d1fc1d311c0282c9ae869d9faf800c8e0a","ssdeep":"1536:wyHMLt/aAv+GzelUeq5/qplJVRCrfwV10tK:wyHM/aS3SUee/2lJVUrYV10M","tlshash":"ce43f2cae2406d5346fb513479f964aac9f5902ec842c906e8b85099f09332ed5cfb6e","first_seen":"2025-02-04T17:13:01.158425Z","last_seen":"2026-04-22T11:08:20.936616Z","times_seen":205,"resource_available":false,"data":null}},"time_used":3162,"timings":{"blocked":1025,"dns":0,"connect":0,"send":0,"wait":1293,"receive":844,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/885661ebd6394bd08f78a905bee29ab1?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/885661ebd6394bd08f78a905bee29ab1?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 10107\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 28928\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"885661ebd6394bd08f78a905bee29ab1\"; filename*=utf-8''885661ebd6394bd08f78a905bee29ab1\r\ncontent-md5: 3BfB47xSYF7T6fX7l9J4qA==\r\ncontent-transfer-encoding: binary\r\netag: \"FuD9D4TzUv_FGQn_IqA-DFtOx--W\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:23 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: L5XUPjZum\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: PQAAAAC6eNjXjqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":10107,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"dc17c1e3bc52605ed3e9f5fb97d278a8","sha1":"e0fd0f84f352ffc51909ff22a03e0c5b4ec7ef96","sha256":"1ca7173d3a9a5cffb3336abe3312ffd8edc77d55ae171c38bf5872ab912658ec","sha512":"a16cf6132bc129004a6207ccbee91a2fa451b8dd0b31707d702d94210941ff6c9fcea587e0be06b18f8cebaffe61918f8652cb979f42e8c6e1c183c9ea1980d5","ssdeep":"192:D/zPN9P2YI7Ob2oFqDEVTyOHyS8aag1cUdjkVyoSc9gvAUAi9Y5KIp:D/DP2YYOjFzL78aa8djvWgsio","tlshash":"4622bf5d5bbae0b48ee78ffc41001ad49adb9bf753182663511b982dad0934d1d24782","first_seen":"2023-11-10T19:11:58Z","last_seen":"2026-04-22T11:08:20.93772Z","times_seen":132,"resource_available":false,"data":null}},"time_used":1488,"timings":{"blocked":87,"dns":0,"connect":0,"send":0,"wait":1258,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/45540.1774008371298.8e1e0acf.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/45540.1774008371298.8e1e0acf.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T18:09:28.300102Z","times_seen":14071331,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: RFd+7djw3NO6+cWk3b0FelEZhT1gs/Ss2uspfyXwU0xSco9n+ClUiAUqcXbXcVgYeTyRjz+5bkDJXHdYyeFAI4mYfQ2q1+8DzbI3c4vnZbyJJExd+jSB1FgkzymTwDV6HXZ80AIjnLflCTfPW/uRnktYd/Rp/GH4Ms5/YCOR4zE=\r\ntimestamp: 1776856036032\r\nsign: 6d5v29731n1q7l2s\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:17:16 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df733d252d\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3632,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"b1becf5826103f8dce588065a63ddc4f","sha1":"1e111fda1891f3c1bb8a1c6c0444940c24e6ee8f","sha256":"53ddca5bb11a704f0677f6b6d3bc085c60cbb8a9b62dd591eedf5eebb876da25","sha512":"dfd7ddd9512d3677a16e79ab667c276c9ee25bdd16b1756695cfaa5e255e3c61ff6e8f583c901f620dac2d809d6b905284a29b7718409f720acbc28d4a626db8","ssdeep":"96:eOG3iMFIoHUm0mYvNGEw1sSB+Z+x73L7648bFYOaJQGCCrzlRdTe5s:VL0cmeRw1BB+ZG7RKOGRCrUs","tlshash":"a8b18e2659a1dbd4e946cafb38d0cfd027a35be87b937fa0cfa58142449a0414aaf085","first_seen":"2025-12-29T19:25:02.051672Z","last_seen":"2026-04-22T11:08:20.94084Z","times_seen":862,"resource_available":false,"data":null}},"time_used":517,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":517,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25cb\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11771,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (762)","md5":"f8a178bd4272babdf659876d039d1869","sha1":"20ddb374974e52c0aac6640aa7d3df3010effaf1","sha256":"8790b94900f5a1294f031a9ea189fcc5bb0e47634cf1a4342a44dcd23f09a38e","sha512":"56a541d091f08282ca2d2fb0d079d5f3fd7d787163494bc9a6c11f017926c32298847027b5cb77469e93feceb7493a5ed5e0fd7fe1bdf3e4afeec11c613730bb","ssdeep":"192:NyawIifNhJRaL3a2HGsl1+mA5Jh60WJjXCArxqNmlePJRqfweqaiZLqBNNKwMuFS:43ERrxqNBPJQ5F8v","tlshash":"3232c59b8df28816252360291fbef2083a72d01b8609dd403f9ca7985f94bdf45b3bd5","first_seen":"2026-04-22T11:08:20.94174Z","last_seen":"2026-04-22T11:08:20.94174Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":858,"wait":1027,"receive":1252,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/466c8dff691a418498d919ffa39f3b4e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/466c8dff691a418498d919ffa39f3b4e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 26102\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 90438\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"466c8dff691a418498d919ffa39f3b4e\"; filename*=utf-8''466c8dff691a418498d919ffa39f3b4e\r\ncontent-md5: sUIc4y4Y48wjmv4amUic0g==\r\ncontent-transfer-encoding: binary\r\netag: \"FlwyWn3yVvoUaYE8HrFJGimjncSD\"\r\nlast-modified: Thu, 16 Apr 2026 07:26:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: ETVmeEXvj\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: MroAAAB8QHzmVqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26102,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"b1421ce32e18e3cc239afe1a99489cd2","sha1":"5c325a7df256fa1469813c1eb1491a29a39dc483","sha256":"461960668cbb8bb43e2c6a6d365531a5922d3995372506918bfbb8dec961e837","sha512":"e263445692f07e1d37903fdab276a86c950be2b407d461672e1343e6644868e34ee58bac6b7faae6610471968b45eefc3cafe21e5a8ed788a8574ea1be9b9f85","ssdeep":"768:/6HmJkkazMY1Ac3JLrcsIATZVhS6IjqtLAp:iGqSc3JfcsIIngUw","tlshash":"89c2f19b7009b081d2efe204791484b49f97235e3bf5bb7e11e4e83a68b0b141d340ee","first_seen":"2023-07-08T08:51:57Z","last_seen":"2026-04-22T11:08:20.943982Z","times_seen":173,"resource_available":false,"data":null}},"time_used":3175,"timings":{"blocked":1285,"dns":351,"connect":251,"send":0,"wait":511,"receive":54,"ssl":721},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/47cebd9a0ac94896ad0859ce09d048c6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/47cebd9a0ac94896ad0859ce09d048c6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 43852\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 53\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"47cebd9a0ac94896ad0859ce09d048c6\"; filename*=utf-8''47cebd9a0ac94896ad0859ce09d048c6\r\ncontent-md5: LKHi+e0ku1ynRX49Tt66cA==\r\ncontent-transfer-encoding: binary\r\netag: \"FrsZ0nzj6XVVH2WKul9q6q2_CdrY\"\r\nlast-modified: Sat, 21 Mar 2026 18:20:16 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:50\r\nx-m-reqid: NNYGqmQh5\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: rFMAAAC2QLQaqagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43852,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"2ca1e2f9ed24bb5ca7457e3d4edeba70","sha1":"bb19d27ce3e975551f658aba5f6aeaadbf09dad8","sha256":"fcd6b965a0764230f23521cfa01e011211a2382ffb03b333c859a1a44abe987d","sha512":"0ff201c85062a537c9f44eea7ffc7cae761eb01df15853efbba25614bb83929634a67cb5f7b74abe86c1646434a552c6e62cc609c8f9b69b8966e6e217d65eb2","ssdeep":"768:p1mXkDfQXAJL1owiJ7uQwdeDMm9uCStCWnYOGczhIMQLoJ91KXWwd7atpXr5X:nmUyozNddbmT9ieMzJLKmwdehX","tlshash":"521302023e52eb513efcc7618c125e408e101698de448c769bab2efa56c43c2c5fe9ec","first_seen":"2026-04-22T11:08:20.944976Z","last_seen":"2026-04-22T11:08:20.944976Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3034,"timings":{"blocked":1213,"dns":0,"connect":0,"send":0,"wait":1088,"receive":733,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/23f1838fc89448a9b3935105deae2950?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/23f1838fc89448a9b3935105deae2950?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 12384\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 1566\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"23f1838fc89448a9b3935105deae2950\"; filename*=utf-8''23f1838fc89448a9b3935105deae2950\r\ncontent-md5: z/ofbOe/ZG6A/wtCBeoNaw==\r\ncontent-transfer-encoding: binary\r\netag: \"FvMrvrWOz4n9UHsZFAJzBj2hGbJP\"\r\nlast-modified: Tue, 21 Apr 2026 16:00:34 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 9eVcPB836\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: PK8AAABaQ3u6p6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12384,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"cffa1f6ce7bf646e80ff0b4205ea0d6b","sha1":"f32bbeb58ecf89fd507b19140273063da119b24f","sha256":"81020ba3eb7ae75405b57bcb95ab153443c88894bf933c5adbc9cd8bee740603","sha512":"d9cc85a6813eebade919860a7da6ad76766362627ec19271f38c321e38b501dae3bcb95237f7b892d6c972b2afa7b0b6dfbdd5522b30010bdaa9fa75a76ae171","ssdeep":"192:v2pzepuNZv3bxGbuPCvVXMtg5QIFwxdT6OqCBlLEIhPbVxe08FYjCH1tk/bDJScl:slg6aatWFDR+LzT8FnVC/bD1aRC","tlshash":"9042cfd86f088f4e6689c1aadfcb81adee39615a18adf43c3134c000626f7e59c991c7","first_seen":"2026-04-20T09:22:44.206629Z","last_seen":"2026-04-22T11:08:20.947214Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2279,"timings":{"blocked":1228,"dns":0,"connect":0,"send":0,"wait":1050,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/no_data.02e9590c.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/no_data.02e9590c.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T18:09:28.300102Z","times_seen":14071331,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/license.ea57c78d.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/license.ea57c78d.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-7b8\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7132251d\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1976,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 161 x 52, 4-bit colormap, non-interlaced","md5":"60a2c7c150b01809fbb7b97932684b5b","sha1":"67fc9647c452a17b519c6a51dc8c38daa23755f9","sha256":"c5ce31558a1f979ae78c7779d2f312b196750375541e9c147b73d6e44d47c276","sha512":"2328442fa1c74e47c6eff4adab55920c7e7738e7ae51bd2b222fb696bbcf8201a14805089a33baa80c28a40db47061048d817c384bd72735b2e0c0116ff63c6f","ssdeep":"","tlshash":"b3412a6266729beced1a8c47592c7df1d8338ca1a200e1c150ed761f1bf8e1060e7a94","first_seen":"2025-08-29T11:05:53.23289Z","last_seen":"2026-04-22T11:08:20.950338Z","times_seen":1206,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":715,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.870Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df76462550\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25ce\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":3355,"timings":{"blocked":-1,"dns":0,"connect":0,"send":863,"wait":1028,"receive":1464,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c3395a3b86e64a77bc21cd4ee7fdd9f5?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c3395a3b86e64a77bc21cd4ee7fdd9f5?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 17623\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 90438\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c3395a3b86e64a77bc21cd4ee7fdd9f5\"; filename*=utf-8''c3395a3b86e64a77bc21cd4ee7fdd9f5\r\ncontent-md5: WAbS6q0mnzldC5UWSm8Eng==\r\ncontent-transfer-encoding: binary\r\netag: \"FjLRHcpENzefcQdyjgyKGSNh-Edc\"\r\nlast-modified: Thu, 16 Apr 2026 07:26:54 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: nGcyJlWJz\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: zAUAAAAUU3zmVqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17623,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 139 x 181, 8-bit/color RGBA, non-interlaced","md5":"5806d2eaad269f395d0b95164a6f049e","sha1":"32d11dca4437379f7107728e0c8a192361f8475c","sha256":"6ede3953d83405064ab1df0719e6481a7def427defb402d3c451c541e284fbd6","sha512":"e8da29bf8c0a7f593b4f66abade0291886dcb134fb70c1f777b4dba80d30adf17adc10de3514e879f26a2451dde6803f9164f898fd373d1c28840205d28f5ec2","ssdeep":"384:2FoANXd7ZnpUyD0wbicO8c5s230FGkvEUlGf85bpWPruiA6x1c6Xf4gaAO7:2zsyD0wbhUs23kvEUlkebpWP8eq6Xf47","tlshash":"fe82d1f829d606678e9de501275d86cf97275303b6430ebb9297103fca36909c8bee1c","first_seen":"2025-04-01T11:41:17.722537Z","last_seen":"2026-04-22T11:08:20.951451Z","times_seen":204,"resource_available":false,"data":null}},"time_used":4210,"timings":{"blocked":1311,"dns":365,"connect":249,"send":0,"wait":1261,"receive":277,"ssl":731},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/51e68b28d7d54532a9e59d7e354304eb?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/51e68b28d7d54532a9e59d7e354304eb?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 61719\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61632\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"51e68b28d7d54532a9e59d7e354304eb\"; filename*=utf-8''51e68b28d7d54532a9e59d7e354304eb\r\ncontent-md5: XDw5D8HLezXwbruxYBUcJw==\r\ncontent-transfer-encoding: binary\r\netag: \"FlmTgAViya1Ujj4s95TBjh1sCFpV\"\r\nlast-modified: Thu, 16 Apr 2026 19:29:19 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:1\r\nx-m-reqid: bxo97UykG\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: osEAAAAkuU4ZcagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61719,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"5c3c390fc1cb7b35f06ebbb160151c27","sha1":"5993800562c9ad548e3e2cf794c18e1d6c085a55","sha256":"2b89af1fe7ddac88098a4df27fe390c83387fc7f0b8601b4490c5c86a872aa63","sha512":"22f31034b1619ba448f8440fa53acf5229fd56b6e634298ebcabcf3a467071ca5045e95c2ca46f4ec0f85669166f67664c15908a646f9b969584a44b6f960624","ssdeep":"1536:KXB1CJOPsFqq6dgNZ28fosBZZwpBAoxjvfSYOaYy:3OPsod0Jfoh9yYOhy","tlshash":"6b5302c9ef21effe8350491cde049a7ad320d5ac8d8267d9961afc3d9b40e738c55922","first_seen":"2023-05-27T18:34:14Z","last_seen":"2026-04-22T11:08:20.952398Z","times_seen":139,"resource_available":false,"data":null}},"time_used":3203,"timings":{"blocked":1027,"dns":0,"connect":0,"send":0,"wait":1294,"receive":882,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f8306425eba6e0167bcdb25a31b67ec8f","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f8306425eba6e0167bcdb25a31b67ec8f HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: dEaoSfu02LFxyJl5Of0+JhuM5eziatpmxHmUZl6ZDN81O5S6CKuGFPcPyjdqXg+4dAVahxTP1Yjb0KFBdPR/drHy+sRXJ3+ZDAgedbJA3j8Nwm65QXTnCISitU0Dogla5Ejfw4TrZiiJgVwJgu1d2a7KXGYQ8d4mzWSzD1IbNlM=\r\ntimestamp: 1776856036031\r\nsign: 95e71s4f37114d1r\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:10:16 GMT\r\ncache-control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df732a2528\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3652,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"7c5de16bff9f2ef566c488f23162f880","sha1":"34905cdcd0d2cfd34fc55acf9575a435828f1cff","sha256":"34cbf1cf1e57f2662baf42e19fa6de65430cbe65c1d6dd531dccbaa96dbc5eed","sha512":"e6969e73b8530a088f93b70ada55c6de816a7427c2022ea9bb6089d32ab5c5dc0b8f69a681f7335c05eb1779daa2965897e7a6a42a0e4d06f1b5d21f99735713","ssdeep":"96:eOGS7hTEAzTPZRNe4vK2Ha1A5ZfzgHvjDLhhRWBGPbH6TvWz85g:VP7SaJe4nHKEzgXdh4KbaTud","tlshash":"36b16cd5d38abf52f1033ea26ce6ebe858902954e6e4bd11e03111e61c3519e3e8d587","first_seen":"2026-04-19T09:02:04.516938Z","last_seen":"2026-04-22T11:08:20.953332Z","times_seen":6,"resource_available":false,"data":null}},"time_used":534,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202506%2F_enc_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75b12534\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202506/_enc_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202506/_enc_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:28:29 GMT\r\netag: \"5e35bb3a3c455c8180a22aec2a512d23\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nm9G3ILXjhUImfptoFIPDAhICgvcRgMvTAcEIcgTPGb3nMBnFFNPKXOs99qh3GgdrJfSkI6Wo6P2Sf1n9XmAZJdbtASWp9A9XUtTAPdoKCSV0DSnD5DNvunCfmDAAbaGxMq7rjUIX82hkw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40493d25d22f-FRA\r\ncontent-length: 112700\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 1166270675042369438\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":112700,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"5e35bb3a3c455c8180a22aec2a512d23","sha1":"8d76ff967af8f2a1636cf12377c5044c0bcd29b0","sha256":"0be1179591362f5c3a711e1aa20fe2c2a25605f8c24debaae42ec95874238709","sha512":"ac7be8d9737a0794f8bc2b4851b40643221ca54a60e5b14a11df90b20b8d17bfec3f58cd31a262b300897512b69eb452ff40a9330f5648b24df4f6523954f501","ssdeep":"3072:ZCQ4KKXKBHjDhDCq5qNrHMlyp8Rod8oucXQUEyr:ZHjBHRCqwNM4dw25r","tlshash":"feb312dd1216b6b4b8b027fb23c8bd8944cd2ef64e787e96d8adc8513545b2f80e4d42","first_seen":"2026-01-10T05:58:33.976565Z","last_seen":"2026-04-22T11:08:20.954624Z","times_seen":115,"resource_available":false,"data":null}},"time_used":1048,"timings":{"blocked":450,"dns":60,"connect":22,"send":0,"wait":131,"receive":3,"ssl":368},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:16:54 GMT\r\netag: \"ddc46e1f9525ce46ef8c7a472890a566\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N7mITfAkONINDIFuUe%2Bb00mvP8NFTU1myQmzdeYRfW8aQFPlnyf4fxzFcpZ7l3s3hXtCMxD%2FvtG%2F3Y6ZyVzliBRdxVG%2BEuKSrvBU7GWXsljHY%2BZneusApNfR2f6mOmBg%2FY6Iz1u%2FvyzN4g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4048fa6592c5-FRA\r\ncontent-length: 15228\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 7839455379337645543\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15228,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"ddc46e1f9525ce46ef8c7a472890a566","sha1":"2c65e59dc81b4c69f27443b00aadf94a8806df7e","sha256":"b1a5ffa78ac3fdc62deeac3896c0a4a76278cc14823c1657ce8995c83df5e282","sha512":"36628fdd86b5fce3350991f354ff195c49cf82b86691fb8c2eaac47cc6d2025a97e916c990720a67a38b06a2ba0bbcf2e0f9ac957a8cb77c117e6f660a603f05","ssdeep":"384:PjnjswfCwfOcnPcxsiO8JvyITPiO3BBBJRqn0Rf/dzVPC1D:P1fCwFnUl1uwRqnc/dxa1D","tlshash":"a662c0c86f1cf1dab89c8d7d7a944d36990c0472a4d804e980b6dd2af98aac78545f2e","first_seen":"2026-01-10T05:58:33.874094Z","last_seen":"2026-04-22T11:08:20.95562Z","times_seen":116,"resource_available":false,"data":null}},"time_used":441,"timings":{"blocked":325,"dns":0,"connect":0,"send":0,"wait":107,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7634254e\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c5\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17566,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"88624a36f823e69a043abef4ff16501e","sha1":"85df67023f849c8b5cfadb02ee0ca85231114d47","sha256":"dbf2eeedaaec1ff1ce9bb400cebf11e49c50de07fe6efa09f1dfff07120b43bc","sha512":"0776cfd33f65a5702eb3cce404d9a24d553709b6022a4a989aa1a9d27613cd724f2f901b43679ebf7dcfed1b21b0e8ad5235bd927ed49899afacd45c1abb7606","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa3:5RVqrJUF8iNYiKop/E3","tlshash":"ca723a5b8df68822252320291fbfb2083e75d0578709ed403f8cb6989f95ade45b3bd5","first_seen":"2026-04-22T11:08:20.956508Z","last_seen":"2026-04-22T11:08:20.956508Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2930,"timings":{"blocked":-1,"dns":0,"connect":0,"send":851,"wait":1027,"receive":1052,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/626ab8ddece640848736f3fbf21b3978?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/626ab8ddece640848736f3fbf21b3978?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 133089\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41827\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"626ab8ddece640848736f3fbf21b3978\"; filename*=utf-8''626ab8ddece640848736f3fbf21b3978\r\ncontent-md5: ZXvU8DhRj3V2UpN+qjojVw==\r\ncontent-transfer-encoding: binary\r\netag: \"FiAMp1Jm0zhtXOdqplQn87c-gQmE\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:54 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:5\r\nx-m-reqid: U2DduYK1l\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: X2wAAAAslnocg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":133089,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1370, 8-bit/color RGBA, non-interlaced","md5":"657bd4f038518f757652937eaa3a2357","sha1":"200ca75266d3386d5ce76aa65427f3b73e810984","sha256":"f806dc950d05117bf88e7442dcf9894c87b3255a46899cbb519d4414ea95de31","sha512":"9710ee118c40560174ebe88218f96df11fcaa4d1f3a199aa3b5fc5ae730d83b79d0413f71d516bfc9e743b7c3b5721546c39799af59eda1d9042fb39a538731c","ssdeep":"3072:7sIxt8WJHP+9bP5pu5gpgR63c1vwyzSzzqi7x+tIYpaM:Pxt8WJHP+9j5s57uc1FzSqi98Ik","tlshash":"01d312698986ecdbce06d37324a98c18f00401e32f1d91455fd5726eba08e7f994bb7b","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-04-22T11:08:20.959558Z","times_seen":43,"resource_available":false,"data":null}},"time_used":2200,"timings":{"blocked":238,"dns":0,"connect":0,"send":0,"wait":1271,"receive":691,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ssl.hw301.xyz:8900/?u=http://h37s.xyz/\u0026p=/","fqdn":"ssl.hw301.xyz","domain":"hw301.xyz","tld":"xyz"},"ip":{"addr":"23.224.132.157","port":8900,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T11:07:10.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cloud.hw301.top","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Mon, 08 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1A:6C:3F:7B:BE:09:3E:9F:FB:20:61:21:B6:74:CA:4E:ED:96:88:A5","sha256":"1A:A3:7E:FC:EF:3C:FE:57:80:7F:18:AD:F7:59:B4:50:D1:CC:5A:D3:FA:DB:7F:74:52:2D:68:E8:C6:C4:13:D6"}}},"request":{"raw":"GET /?u=http://h37s.xyz/\u0026p=/ HTTP/1.1\r\nHost: ssl.hw301.xyz:8900\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://h37s.xyz/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Wed, 22 Apr 2026 11:07:11 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLocation: https://h112g.xyz\r\nX-Frame-Options: DENY\r\nVary: Origin\r\nReferrer-Policy: same-origin\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T18:09:28.300102Z","times_seen":14071331,"resource_available":true,"data":null}},"time_used":1319,"timings":{"blocked":550,"dns":75,"connect":157,"send":0,"wait":218,"receive":0,"ssl":317},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:07:29 GMT\r\netag: \"92b3d49a96dc94a10e392c26db991989\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eRTktBDF5toIYzrEBRN1ieGeaTEhj%2FcFBsk1GbfgYvEtcOUfpR%2FxHGpB3C%2FtMu2NETUfIha5730SmQvF2%2B7DRvRDiTicqzPWyeMtGIoE9QMc94YauViTrM%2FRslrgu0kz0GLCIz%2Bnp0IplQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40489fae1999-FRA\r\ncontent-length: 13178\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 10676168600916247313\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13178,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"92b3d49a96dc94a10e392c26db991989","sha1":"48f14bef1cc3d403ef99f5ba5c90c7dbea67bfe2","sha256":"8b47228ff80d70b026fbd7a5a29823bbe5f06b60d2d9f6bf3d2b4d89a996a3dc","sha512":"3ee3c623288051846941d0b1fc8357a441dee043e81be265c734158dc2e618c14a9b6c120045e3bd49cb9afa0d716491b21743d16726b4fec84cba51237bf281","ssdeep":"384:QPsoyVYHcsbr84JZQ4zAogmntgxn7uxj8+4n:voyVUbrXDQ4UogKWlWQ+u","tlshash":"5442c0151f4048465ecd7aeb248a5d7cc9450918ea3cac716493bc384ef09bf45e76ed","first_seen":"2026-01-10T05:58:33.871718Z","last_seen":"2026-04-22T11:08:20.960572Z","times_seen":116,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":347,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:07 GMT\r\netag: \"b449cf372f86058b08a8d60b64464df6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e%2FTJ3vex1yodz3BXCXonSNkhFflmE4oVrYroQXbOU7poDu0l6xZXJVOiq8wMeipF1GbiRwyXOMudI%2BQf9H5IpDEs8rVrZU2jC2yVOlXwRS4i7iJ7wqRpCgQPYWJbf7nrG7fPhgkwv9d8ig%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40498ac77fba-WAW\r\ncontent-length: 54466\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 17362881314101706920\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":54466,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"b449cf372f86058b08a8d60b64464df6","sha1":"5f8ed72cba0352f673f65e379e9d454b4ffeba54","sha256":"4dd55c13c50f6fce3b73a1834d73c7d9fa4542563ead7122899111c47d0eb784","sha512":"3bb4ca4365e3b9c97cf035ad290e98d67c96db4bff21eb48c6cbfab75ca74dca2c137c1b837897a6e68a88d42b391c6ee8380faef218aacc0b4041f3a5afb216","ssdeep":"1536:eUSdyAD4v4ReUeNhO2po1VPvBu3czLES5WjB6lieR:2dym04TGeLvlQAC6geR","tlshash":"80330279024c7463719596f833fef42aa760a7c63801a4799a8f3594fe24ca874cfd6c","first_seen":"2026-01-10T05:58:33.91954Z","last_seen":"2026-04-22T11:08:20.96149Z","times_seen":116,"resource_available":false,"data":null}},"time_used":383,"timings":{"blocked":265,"dns":0,"connect":0,"send":0,"wait":94,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/fa430291e5aa4711b43ed6bea87e11ab?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/fa430291e5aa4711b43ed6bea87e11ab?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 12491\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 38106\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"fa430291e5aa4711b43ed6bea87e11ab\"; filename*=utf-8''fa430291e5aa4711b43ed6bea87e11ab\r\ncontent-md5: zyJw1XJOF2A3AhqDEROTVg==\r\ncontent-transfer-encoding: binary\r\netag: \"FlFcLss1E8BviBHSkO2M0Ddy3J-B\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 5Txk5MUS5\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: cF8AAABnr81-hqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12491,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 99, 8-bit/color RGBA, non-interlaced","md5":"cf2270d5724e176037021a8311139356","sha1":"515c2ecb3513c06f8811d290ed8cd03772dc9f81","sha256":"28b692493c65f946426d94d4358704f141cbf04852987ff0cecd2a3002e5e8ef","sha512":"fc6c6132a2424235e544814704afca5756a6ddc705cd664db8ec99fd09429061bd4006e7f5c1a102bf5c48a2ff79eced381b15a0593acf703157d3a82d7705e9","ssdeep":"192:pnKSvOKxVJzWQ8RMVgEejCWB/qpGhSu46ymcrmG+BBTele8DYwf+9TF:pnRzQhRE4cpGhW6ytaFil1Lf+T","tlshash":"8b42bfbe6b86c078e1cae2b9e21bcf58d0056751f533198ab4d290198db8a5741f6f03","first_seen":"2025-03-30T02:59:21.034239Z","last_seen":"2026-04-22T11:08:20.962409Z","times_seen":66,"resource_available":false,"data":null}},"time_used":1924,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":1287,"receive":412,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/7f3f2c89b4c84688ac4b9abbdc3a2204?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/7f3f2c89b4c84688ac4b9abbdc3a2204?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 29287\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 28928\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"7f3f2c89b4c84688ac4b9abbdc3a2204\"; filename*=utf-8''7f3f2c89b4c84688ac4b9abbdc3a2204\r\ncontent-md5: gbiBFJsXHqr+aWycavcv1Q==\r\ncontent-transfer-encoding: binary\r\netag: \"FoyouHIR-Fq0HQIF8ggsPdhaEj9k\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:23 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: SCGWxBHbm\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ruEAAADTjNjXjqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29287,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"81b881149b171eaafe696c9c6af72fd5","sha1":"8ca8b87211f85ab41d0205f2082c3dd85a123f64","sha256":"eb62a7d9b58407cd54ccf347cfd1edbd0f280d28fd1a0a44ba9b9e694a31e57f","sha512":"461c1157e0ec902aa17e6389e23ff666a6aa8603d72647e18deb03aa3dcec73b372a046b528c8d5009a7d38d338a7a524c13b3414e19a0f48b0e317f2dcbe4ea","ssdeep":"768:3ZK8chYLqEp7WtW2sTXvnYfKKJ2O+ZbeCFMGYh:3ZK8yYX7ZvbnpFnYh","tlshash":"9dd2d1d29ad497bc2eb7b7e710d9a9c31a45e1f0244b6a1c914e6f8a314ff2d1245148","first_seen":"2025-02-26T14:48:47.775602Z","last_seen":"2026-04-22T11:08:20.963303Z","times_seen":255,"resource_available":false,"data":null}},"time_used":1729,"timings":{"blocked":86,"dns":0,"connect":0,"send":0,"wait":1275,"receive":368,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/css/44623.1774008371298.4d54f3d3.css","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /css/44623.1774008371298.4d54f3d3.css HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-6f01\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70642504\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28417,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28417), with no line terminators","md5":"060960b26f474791206f688e5f8b3419","sha1":"f2c921787566bdfa85240545b86e3340bc566dc0","sha256":"38fc0faf01dd47b9660b12219883e404814bbddf9ff86f77227b0d6e1088077a","sha512":"7c5eaecb7a441db461ec028af729f52aca62dac830ae50be7566170a34123aaaf595d0f6f11c1d0781acab9d69f87764739443bece033b3e915b243541434460","ssdeep":"384:DbCKpzUIc1F8l1eANI34yQyqPPQwmfzIfRbHx6+OhCcbakzeYaTONdqdK:DbCKp1P964yDqbodqdK","tlshash":"53d2739ae5d4b13e6c1fbb35e7c5a1ecb1399450df620e7af201762547c3af1012216d","first_seen":"2026-03-22T09:12:55.659597Z","last_seen":"2026-04-22T11:08:20.964461Z","times_seen":95,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/fonts/DINPro.9ee75b04.ttf","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /fonts/DINPro.9ee75b04.ttf HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/46431.1774008371298.7dc7cfcf.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 119892\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: \"69bd395e-1d454\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322521\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119892,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 10 tables, 1st \"OS/2\", 30 names, Macintosh, 2005 Albert-Jan Pool published by FSI FontShop International GmbHDIN Pro RegularRegularAlbert-Ja","md5":"028cefac160ed3b006f47106fbc68d1c","sha1":"efcecac09684435facd7397e4f6163a5069802c2","sha256":"fb841a09a82787982ad1774bdeb45e8e06ff4909161a9ce33fd42f8822c5ddc3","sha512":"3a5a284d0c4da6593b857ba785a4ba7d5f2e2b73d22a2ef25435b9558063d2486228d76a3cd5d3a59b5abe4c0da696a75373111b3569a94a9dea1516cf16091f","ssdeep":"3072:YhtN/CZnt1tbtKtHtFNgz1QZt0tbt2ktwtNstAtqNaEctWpy8TLtsIb66AUeo:YhtNGnt1tbtKtHt7t0tbtxtwtNstAtqV","tlshash":"5ac308c153e8fa4ad83996388511c7434226ff2de65d4f36ffd94d8c688e8e9064e6e0","first_seen":"2023-05-08T18:58:40Z","last_seen":"2026-04-22T11:08:20.965391Z","times_seen":2990,"resource_available":false,"data":null}},"time_used":1096,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":978,"receive":118,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/c47408ec3a08415cbce11c8c7723ad23?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/c47408ec3a08415cbce11c8c7723ad23?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7372\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 83230\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"c47408ec3a08415cbce11c8c7723ad23\"; filename*=utf-8''c47408ec3a08415cbce11c8c7723ad23\r\ncontent-md5: D5+qzvoU4Tb/NNFugwe/2A==\r\ncontent-transfer-encoding: binary\r\netag: \"FmOEizvP6U_T7KWDYzQ6v6JiOImr\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:24 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: yuUbcJTeE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 3NkAAABZ76V0XagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":7372,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0f9faacefa14e136ff34d16e8307bfd8","sha1":"63848b3bcfe94fd3eca58363343abfa2623889ab","sha256":"8b4ec2d512e9af06c22ad78e16d73ee47111d15e6b14b0f2e862ecf371dd3e66","sha512":"217a0933d5329ffe3131c69f72a85d09bfd151a70891455929f15b23e8c8d9e73a4eaf616f7a4b5f8b37a72723bf1af67c2df8337ace2713c0b6b86b06831ad0","ssdeep":"96:UWTtBbfUj+kVnoLiPvHGt5jtflUYRWBdxEE9CqqxJpvUTzFK2lNJiPTu98Q1K:dA9GcvmftfPOxK9vU1bNUTUPK","tlshash":"07e1b0925322f67c6d0fbbb6c8360c4808e5097c3f5ced06692b86192a1516c897e5fa","first_seen":"2023-06-26T22:05:03Z","last_seen":"2026-04-22T11:08:20.966326Z","times_seen":65,"resource_available":false,"data":null}},"time_used":2190,"timings":{"blocked":1036,"dns":0,"connect":0,"send":0,"wait":1089,"receive":65,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/sports.60212fd6.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/sports.60212fd6.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-1c734\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322515\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 666 x 541, 8-bit colormap, non-interlaced","md5":"fc82aa907334f929011fc2a6ec906f55","sha1":"f76bd75b9d1235807c70c7d763a1865d7c3f8d4e","sha256":"2ae1d61176960d7ddfddcb30a69d22b9da893687370d8cd26f4917d129a1bf3b","sha512":"12ef7a828d7d4228596b0db0ad77b200e8ffcfe2457d12821a4e9778b62668ebeef075c2bc79076e36291e3015afbfe276a2ca230ead018b38e2d3fd803dd31f","ssdeep":"3072:/ZEgiWqpGRwEyiwX0wgOZzbKoSxNiSvrUeO4h:/ZLf/R2iVwgAKoSPiSvVOy","tlshash":"76b3021c79775a2083c6bcb40b583aeae09b3dc19d169808d68b7791993df43c970bed","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.967509Z","times_seen":1336,"resource_available":false,"data":null}},"time_used":520,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":520,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:15 GMT\r\netag: \"bf7cdad5765dc0a156db56da6bb04bd6\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9WYgaNJ4IB2grjiE9qUvhECGcIMng8ew6f4EhAvCqo%2FAgcXRbIC5s4S8j8NEZEQiUsQRIixByZwZiSFBoMYsdP9moLznOm0cYLh4OZNa%2FSAbGE0u6rGpNVP%2BWbnqTOj5VpeFzQVil1cJ9w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492c61dbab-FRA\r\ncontent-length: 117698\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 17719915403199717091\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117698,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"bf7cdad5765dc0a156db56da6bb04bd6","sha1":"d59f6f45bbf00ad493e12f01da78795fe3293439","sha256":"0309c41b0a3b5df411a32471c4535c465ddb19a36fcd3f7addb8df3ad2a5aebe","sha512":"2f6b213478ba5e0e83d969987504dee7ebc712a0dc3957e5ff6edab21379642a1297bd394d7134ee0bb985a3af41606758aee7c596ba9f73b72d3215957be710","ssdeep":"3072:kUdofN7Rg/0SAT7MpXyPJ1ZpIZlUij14AtAR9e:kUstSAT7vPKlUij+DR9e","tlshash":"9fb312f3e46e905be7be016c32329c100e6d05aa9b7e48d6a9d34b221cddeb2dcf4554","first_seen":"2026-01-10T05:58:33.789948Z","last_seen":"2026-04-22T11:08:20.969038Z","times_seen":115,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":215,"dns":0,"connect":0,"send":0,"wait":122,"receive":60,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c9\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":3292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":888,"wait":1028,"receive":1376,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202505/_enc_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202505/_enc_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 24 Oct 2025 10:14:43 GMT\r\netag: \"305fcc830f36eb66336882036b89ac7c\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cmdWmkiCcH9augum2k5h4M8yiTvdUbEQo2UsX7DLDwJg8TuaXAZ3KPstI%2Be4p7airn1qeyZgM63aMYBnB06i1sTH0NA07B1joNg8%2B7Xk%2FYoO3UqlKQwwS2ChapIBUsDQm%2B1JvdeA0rNT7w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40498c0bdbfb-FRA\r\ncontent-length: 31452\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 15698749864858788529\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31452,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"305fcc830f36eb66336882036b89ac7c","sha1":"4ef8fdbe6c950dc25c24a91a83febd543445bf5f","sha256":"f4caf7bf8ace2b377eebde966fa8ec7056e957eb0edb674061710bb851db7304","sha512":"569e92e2fa5efa5628f4ea0120e52469160332ba90701e0bab3ad1ef1b65285d098f879911072ce2bb42166a92f267fde6dce67fcfb0cf4c2ec6b8f36518fb32","ssdeep":"768:5XiQbj17p1iaPPQUz4ATG+Qkx5UL1ot3u3QO3xOBiw9urQ8:FdJp1iuPXECXUJ6e3QOBRwYQ8","tlshash":"fbe2f1f928c3c9342ca43ed54aff15d58dc8b3d475d60867eb222d449137822ddc9a2d","first_seen":"2026-01-10T05:58:33.937171Z","last_seen":"2026-04-22T11:08:20.970036Z","times_seen":115,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":202,"dns":0,"connect":0,"send":0,"wait":93,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9cb9e0eccc1b4b90838b8d904fef1065?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9cb9e0eccc1b4b90838b8d904fef1065?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 57959\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 65206\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"9cb9e0eccc1b4b90838b8d904fef1065\"; filename*=utf-8''9cb9e0eccc1b4b90838b8d904fef1065\r\ncontent-md5: Ffcw9IHRrnx1wdKO4oYq3A==\r\ncontent-transfer-encoding: binary\r\netag: \"FkKPbj1u-_-EXHjVqRFr0PZkq4mz\"\r\nlast-modified: Thu, 16 Apr 2026 19:28:37 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:5\r\nx-m-reqid: VkBSi773H\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: qiIAAAA5winZbagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"15f730f481d1ae7c75c1d28ee2862adc","sha1":"428f6e3d6efbff845c78d5a9116bd0f664ab89b3","sha256":"7121f34e14c8f3c9c43f33b1cad7bb1ad04265d083fca4a89e8d8128430e1713","sha512":"91da916aaba0814c503d09c8649b0e1d10b70660df7c67d4b7d20c08dfea0212a03f191fa735a4c97dc0a1ec0e6f293af96141084fc614ce3e06e0535e2ff9b1","ssdeep":"1536:S93iikfq4Rhiw19QekEBP8XU0BG0cAdkl19U6RzYyHJ91x5RJdt2:S95k1Mw19nBP6U0BbGFUabVB2","tlshash":"a84302d97b41f90cddd20761746c9cf62fcc1c02b2d4216669683e18c68a3ba9bfc1e6","first_seen":"2023-05-27T18:34:14Z","last_seen":"2026-04-22T11:08:20.971043Z","times_seen":301,"resource_available":false,"data":null}},"time_used":3194,"timings":{"blocked":1028,"dns":0,"connect":0,"send":0,"wait":1295,"receive":871,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:20:22 GMT\r\netag: \"e394e5209a888f9ceeb17f8fb9ce91e9\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oo2n32kyQtCrA9iAXp6HlQ9AJ4V3vQMlkvJRWe5peC5jRUIjDfJmpxMOdy0fFanDBkbe539CzopFhK3C7rAyld63iSX%2BJctmdgQS3k%2Fc2QjgnfA%2FRKeVIcEWlid0JIEZG9e8C%2Fddto5Xsg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049e90434ac-FRA\r\ncontent-length: 77072\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 6982839736838982722\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77072,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"e394e5209a888f9ceeb17f8fb9ce91e9","sha1":"39bdfb39a6b2deea8392c21f35d4faddabaee28a","sha256":"3e4cc0550cf89d330b0a33f2a2f2701ce80248d9ec2ea35d89e9645e7637550b","sha512":"333bb037e87300b3437dd33dd8b3115e07b7a2c1ffdc2669544de7799516e92b729d7c0dd5425e106e1d9b759cefadcfbe2a1a904ef158660e3fa8a7521b13fd","ssdeep":"1536:3ow5Jv2vmGSpZk1IdIwZojJkcFgxPAifiE3TcBUPpCoS+LsAEZhO96:3owCOGYZk1w7q+PaE3T8uS+Lr2hO96","tlshash":"b373127b5c3c0bb36fc676c6e2e9b5c86cc817b1478516cf5b3954af95a4311232c02a","first_seen":"2026-01-10T05:58:33.808283Z","last_seen":"2026-04-22T11:08:20.971969Z","times_seen":115,"resource_available":false,"data":null}},"time_used":873,"timings":{"blocked":382,"dns":0,"connect":23,"send":0,"wait":117,"receive":33,"ssl":303},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/b9958e64b27749aca1d2ce6fcb214cd2?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/b9958e64b27749aca1d2ce6fcb214cd2?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 119726\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36421\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"b9958e64b27749aca1d2ce6fcb214cd2\"; filename*=utf-8''b9958e64b27749aca1d2ce6fcb214cd2\r\ncontent-md5: j9P9v1YLJc+kHEqjlph3FA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fs_O-uhZyt5eXFdO3uoh5S_7akJr\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:15 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: T4JqoW9aC\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: nMEAAAD_m0oHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119726,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"8fd3fdbf560b25cfa41c4aa396987714","sha1":"cfcefae859cade5e5c574edeea21e52ffb6a426b","sha256":"a000ed2893ead5c77fa11c37378eabc4b0e20bfe84bcac7d0c904ddb3ea7c2cf","sha512":"3dbcc192acd7f1756632ff7c8120caad8082c7892b1091efc7f788255c687760cc728e571ae8977c85f5518147d6eee7257856b71fade20b8346ff36530a61f0","ssdeep":"3072:vqwoN0hNpsAkzE2x1h+RkvgSpfcDv4CIpCdWx:vqXNopnkY2bh+KvVpfcDNIeWx","tlshash":"83c312488d3f6484c41236fe6b59d18c3698e0ebf5009bb1fc6eb925a038971919b5ff","first_seen":"2025-03-28T18:20:50.046867Z","last_seen":"2026-04-22T11:08:20.972836Z","times_seen":88,"resource_available":false,"data":null}},"time_used":2218,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":1265,"receive":728,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/css/7653.1774008371298.0ab0fca2.css","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /css/7653.1774008371298.0ab0fca2.css HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-1439\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6fee2501\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5177,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5177), with no line terminators","md5":"a0ef4268641ef0b005737ce8cc0c4b44","sha1":"9bb50b9000a419e7a701392b0d7d6c992cf585bb","sha256":"f64c7a7e6ecd620d1c7f8cc67e1eda83a0a115a8d86f3954efdaba3c09d62e66","sha512":"07605ebd7e16aef28f0ad5ed406f29ea9b77e8ba6b2079c810aacf8faf0b4a8d18d4f7775c62860cbf6d4379729a60076103a4daa833c860ddebeee3793ccbe2","ssdeep":"48:ZSPkOO2s2L5Pukasq+nArLkrL4QuQKhUjUkM5P6CdRDRWURcWaTHR/:iOvyP2r4rEDFP61LR/","tlshash":"d1b1412f01703349641bad6807dc67098325d8b399eb37da259d2a0dcbc3f861eb718b","first_seen":"2025-06-26T16:31:28.933081Z","last_seen":"2026-04-22T11:08:20.973774Z","times_seen":2029,"resource_available":false,"data":null}},"time_used":659,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":659,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:15 GMT\r\netag: \"d1b47135db7364aa1935061940e89ae3\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ag1C3QE0mr2CnmcQ%2FRUpD6kfyoTfgM4WdeWTx96prfPGM6X8ElN2RzynnASuIgCyCwZ3eZoAp6BeraCZRdWt0%2Byy2Rm%2Fm6M6MhVuuY%2FVR5pQS%2F8pADQxV48LB047xB2Lr30U2OZ4qTzo8Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40489ef59f1f-FRA\r\ncontent-length: 13338\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 15150995101919141118\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13338,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"d1b47135db7364aa1935061940e89ae3","sha1":"57751150cb4c418dc090503fb2647b154bb1ab87","sha256":"2e70b0ae4ee7a126e62860bf7edc12bc8a5fa81317c51d8af1ba13acb50a39fc","sha512":"1511ef5e49a4ea45930b2208a7a72516fc2b97d31baeccc586c4c875df708c731443567d8793278a0e9f2d04f0f3bd11a89e9e0be8b39cce98e95a9ce51f6c2b","ssdeep":"384:tV2fQdwsWMYKGas1GU33KVwYl/0VPxDNUrIJeYcsFAl33l8Ta0V+t:tTdTqGU3aJB0VPx0IJ4sFApWT5q","tlshash":"75529e0ff297816890419138d0d51cb6583550ee9ffb29692e68e7c9630173ef4ab73d","first_seen":"2026-01-10T05:58:33.979887Z","last_seen":"2026-04-22T11:08:20.974785Z","times_seen":116,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":341,"dns":0,"connect":0,"send":0,"wait":31,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c6\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2968,"timings":{"blocked":-1,"dns":0,"connect":0,"send":878,"wait":1027,"receive":1063,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/13575.1774008371298.cda1d494.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/13575.1774008371298.cda1d494.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-2f97a\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df693124ef\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194938,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"9de10d20d4ed770b75dd9f421eb52bff","sha1":"5926e3803a70e5777431792f8eecffb397befd45","sha256":"ed2e831a13c3e0119a06da00c996b1aaa4a03a3c4d84516b9f8bb7ec5903329c","sha512":"07d4fc561d5dccb175c0929ec1e9003ab35fe56d6091554cc639e9433e1b3b0fba0e05128d1fa77af463d2aef97f368a591eea31487c4d4c52c502577592663d","ssdeep":"1536:d17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:bjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"dd141a84764170b8c396a175322f601ae22f789650dd9c24f3789aa47f7470df26fabc","first_seen":"2026-03-20T12:57:26.726636Z","last_seen":"2026-04-22T11:08:20.975725Z","times_seen":100,"resource_available":true,"data":null}},"time_used":847,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":847,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor_nav_web_1.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_1.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-1e8d\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70d72510\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"0eb441aa3c30cc3c92da984283938f90","sha1":"74a769808afa9b87ea483a82d47958bf05ab9b87","sha256":"146f45de163728bb850c9a8e6c1693dd4c82caf7b6e1f58728395003b84f286c","sha512":"d1c9c8824c4f42f71db8ce2b62955647aa55bb590305765cd931000d0fc6023f7d57cd3daf6992094365ca6ecb42f02f93d606d79f6643a2f89d52f71200461e","ssdeep":"192:AnUYZGCj89cpWsWKE+hAqF7k4Pk7KJw7OjF57HUNuvs7alaUd:AFEijWKE+hHF7kt7857HU/eRd","tlshash":"20f19f3eececd52cd1a745f68caf47a6142c5031ee9d7929b82fdc728649a409d403c5","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.976627Z","times_seen":1223,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75cd253b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:11:53 GMT\r\netag: \"00d37ab14a218ee3e9159457928d8d9b\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=brNmonAoO4UMfemo8NJ2ud9IC5d82qjXyf65h0qesybkFMu1iuVgacKgpWPY4zyLV3WzGLW97aL2uaQ%2F2mXJuDDcGpG1CpTAi1qlTW1rYhV8VfCKZyJWmaq1gNRTyCYoWya%2Fwb6dacUWCw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40495ec7c068-WAW\r\ncontent-length: 15760\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 11128959420716809911\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15760,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"00d37ab14a218ee3e9159457928d8d9b","sha1":"48cafbfe18f9c508fbf616b274fdba346a79032d","sha256":"5a1d2367590c29eb0750e2ad54b1bda367ef890abd14a81122621288ebf599ab","sha512":"0f594ad79da0dc0eafb637b55723ab318f6f5144b8a7ca8b3704e9b4c2b6fe69f0ad735174e565f4beece5b01f17c052052f9a30a1a606544f59722f342f0fdb","ssdeep":"384:X25GXKCP2DdvL8cWHImH7LKcCZzFwu/6unzgL4X9:G55Ce/xsln46un88","tlshash":"4862cf14af5537234cc4787941315fbf3f602c83b208e45296bfa96bb62c2957a146f3","first_seen":"2026-01-10T05:58:33.779598Z","last_seen":"2026-04-22T11:08:20.977511Z","times_seen":116,"resource_available":false,"data":null}},"time_used":348,"timings":{"blocked":199,"dns":0,"connect":0,"send":0,"wait":138,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25d0\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13039,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1325)","md5":"519ac998f3c60478ed5291c46e34ef27","sha1":"bc4ca44092d800acdefd209cc5f53f121fdb3d73","sha256":"a4af85e38d5f9f9fd1a1dcdae40cc3d0362a04ba07b84805aa6de7eebc197ba8","sha512":"6288321ba57cd2534d4a2e22a891f37722573c09cd8478f51869e7b74acefda99d2963239335716e524dea0a28b510bf1b74efe912d83f1ba2f8407340985bff","ssdeep":"192:NyawIifNhJRaL3a2HGsl1+mA5Jh60WJjXCArxqNmlePJRqfweqaiZLqBNNKwMuFW:43ERrxqNBPJQ5F82VI","tlshash":"a842d55b8df28426652360291fbef2083a72d0178609dd403f8cb7985fa5bde45b3bd9","first_seen":"2026-04-22T11:08:20.978387Z","last_seen":"2026-04-22T11:08:20.978387Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":758,"wait":1028,"receive":1465,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6bf4b26568154412a7078691d1a8562f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6bf4b26568154412a7078691d1a8562f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 120965\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41827\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6bf4b26568154412a7078691d1a8562f\"; filename*=utf-8''6bf4b26568154412a7078691d1a8562f\r\ncontent-md5: 5b/m+SeB8QXYP+sWe93KGQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FhGKA-PpmPOuYt_szxaNfGQpPTZf\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:51 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:4\r\nx-m-reqid: mnxSHkTwu\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: MEEAAAASeXMcg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":120965,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1242, 8-bit/color RGBA, non-interlaced","md5":"e5bfe6f92781f105d83feb167bddca19","sha1":"118a03e3e998f3ae62dfeccf168d7c64293d365f","sha256":"c3e863bc48addbae9bf84c650e3b7b2b3a4cb3ef6cb3070075d532ca432540e0","sha512":"eeed34a7c9fb59bebecea98e88e3987581def2f0f538309145005a5c242b2e5d753d5f6e4c1dc227fe2255d47c930e9864a47bddf3ea566ea61dccec5f64450b","ssdeep":"3072:ERUZZZu8ud69TvoNdif+rdGb6rQgjhBrtnSQasROM:cmZZxuuzIc+rdJPVjnSe3","tlshash":"26c302b417bf89b0ea3acb30dd6b7e4d8ad93d5447ae10202027c429da8df9757478b4","first_seen":"2023-07-08T08:51:55Z","last_seen":"2026-04-22T11:08:20.980491Z","times_seen":79,"resource_available":false,"data":null}},"time_used":2111,"timings":{"blocked":239,"dns":0,"connect":0,"send":0,"wait":1270,"receive":602,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e559ddd821b445a7823f5ab7a595286d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e559ddd821b445a7823f5ab7a595286d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 22686\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 34616\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e559ddd821b445a7823f5ab7a595286d\"; filename*=utf-8''e559ddd821b445a7823f5ab7a595286d\r\ncontent-md5: nxa9zcIAh3vO136GiaG/nQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fl-Gp3nOrHdOze1QjhomHdn5mygp\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: l94DCxEjN\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: D7cAAABaLoWriagY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":22686,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 217 x 217, 8-bit/color RGBA, non-interlaced","md5":"9f16bdcdc200877bced77e8689a1bf9d","sha1":"5f86a779ceac774ecded508e1a261dd9f99b2829","sha256":"f42dbd9301954b63671de9921db10e33ad0bd581fd7f3def1ac556570cd7692b","sha512":"b6edf9de57497965adcd8ea417eda801b0ced726e2e7b093b48c359e23416dbbdde1a5da03af4e8132db335bf5fb7fccc2c4910ab729c8d1b10782025893720a","ssdeep":"384:B2zrKBdCnPpAaTZqIjbreDk24M27y32YjX6GwEbXbofUR7WHUio2RYCMEAD7Jv:BSrKnCBAaTZq8lJ77a2Y2cbeQ7cR9MvZ","tlshash":"04a2e1756523171d1283470fe6ee10576b7f308b31a2b40828caa2588b46da77a2df7f","first_seen":"2025-02-26T14:48:47.766861Z","last_seen":"2026-04-22T11:08:20.981308Z","times_seen":62,"resource_available":false,"data":null}},"time_used":1571,"timings":{"blocked":217,"dns":0,"connect":0,"send":0,"wait":1258,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6646be85a2b94f2b8cd87e438a7adefc?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6646be85a2b94f2b8cd87e438a7adefc?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 20466\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 31033\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6646be85a2b94f2b8cd87e438a7adefc\"; filename*=utf-8''6646be85a2b94f2b8cd87e438a7adefc\r\ncontent-md5: C1Fx1lYqjpt/PsG1rdEBjA==\r\ncontent-transfer-encoding: binary\r\netag: \"Ft4x9DjUtY5wUYsA9WZNvytS_gpE\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:22 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: jq7dGVFJ5\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ndsAAAChC6_tjKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":20466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 256, 8-bit/color RGBA, non-interlaced","md5":"0b5171d6562a8e9b7f3ec1b5add1018c","sha1":"de31f438d4b58e70518b00f5664dbf2b52fe0a44","sha256":"40d1e449026f599ab4eb14b6a6361b487cce89d78b3a3c67f37774eb9938b01f","sha512":"1eb4092196dc1c43b8b4a40661807bc2ba3e8b2e0d4c3ca0a5a99a146324b8457b8b07276837b569d09a94ecfb91c8328605e8f79d5daf7a97fe2ba7a17fea0d","ssdeep":"384:vtwnYqRWu3rsQ8lWFIVT+lDPAx2z7Cj1B86:sYpu7AmIgtGkCjr86","tlshash":"c492d1961913326d250c078beddef8fa5b05515cadabe42323941ff3bbd089f491da05","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-04-22T11:08:20.982316Z","times_seen":45,"resource_available":false,"data":null}},"time_used":1478,"timings":{"blocked":92,"dns":0,"connect":0,"send":0,"wait":1258,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/chunk-common.1774008371298.88ebfd55.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/chunk-common.1774008371298.88ebfd55.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-271b6\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686624ec\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160182,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"55005e42f3f7487242691c6e3bae37e7","sha1":"0b2f0e741debd86b2a844468aa7c29f88e0de0ba","sha256":"7c8812c815d75a60422c193a271ddb7875a53afa441a0456aaa7659d674437ad","sha512":"5d0d7c8bc6fabdefe7be0891828248ba339789d078881e44faa3f6db53255ad43b269972ec075b6a30aad8fe8036cd37e40416f8994d4ef01607f931ca973598","ssdeep":"1536:KHjBzbnNcdWUa2UTf6oryXHuLmbErF/G7D1dMI59HvsY5AN/voVGAClVbGD3tFkK:KHjBf/Tf6yjFetHvsY54/voVGAcgD3t","tlshash":"8df3f8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade67f1a704a436ca8","first_seen":"2026-03-20T12:57:26.740685Z","last_seen":"2026-04-22T11:08:20.983436Z","times_seen":100,"resource_available":true,"data":null}},"time_used":641,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":641,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202505%2F_enc_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c4\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2963,"timings":{"blocked":-1,"dns":0,"connect":0,"send":884,"wait":1027,"receive":1052,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/ESPORT.4f4b51d4.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/ESPORT.4f4b51d4.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-101b0\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79ce25b9\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65968,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"29610094acb703084f79c42c17547a7c","sha1":"3c824ba387e36bcce1a5f1d0d14b513fb278db9d","sha256":"8c3dc9ee49224eff4a37ec488ff0a413f3150ec7a62640a466a802750a573146","sha512":"db986acc62bb0d35583a1c298b468e1fa7869269c738eadc82b944b1a8f9b2c0723087db8a065d60495938e834337e72e3c438089d1d02ff90f4983e0d6461fb","ssdeep":"1536:ObUUUNbT8bJcHe4DyC8KLT/KKeRfm4AH7XAlzS7M2Z:rbgNcHwE/eshbE/2Z","tlshash":"b25302e1df60cb022efe65ca89acf12ae204a0a61476453f7a231d6f3744016af973c4","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.984404Z","times_seen":1240,"resource_available":false,"data":null}},"time_used":1651,"timings":{"blocked":-1,"dns":0,"connect":0,"send":831,"wait":820,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/heying.d446c85d.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/heying.d446c85d.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-591\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70692507\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced","md5":"c0d0c516850381dd1ca39dd94b08f21b","sha1":"54522affec52debd9c0bd3784f0ce9bf692f5d6d","sha256":"301cbb9a8c3fae88d732c8b8fdfe40113e3257831d37150e95564cc0f9b8fbe7","sha512":"6d6b1263f2de2b35237c784fd0aa127c469f8b6ebf347ff1987d791611d5b36f0909f3a81f9db6b1571756ecae60454d854e776e5ed782acbdfcce4fda2b9c86","ssdeep":"","tlshash":"dd213b5023742cd0e8ae3457ef12e5fdb823417994f8dd0c99b9bc3e84908b1057a48e","first_seen":"2025-09-04T00:49:32.953523Z","last_seen":"2026-04-22T11:08:20.985287Z","times_seen":1261,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":319,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:52 GMT\r\netag: \"c1e3846c7e9a380b0cec478d19868007\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wtBZalMr4All7mFVRC6grqaUt95i40aTbaKGhJItAtyk1ghXcS6t4ZgFcUAfmeQdhTB%2BRVEo0A5gCXWxsNxM0OtE%2F0ktl1IP%2Btflb6Y8t0LmIXuYBqlbbI6JHc3Whv4jEb6DaAHGjISNjQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec404978a41941-FRA\r\ncontent-length: 11920\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 16246677039247576888\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11920,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"c1e3846c7e9a380b0cec478d19868007","sha1":"01e963a3dda040502340f4818b3092aed4420350","sha256":"5945ee9da33c4e2249ae582b18df2d2e4b7402710f4da8c6cb5d7d40c2978b1d","sha512":"070964b0f32422de34a68e83a1e59ba3e509af27e73ffeb3b5349723e18131e9bde7605eca10cc8ef5bbe7efed1e70d029b59ff081a44f4b6f87720d442511bd","ssdeep":"192:ARkcJGKX9YQtzAe5IIq83lxzCfVJGpYWrJUcm1aTfRbuArP+UcJaYrR5Vc:AXGjQtzAxILj2tJGrJRmETflDzcoGR5V","tlshash":"a832cf66c3da9c94c4127bbeab0239ed5c5d7b456c3bc7de68893d140288f90ae144b0","first_seen":"2026-01-10T05:58:33.896713Z","last_seen":"2026-04-22T11:08:20.986177Z","times_seen":116,"resource_available":false,"data":null}},"time_used":387,"timings":{"blocked":354,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7626254c\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/CHESS.80cb714e.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/CHESS.80cb714e.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-e587\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125bb\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58759,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"727b4dc207a4141335b27fa73f76fb10","sha1":"bb63b02e635f5503d76c4fc3532c2c652a06cac8","sha256":"5d840214ae46c94540df7d0a94963cc398b32c7b868edddb6a4f2a2faf113e42","sha512":"c1512f9d9a191ea10e806fe3a8f812f78dec9832568373b7b5362fafe9aef6783947d248deb2fc8d30ba1c61fd3b94f308298e69c1de32686110fa35f7bd4ed4","ssdeep":"1536:gtPCh483gu6aLw9AJeteTzkprgTWEHbP4BzrJ:344U9Xte3kprgKE7gZJ","tlshash":"0543025a13c1159f422f37b8148758a6d8154f9f38f32ea11a9e2afda58cb0af431c3d","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:20.987037Z","times_seen":1238,"resource_available":false,"data":null}},"time_used":1653,"timings":{"blocked":-1,"dns":0,"connect":0,"send":832,"wait":821,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/7a89857090177c89e0833e037141d47d.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/7a89857090177c89e0833e037141d47d.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 5519\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"7aeb3ff21749c2d1784f963f8a1d8a30\"\r\nlast-modified: Sat, 08 Nov 2025 09:22:14 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-request-id: 18A8824CD68013ED\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nage: 3297\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ugCAVdGpYg6DIfT2k5nyAeIVL%2B5nQm6T3grgr3HI4mU1qbUmMCJ9e%2BUW2ko4dGpvbH3jJ2gHvZW%2BWD43bV01D0Zt51oUiJwlyR7KWupDLbcknZNmipYdqX%2FMMHPEKGl8%2Brhj9A%3D%3D\"}]}\r\ncf-ray: 9f0429f86fa4723c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5519,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"7aeb3ff21749c2d1784f963f8a1d8a30","sha1":"f048270f0c65072633a7d519c3f320a688d89044","sha256":"15ab763339764f86d0c1590a0e80fd16ed55118a3d6f626037f813e71c12816d","sha512":"33eb90adf9d2e549e8cf66bb70eb71d91545421e090be9c35fa56b77f0258fe901a8bdb8b39bf5bdf4b55c16f249101dc7ca4dbb7e71d054c141a11c9b4f94ea","ssdeep":"96:VHOT5CDW903zvK+W/gJvfX5ROhX1OHWBUN/yE4+xx/yolvr5y0IsqrPDSktt63wX:VHOTQDW+zvK+HJvP5ROp1t+/yQXNlvdm","tlshash":"20b18e30d55f81302d277f96ce324bb4d8b51eeb4c40616ad1a8920537f9f19d6ec122","first_seen":"2025-10-12T17:05:39.567869Z","last_seen":"2026-04-22T11:08:20.987906Z","times_seen":7,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:24 GMT\r\netag: \"f12551e7b90b8236bafa6e35814fbff6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IYtH%2BWPk4P2P%2BwFxsYzn3w5gpvkPDSyjFzE9Z6omTBbj%2BaGiRyjGstDG2Dro1r7VmQH4yvPtv0wdKR%2FJ022v3due%2FxRAFtV8hS%2FRPerShWNwFX%2FIwAf21%2B1VtAMJhhZA%2BzdqzXI%2FZpHg4w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40493eaea585-WAW\r\ncontent-length: 11070\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 16394722263959372501\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11070,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"f12551e7b90b8236bafa6e35814fbff6","sha1":"822467c37fc8f919817660d15c94cd8c6ca5479b","sha256":"428cfea955123ca0422aabb9bdfadcce651a3227dbbda6879a90c507fdafaeaa","sha512":"d26865adb2bca74cc16b5428f3d703ea896a99e087f9bca0a7b3dbd7b1d2ecf3bb9ab69e50255798208d68d8789af3de2c99072f9d8ccd2995aaf11553864495","ssdeep":"192:SohsuhcANwPA6DmRamGZOxPCHE775EhPDR4oETR57jX:HZhsDG8Olz75u7RsTXj","tlshash":"4432b03de125930096a34cbece5ae3344bb9629333b0b54cdc4499f12597cb42e70a26","first_seen":"2026-01-10T05:58:33.763595Z","last_seen":"2026-04-22T11:08:20.989062Z","times_seen":116,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":316,"dns":0,"connect":0,"send":0,"wait":128,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:08 GMT\r\netag: \"0708bff7e21e2f2e72951bbb2d9d3504\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qS1v8M8TIxjwPyEigYroV8w8IYzWcjfI%2FZ12j%2B2WAWnX4UOQE45%2F5I6KYeqzXZDs8LUSUC7uu4IqVrmsyTsQmuByWRW1tub%2Br0aiRBisibS0Zv01iHp6b%2BOzwFMtWGpyamgmi21VtGgB8A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40498998bbfe-FRA\r\ncontent-length: 169448\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 5374765105780198902\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":169448,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"0708bff7e21e2f2e72951bbb2d9d3504","sha1":"447b032f8b3d069d6d563d402be895ebf097f6d8","sha256":"79fe5ef0903c68c5588eb10fc3d84132bdc350b35c81ee1c6949cf781f39fe69","sha512":"667ce1eb9f97425171191f698691a17422b5aa16cfe52a0ec18f22d15bff26556fa2d284bdeb1e8020df0c93c94fb1b0fd202c5c1aa435af677ed275fad87bc9","ssdeep":"3072:pWQAl+XOeoZ6HUR1uhhITVjmrDOukWh0CX6zcAds080pWiCOM2aWLS:wYOeoZTR8UTutkVCX6zddVzMFWO","tlshash":"3ef312c591b38fd687632d78ca44a6860133ef127968d9ed412c84bdc9ed2127cf48fa","first_seen":"2026-01-10T05:58:33.921967Z","last_seen":"2026-04-22T11:08:20.990431Z","times_seen":115,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":248,"dns":0,"connect":0,"send":0,"wait":140,"receive":91,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:28 GMT\r\netag: \"11bc0490f01525768f59770db2297149\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F92KAU8rVfH3m0nDhnbLaSAkLn8%2BoKsr5mGtb8B%2FJSDBJb6bUEPJvtuYjjqhiyDh68Clo7ZLgStpp3wr55E24RWRknuVDkytIPqdAWFvl%2BUuzlU%2BWtOleUJdoN6FNKy0Ss6iiEoKVjO%2FpQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4049dbf9f17e-WAW\r\ncontent-length: 44494\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 3911296499547425966\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":44494,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"11bc0490f01525768f59770db2297149","sha1":"45d5afd695daf115b15d2f3d8413ba9ab3694975","sha256":"a61d9fe576914ca7c0893823fa52f09725ae7e8cc43e12c63f2eb41c73547154","sha512":"8999ebf5e2e63082b298aa57dc236a7dd4ecbde616aa2f5cbfb137e6559730ccf2080e0f99a400dd2507102bdeaed88ba00fac99ee6486e328bbdc07a6abb99f","ssdeep":"768:Asqja8OCwQkPOoS4nNgT3p8tZgn5DVWGgNS4RipleSQ6c5xlGY89B:VVQGS8A+wn5D4GgrkKKc5jGY89B","tlshash":"3713029a26762833b187c36d0071062c1b78b89f3654c54aa4ed39249b5f0dfc7eca6f","first_seen":"2026-01-10T05:58:33.838783Z","last_seen":"2026-04-22T11:08:20.991243Z","times_seen":115,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":173,"dns":0,"connect":0,"send":0,"wait":102,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/44623.1774008371298.474b3ce0.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/44623.1774008371298.474b3ce0.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-15998\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70652505\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88472,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64072), with no line terminators","md5":"16428ee8976bf56a362d9b976d6b73c6","sha1":"023a332478407d1a977d46247b190d74437bbf11","sha256":"577d1d64522233b18540fce51e117d3c06719117dccd0e80bde436089f3b8ba2","sha512":"d5cebb264f3430589e2f8b35cd8040888c3d92a9be839a9f9d3cd6799c4567846396ff4c5b1313057dcfb533859e76bb30d05d635e68faf69de410b719a74bcd","ssdeep":"1536:kLUw/AG+HRNnKXpJwTl0sIycK/enOMTGVMBC7iCljkqpQs+0fedt+HmQ:kowoxRkwTl0sRMTGVMBNClwuQsItkr","tlshash":"9d83f8c4b5f4f4f9669ed6a2973244b4b01527c1b0c8ace0d2a96e147f1db66b8318fc","first_seen":"2026-03-20T12:57:26.682071Z","last_seen":"2026-04-22T11:08:20.992115Z","times_seen":101,"resource_available":true,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":554,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c7\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2960,"timings":{"blocked":-1,"dns":0,"connect":0,"send":870,"wait":1027,"receive":1063,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:23:07 GMT\r\netag: \"50b573b71c42d898b8557c1c5acc73ee\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GOMIVk3t0cApV6seAvLDDTWXmrdxCfaO4Ujl9Rw4lg5uyceDmul9%2FZLnJlreRftXAgiAJSCGNAqE7fpDNIFQa7RK%2BRt8qySUZjHD9DF6J3z1bOFw1VMglYAQhi69OZ2LbzJG8jfvh8j1Mg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40490db0f65d-FRA\r\ncontent-length: 65510\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 8241211397410304096\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65510,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"50b573b71c42d898b8557c1c5acc73ee","sha1":"c6ea5463068dbe2d70b2f80269fe977ffb76f362","sha256":"09f24702da75470bdc637a62eec301d72e8b1fea4a78988ef15f4f87fede74d7","sha512":"8b34f1c70f66a98b883e7cf81b74942aae50307e9cde3e9cd36864dae5d210ea7113b539ed0f8775e1d756d5de2734e40a1fee6e008ab0b67d3e2716d21cc102","ssdeep":"1536:ZsAMZEDXiepWzfRKc7nC3BQkbf9ptwv+AOtedy3JMw:ZsAMZwMrC3BVTtAy3iw","tlshash":"4553f2765eef65629bf42eeb037086856fcb5a10803804b83055e1a5ee85c29f65d372","first_seen":"2026-01-10T05:58:33.857848Z","last_seen":"2026-04-22T11:08:20.992992Z","times_seen":116,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":297,"dns":0,"connect":0,"send":0,"wait":130,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/service.68be110a.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/service.68be110a.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/index-399e2569.1774008371298.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-2991\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7132251b\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10641,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"993784a38ddc1156572bfc3308055ead","sha1":"becff431867226bf323b5a6535fa383992f107eb","sha256":"abca3af980888b08c6cbd57366b3ac94344d66ea048484c4f9867e300ee8703a","sha512":"48790c6340f273a58295fc6607306353ab69d5a818569fe36ef1bffc8fff084b23d37b401e10502b830c67a5efedca56c1c9d778d6198e4069018d055f1869f0","ssdeep":"192:NdsarkpjwOOmfStcnaHtzB3l2eKD9RdfXtRqi3ln+ojjjKMGlnyL5H7nx+:nJQpjgOz9Dd0orKMGlnA5Hbs","tlshash":"8822c0c41e1be1b6d2ffa916b28543a04b3421fda1a24c342d828c04ccad56ac91f9e7","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-04-22T11:08:20.993918Z","times_seen":1260,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":715,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75ec2541\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:31:01 GMT\r\netag: \"df95364e41340c5e75d357279bd12cbf\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IAQTuxmUoKyBo9zUIZqqEsEGQ%2B%2Bln5AYJKF7rk3oTVEMaKg%2F%2F4NPziKkZcizf3w8DTACXLI%2BPPUxYslSDRFQJj05QpzmTYJheIszm6%2FiPcZrHR9RbFZxy8ich7FQ59aEDGFJCj%2BzFKin%2BQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40495f98b813-WAW\r\ncontent-length: 52382\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 14983785042581783189\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52382,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"df95364e41340c5e75d357279bd12cbf","sha1":"48c3ab78c2605098d70617a87fad6a2ab241c7b7","sha256":"1358518cff7c31a8bd66ba599ec4ad7c5638b03d278455cdca535b220fe95683","sha512":"407f6c90d0a0fa16f4ac229000be6a512b0609634f52f96cfe278507f117183c977d37b2c3220368785de3c07c7be6b00fd1c490f240978802d4c1e9aaa620af","ssdeep":"768:Y2/E0Y/tLxLsxLHzZGHtzwzzxgHi5hUOjl7pE1+J1r5k+A8okW8winHfG1HL:3EHVNshHzIIxEuh7q4JxqXPin/G","tlshash":"373301689c11db25d8805a6dd62bbfce585330e6231f0bca5b13d95e0bf1a852f48c9e","first_seen":"2026-01-10T05:58:33.905084Z","last_seen":"2026-04-22T11:08:20.994783Z","times_seen":116,"resource_available":false,"data":null}},"time_used":439,"timings":{"blocked":281,"dns":0,"connect":0,"send":0,"wait":129,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:32 GMT\r\netag: \"16aab0027c0128d815e6dc1bce622be1\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P6%2FrRzPFcA9AR1F8JNamfF3cyVav%2BwvzMuf50EjSPR%2BkfuJlJEGrRq2%2BYGxeVPrAT7LdLmUo8N4htm82O%2BFnOtY2ZqWV8E1yRyHCaGMDjZ1WSU8YCbJrTKpq5UF%2FnvJkn4aQIZNdePpPpw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40493aaef17e-WAW\r\ncontent-length: 11602\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 17426501858793370816\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11602,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"16aab0027c0128d815e6dc1bce622be1","sha1":"10691857429694fa249de5e1824a74954ce8db4b","sha256":"84de6ce97829e2cfa6456948f58c2e1060a8cf3d82b294d1388ecf1ac73d3dd8","sha512":"000c164f02a81f98c24befc37444429d10f6233f7289328dfa90daf6c94af219b023e76fac232fc26be39d1f7f1a73bfefece6620a3f9aa3af95e4b0a9df139f","ssdeep":"192:jx0EwHQZEoeKC69DzEtpjQM8dUNCtSyj2OG5hSutqwILUXr/mt/XqzLYKHiifMfi:jx0EwwZpe4Y3MMqUN/Qlw84IL4/M/an/","tlshash":"8632c043a65ee2fab617b75609568204de22d0d468553406d7ebd43a302effeb144907","first_seen":"2026-01-10T05:58:33.906941Z","last_seen":"2026-04-22T11:08:20.995586Z","times_seen":116,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":323,"dns":0,"connect":0,"send":0,"wait":93,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/bj.ada43481.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.462Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/bj.ada43481.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-6b4d0\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322519\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":439504,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 927, 8-bit colormap, non-interlaced","md5":"2c55f8fcc8edb773be5014d8deb72c4e","sha1":"e7e55505bf22de833ec6b82a229e70bdba93b58f","sha256":"21c44535cffd825752bf9a535001b4b605147e3434cf2906fc2c8fcdcd992c1a","sha512":"bab93e8eb191df623bd7e238ae8d5cf7feae73e2a768d7b591d4dd8b7aafc199fce7c34066a272fc9137959a78a6bcd9fb388f39d4a0938f5674aaee815a3cf7","ssdeep":"12288:K+TyFzCVXhEu0hvb3kkjOO9FNkh4k6yvwUKA4AuJiT9h+:tTyFGjENkkyOWh87UK/JiT9h+","tlshash":"739423b1df0b89c858a39043dc74f99263e8d0a6bdc40ab80bf14b9176709dbbbf5116","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-04-22T11:08:20.996468Z","times_seen":1210,"resource_available":false,"data":null}},"time_used":699,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/help.4e3cf897.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/help.4e3cf897.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/index-399e2569.1774008371298.a7b0b4f4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-2852\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7132251a\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"6dd52a6a4d07f2786b1926fac1b4b06a","sha1":"9c9908204401fbe65d33cf7df8881639d6aea37d","sha256":"e02471f47b506ab510d0e0dc4224cffc03c34f950b649ce347ccd71af0bcf0ab","sha512":"fdd52f532e5c2e2c182db20e2053eee0ca8c26cec51ff75e1bc341b01911461ac72fa75887fa3114188ba32aa6341c0974d81d071fc42b605e72f73dfb87ab9c","ssdeep":"192:x0C+pMwjX2XZ456BAJu+1KzdjCfDrRq6wUPlJyh2h4PAmWP5yQSkHxfYX32H5TRm:EjGXZau+1MjCrrRLlqGOnWcQSkRQX3IG","tlshash":"3822c054370836084f737a4362ac4e837a06040ffdf9b7919a6372659a5b94e44cfb66","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-04-22T11:08:20.997251Z","times_seen":1264,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":715,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/8544.1774008371298.875d684f.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/8544.1774008371298.875d684f.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-3ff59\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df693124f0\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":261977,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"34f32e63de85d447747fac95e333d215","sha1":"e1c3bf318441d00ced2a613161862bbed9dbfda5","sha256":"936c3da85d53ee12dcbc04708e57a79c5ef799414aa00f35dfbf70322970daa8","sha512":"4cef2d95fdf4a7447992aba713ac723305df791663247fb91261ecea0233673c0a7095b666a9e72020cedd32931f77f2ee35c4d252c13a3e893e063b1aeea876","ssdeep":"6144:u/rOTURxxB0Jjytg7DiQPkcsz1aL3p2YO+WidjHrrL:uiJjytgPJPT3p2YpHrrL","tlshash":"c9442c44b291f0b8879b42f7922b4056a17f48a1308cacb4f295f990be7555c927fbfc","first_seen":"2026-03-20T12:57:26.652616Z","last_seen":"2026-04-22T11:08:20.99812Z","times_seen":100,"resource_available":true,"data":null}},"time_used":846,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":846,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75dd253c\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor.json?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/json\r\ncontent-length: 646\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: \"68dbcacf-286\"\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df70c1250c\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-04-22T11:08:20.922791Z","times_seen":1400,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25cc\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12442,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (762)","md5":"bc73dbe775a6695635790e5cc29d3bae","sha1":"4ac4c03d911caa812b961f380759aaa3c7183901","sha256":"50d40baba5364135cd7aabadb9263c695effb67a2d7cdb73c25040ca25ce7547","sha512":"3d633b9b9d714880216bfc639ff74fab020dcce74f82692f5f94f67d0045c9694aeedc8dfae50c2ee5c557e27fcb75b013c4cc4c03c5f1287c69a82bc98b081d","ssdeep":"192:NyawIifNhJRaL3a2HGsl1+mA5Jh60WJjXCArxqNmlePJRqfweqaiZLqBNNKwMuFG:43ERrxqNBPJQ5F82e","tlshash":"8442c45b8df28426652360291fbef2083e72d0178609dd403f9cb7985f95b9a49b3bd8","first_seen":"2026-04-22T11:08:20.999027Z","last_seen":"2026-04-22T11:08:20.999027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":854,"wait":1028,"receive":1376,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/723776fffd784db5a32b433c1707d2ba?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/723776fffd784db5a32b433c1707d2ba?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 39243\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41827\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"723776fffd784db5a32b433c1707d2ba\"; filename*=utf-8''723776fffd784db5a32b433c1707d2ba\r\ncontent-md5: +f5znR9zlQDe+Z7CZEUHlg==\r\ncontent-transfer-encoding: binary\r\netag: \"FuugUMTe_T5yMzCH98RrCEY2iEHL\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:51 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 1GobtQKEd\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ZVAAAABQZWocg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39243,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"f9fe739d1f739500def99ec264450796","sha1":"eba050c4defd3e72333087f7c46b0846368841cb","sha256":"a4e7a558d13b8e7a1549c8b0ef18a54c6c20477c5f2ead2dc262c5972dda1158","sha512":"6b3878b8d00d8b20e301aa0876f2e34f15daf0624bc14145015f75e32af52293a14c99e09bcbfa9fbc5fb1a6ff62918a279792ec1ac84dc1f860e37c39283094","ssdeep":"768:mCskeYyVyFeuPS9Y+2iCyARrhtMEMvHzOxCwc/i9pmhHdt8ey:mCTeV4eTKfyCrPuTyS4pgty","tlshash":"6503e1b113d9710774ea2b47db244560a0f08d7164236fd29f0e8eafa04b3d629348bf","first_seen":"2023-06-18T16:15:31Z","last_seen":"2026-04-22T11:08:21.001267Z","times_seen":168,"resource_available":false,"data":null}},"time_used":2404,"timings":{"blocked":563,"dns":0,"connect":0,"send":0,"wait":1088,"receive":753,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/72f5217a8bbf48cdb8865857e3f58d1d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/72f5217a8bbf48cdb8865857e3f58d1d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 101538\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 40926\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"72f5217a8bbf48cdb8865857e3f58d1d\"; filename*=utf-8''72f5217a8bbf48cdb8865857e3f58d1d\r\ncontent-md5: wFclaqIKLtN/9dh1PsJ34w==\r\ncontent-transfer-encoding: binary\r\netag: \"FpKZQf5l5saMrPQ0TFF3pxXxReHW\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:01 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: ZNl0Ma9QR\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: O-IAAACfYGPug6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":101538,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"c057256aa20a2ed37ff5d8753ec277e3","sha1":"929941fe65e6c68cacf4344c5177a715f145e1d6","sha256":"3f88d33619a4279ffcdd3b3fa516db5d1350f42f75596e990a388125e6e1601b","sha512":"e179d63aede06c357d4918e76ac442c54c0ad1d2da0a91a8bae6f1cd53b3aaf8f3e259373113640e77ca05aef17e78eca9c6f0ce563f3cfdd624ec2c39f32994","ssdeep":"1536:Z5eVKUtw3X8D4Br0x6kJY4pJInffaaxzW02ArQDt5eMAVDNoptUrksTvLx8LcEWh:3eV1w3saPkJY4piaax2na7DpTzb","tlshash":"aba312a1c14d51f3e6f19283fee013abe0f638360e548d0a4697b520b725cee9b879d4","first_seen":"2025-04-19T22:34:55.299219Z","last_seen":"2026-04-22T11:08:21.002109Z","times_seen":48,"resource_available":false,"data":null}},"time_used":2373,"timings":{"blocked":228,"dns":0,"connect":0,"send":0,"wait":1291,"receive":854,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25ca\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":3045,"timings":{"blocked":-1,"dns":0,"connect":0,"send":766,"wait":1027,"receive":1252,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e129095836d24463a6371c8824f06c19?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e129095836d24463a6371c8824f06c19?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 12834\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41828\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e129095836d24463a6371c8824f06c19\"; filename*=utf-8''e129095836d24463a6371c8824f06c19\r\ncontent-md5: DiOyIns2T7JHIJ91e6f3ew==\r\ncontent-transfer-encoding: binary\r\netag: \"FtK1ea0Tvau9pkqSEnbe7Kvk5cBW\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:49 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: j6lyhWFTR\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: MJ8AAAC_9EQcg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12834,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 480, 8-bit colormap, non-interlaced","md5":"0e23b2227b364fb247209f757ba7f77b","sha1":"d2b579ad13bdabbda64a921276deecabe4e5c056","sha256":"32f2663969e07c23bcae38ff2e9aa6878c36ef71e0f53e9c48c600c1b650ef5b","sha512":"3bcfeda815c0bed614d96b212b89c7295c3885235b63b9f1020a269fa6e40174b0b507b0732cc02ef61079d570aec1924deec8ab0716678a0fa566a26ea22b07","ssdeep":"192:layHeLWIp9b8byTzhZWfnE8vAV9ldNprVFF37eGaFXBDs8dJ34U6u6oueiODn:Uy+yIpKbynhZWvAVZ5FJ7eGUNst/1cDn","tlshash":"e342bf059bd4a511f99e9b35ae407c9083de7233d184b242f6ddc2478afe4ea5c49337","first_seen":"2023-06-18T16:15:31Z","last_seen":"2026-04-22T11:08:21.002887Z","times_seen":171,"resource_available":false,"data":null}},"time_used":2118,"timings":{"blocked":905,"dns":0,"connect":0,"send":0,"wait":1088,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/assets/logo/favicon.ico","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 585615\r\nlast-modified: Fri, 20 Mar 2026 11:22:55 GMT\r\netag: \"69bd2e0f-8ef8f\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6f6e24fe\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":585615,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"abd1eb812e495d993fb310ca906ea605","sha1":"77a61cd2ad4a89c22f4a979571d3c259870732f5","sha256":"ccd41d39ff7fbed7a9200f685d9b0198736d1a2f737e9d32f83ddaeef39a4180","sha512":"e8221a9acda08a0a0bc5410cd14bc72d30e6fa66cc6e7a4bc07b53f5c94b5ec670f19571246ab2f55ec2924f679543780e9f55e0ecf8a169ce3b91e38da07d25","ssdeep":"12288:zObp4IC0/qFNYge/0z5g2c+UTxVi1+4g+/F5:ibpa2qFNNe8zy+si1+4V/F5","tlshash":"e8c4230df5a39834d5dc996741db54e0c790e4183db25e323ba3448ea3d05b8ea267f7","first_seen":"2026-03-20T12:57:26.707036Z","last_seen":"2026-04-22T11:08:20.932553Z","times_seen":99,"resource_available":false,"data":null}},"time_used":539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":323,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/bj1.17ef2db8.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/bj1.17ef2db8.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-e5eb\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 454122\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322514\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58859,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 1299, 1-bit colormap, non-interlaced","md5":"59f1176bd542d042d8ddecbe4ab2cbdf","sha1":"7251e6f8bc0bf8bf3e62e892b34540f8259dcf9d","sha256":"b3bc2f14721d5f84900af66179eb6ad69a9c8d5a89eae36f877cf09fc9872603","sha512":"c4e7f1491686b72482ba26e34fd94496fc71bec2a35ba1d7cf67391e1f47f859465ad9f0c7d286bd35f9a26132fd80012a2cd2f8133cf1c6013db4f4d27a85d7","ssdeep":"1536:jlJ0Z4kwI3cG0YXIPf/OWcFOtk2bnIlfyMcw68vTbD8:gxbsGvYXd8OtTbIsgTbD8","tlshash":"004302d3b5e9f610dd38c157a3d1c9da504483be3e938d0bebbe402629fd56840a6f16","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-04-22T11:08:21.003678Z","times_seen":1272,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":522,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:50 GMT\r\netag: \"3744da426a390f82778503dc43cd0007\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FFb%2FgaF%2BctisClyflhZkTM%2FaTTo8k342UGvna3jVYS%2FJ51uiuOK4%2FAHcCYxYGplpCCKqCcn57SJX25ntK4YNhkpmb4o%2Bg1U8qrryUHVzc99pN84dPL%2FxQf1CS%2FtYASpU8nVwWxAXjd%2BFrA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9eec4c2f2a9c65a8-FRA\r\ncontent-length: 359196\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250257\r\neo-log-uuid: 18004674481924191160\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":359196,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"3744da426a390f82778503dc43cd0007","sha1":"24afaa27882ed170e969e82c4602a1c36f8ad3c6","sha256":"ad876fd90297b8219e140f0045e92294f4ad6b37c0fc5d23995d3d08d0210ebd","sha512":"2e26fa0c939f872b64d8ca47f18f8423f06bfe7572e3bc67f6a500415671865956849ef1bfb90618cd3a54b0d0e8f2f455693de13fc368ef5890309b2ec58d51","ssdeep":"6144:vqJy3fkqKTt3/vdG/ZHOMjOUZgO1EjSa+6V4IG1ukzX+wPpoSLB/ON:QwstNGJZjhu6EL+sGIqJs","tlshash":"6a7412e67e777d4b86b68fb6f3d02e4811919b02dce115487854f42328eb0ece89ec59","first_seen":"2025-12-29T19:25:01.993662Z","last_seen":"2026-04-22T11:08:21.004612Z","times_seen":844,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":90,"receive":154,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/373224ea7c004f9a872953397830766c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/373224ea7c004f9a872953397830766c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 36895\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 1566\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"373224ea7c004f9a872953397830766c\"; filename*=utf-8''373224ea7c004f9a872953397830766c\r\ncontent-md5: VT2+j2sZP7GpohVYB5Bbmg==\r\ncontent-transfer-encoding: binary\r\netag: \"FsPwqpgTCPbbRtLKX7y35lJGbAcV\"\r\nlast-modified: Tue, 21 Apr 2026 16:00:34 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: kdCq5ddgM\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: X90AAABQDn66p6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":36895,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 127 x 122, 8-bit/color RGBA, non-interlaced","md5":"553dbe8f6b193fb1a9a2155807905b9a","sha1":"c3f0aa981308f6db46d2ca5fbcb7e652466c0715","sha256":"670a29307bf69df22f789bca5121ed2c21ad49bad3ae4f9f5e7e97fb51f54f50","sha512":"45208f48daa4c4b89770c172336814df6f61992b3c9bf6c6f31aa313715c4ce4533cb683374139ade97d9cb65a7d5ea02573298c79c6929ebfc79d3826bd0dac","ssdeep":"768:F2z5DmW7S2/VKhh1qD7K4hJslZRujoOCqga05qL+KTnAu4A:F2JmAS2/khh16HslzujNCqL05HKR","tlshash":"baf2f10e8fe1b1d1de80dd33a69da33a56475c6e8a8670f911c0d4f116bde3a6a1611c","first_seen":"2026-03-30T12:16:31.53353Z","last_seen":"2026-04-22T11:08:21.005579Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2246,"timings":{"blocked":1230,"dns":0,"connect":0,"send":0,"wait":911,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/e5fecf11f314183c6148f50b0d50a606.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/e5fecf11f314183c6148f50b0d50a606.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 1376\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"55322be095b88468972639a7592bc972\"\r\nlast-modified: Wed, 16 Apr 2025 16:00:26 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-replication-status: FAILED\r\nx-amz-request-id: 18A8A926FC856DF0\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-amz-version-id: d151eee3-b073-41ce-8495-f444425f13d9\r\ncache-control: max-age=2678400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nIFq7BcJOJIKDBzIYwt%2FRQ8LHw3%2BYf9XdN%2FnQqJfPFUMg%2FJq3w26sBlHOZZPwgToXn24OOKoVb%2F1xKb5Rh78GpfIorXvDhFQxwgkxRXvDJGPo0LTlHFnBSjw5sh0UpBOovaXTQ%3D%3D\"}]}\r\ncf-ray: 9f0429f86f82723c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1376,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"55322be095b88468972639a7592bc972","sha1":"c9a5d1b21cae11fca7815fe9d75e742e2f6608e5","sha256":"f5cd9809c5fc7039d8cf72240bd6645ae8c0915d2e8cf3f9a7612805cf1e8400","sha512":"3955205694df360b2866417a6532ef5e0c64dd9a73d71d5bd6a9ec00538ca68aadddb6422d6d037d07d237e8590937d784f963e2677ad62dea24e438d965fd33","ssdeep":"","tlshash":"6a21d81943804c52468f9afa2e4f975adc6b35a696c41f492d38d6a5c87e10703d9e28","first_seen":"2026-01-22T12:23:23.006759Z","last_seen":"2026-04-22T11:08:21.0081Z","times_seen":46,"resource_available":false,"data":null}},"time_used":928,"timings":{"blocked":-1,"dns":22,"connect":1,"send":0,"wait":863,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/sponsor/sponsor_web_1.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_1.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-a556\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 441181\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df706d2508\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42326,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"e0ecbe5a9349aaa328ffd6f9515f9007","sha1":"79ebc30d345c812a3e3a122f152829d161b00a52","sha256":"452d27839b3f3f35d11c9a26f06d6cc9db56dc8c61261ee43e0512f69abf71f4","sha512":"fd322bf3ca925ce2eb45317adae1dee0f1c2e4f30035738052a97ccc054ffb576a92a46758559c8d13cff6be549caca5541d14c5692cbec2758ab2b3c7f3324a","ssdeep":"768:2o9mjFjepo5h5jLasrCO57PIrvmMOSf4t7q5bo6Wruv9CSMsfRLMD7XZ0:2ogpymTxRrwmDSM7mbo6WrutR60","tlshash":"8713f2ebe1075d80bb946c9b3925eec61da50f047bc78d68c5e055f921290bb0fa33a7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:21.008947Z","times_seen":1307,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7620254a\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:19 GMT\r\netag: \"2e0e15927b525879909c42380e89ef9c\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I8VlLH7gPE%2FkX%2FntOlEG78iIG3gz%2F4NbEViFTLBzwuK7mZDGMrVpENI6XuXffrK0AvZ8jmRoNdYziM%2BTU3OXKhT%2B2oYA4CVJll4AeRh4Gg%2B4DJ53HzxkgToTQgKKSTpS13M5%2FyNYLevjbw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40496cda9d13-WAW\r\ncontent-length: 11120\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 4894502864416784751\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11120,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"2e0e15927b525879909c42380e89ef9c","sha1":"901684f5d73cf02aad45fed2be68aa7dc3af8891","sha256":"b429f55609a7218666902b9205fc0337dde21a8ae340f1f24b0d74e4ac3b6fe9","sha512":"9edfc9136e44f0fb642cd7b6e9ecc7b232321c6f6ab421c2b495c73b9c18267198d849a711c63153011f26ec58c98440f0230cd11ccd000e4171f26439eae4cb","ssdeep":"192:pgMz7rqmua13y84zY36YC0JwSCH2XOc1wK3/RZ/dHGKFdVr5suOWQgcSQBO4mZ:pymus3ytKC236rKJr53IW4mZ","tlshash":"f532aecec99c3f15ac35837d36253988ea4409130f3761c1752a648257eee8a22d6bf3","first_seen":"2026-01-10T05:58:33.836956Z","last_seen":"2026-04-22T11:08:21.009708Z","times_seen":116,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":204,"dns":0,"connect":0,"send":0,"wait":86,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e301e672f66a463e979d3f4206f60b73?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e301e672f66a463e979d3f4206f60b73?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 22728\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 88632\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e301e672f66a463e979d3f4206f60b73\"; filename*=utf-8''e301e672f66a463e979d3f4206f60b73\r\ncontent-md5: 5QEAOy4d1nwtEAHxcyDGIw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fp069gH3Mm8vfDxxltZPmhihYfWM\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:09 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: PTfRp5XUG\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: unIAAAAgF-CKWKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22728,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 174 x 174, 8-bit/color RGBA, non-interlaced","md5":"e501003b2e1dd67c2d1001f17320c623","sha1":"9d3af601f7326f2f7c3c7196d64f9a18a161f58c","sha256":"aa2ffc83a8ec20a4671f1c5de04a490cf27e0e211c06f3cfcdd9b542b2949474","sha512":"9a2a9c94cca46623150712fbdbf34bdbaebf21af738348dc590006b66c56a05050ca90478b2a7fe1380a51574912dc4ad06353eee1258779e3a3e47c5ac93d52","ssdeep":"384:DVibgKOvXAHmoI3A45fgRfaOix5A9OPao2xeDZTJ+aEVnxCjGh:4bgzvwHmouA45oRf7waZeDPgZh","tlshash":"2da2e1a1c3f8206f465421149877e0ddceb3be2a4356e3909648fa4b3373a9ef1a7507","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-04-22T11:08:21.010405Z","times_seen":71,"resource_available":false,"data":null}},"time_used":2012,"timings":{"blocked":1258,"dns":0,"connect":0,"send":0,"wait":656,"receive":98,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/56382dd5196c476788b3f4fe13971b3a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/56382dd5196c476788b3f4fe13971b3a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 17924\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 68813\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"56382dd5196c476788b3f4fe13971b3a\"; filename*=utf-8''56382dd5196c476788b3f4fe13971b3a\r\ncontent-md5: QuK+GS1P6x2wSrmf0YrIXA==\r\ncontent-transfer-encoding: binary\r\netag: \"FkmqrafbNOAPixgX2AdgnRf5Cflq\"\r\nlast-modified: Mon, 20 Apr 2026 01:32:13 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:1\r\nx-m-reqid: wSyCjc9k7\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: IHgAAAA93EWRaqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17924,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced","md5":"42e2be192d4feb1db04ab99fd18ac85c","sha1":"49aaada7db34e00f8b1817d807609d17f909f96a","sha256":"698d55e653322766b8352d139591c49adbb13ab07273ef8f162fc0a865a2fe9a","sha512":"8c777efa63c95fe97b4e57d5eca694d33f9fd0a3ce0a93138c14da15c8998382856e4caf500dfbc0d21d315f8b78303bd57380ac31942001dc81f29140845ca4","ssdeep":"384:QBxDxoPMlVCDyXknhB+CaKd5u4+gyxphnUrnftcPyHIoL9f8zzHJSz1E:ADxfXknHRdQVgynyHPGO+","tlshash":"4482e01b6cfe2565417c63b6acbd683691386a3021c0540e2e71c52b6e8dd4c3beef39","first_seen":"2025-09-17T07:26:56.646449Z","last_seen":"2026-04-22T11:08:21.011433Z","times_seen":153,"resource_available":false,"data":null}},"time_used":2745,"timings":{"blocked":1032,"dns":0,"connect":0,"send":0,"wait":1295,"receive":418,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/noData/cms_moren.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/noData/cms_moren.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-4d14\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322523\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19732,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 214, 8-bit/color RGBA, non-interlaced","md5":"f3c825751a70d4aad8da2ce57f76acf6","sha1":"732da443668abb03a79a70df2d0ea8d801158655","sha256":"c395f4c1941459ef620f6df95fabd39f9ac98e03f6a389886bf224157557ce41","sha512":"a3b3fa2a216c10d331fea4771b916825d0605b94e21ac242d152d7c5e4b984cf3baad7a3fd071dde3432162037514d756cce1a0f699baf3dc98eaf75483c91b0","ssdeep":"384:64pTwcIHFqFpIlD8SqhwFLW/na2PvyQXSOKvOi58KUezsTT5ZOon:67XlROe8WvOAPHQv","tlshash":"a592d0d8abcb6705bb132b43b941a3558e0dfd6a130b9bb131782805ee16151e8d7e3f","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:21.012891Z","times_seen":1283,"resource_available":false,"data":null}},"time_used":727,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":727,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e611afc19b9a4532930607187177f76d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e611afc19b9a4532930607187177f76d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 15821\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 41827\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e611afc19b9a4532930607187177f76d\"; filename*=utf-8''e611afc19b9a4532930607187177f76d\r\ncontent-md5: 7ng8o5MGg0sdVKuH0gVFeg==\r\ncontent-transfer-encoding: binary\r\netag: \"FjWLSVM_egCGHTPAph1aLJy0VbTT\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:54 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 8mb69ePNt\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: JgMAAABDv4Ecg6gY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 480, 8-bit colormap, non-interlaced","md5":"ee783ca39306834b1d54ab87d205457a","sha1":"358b49533f7a00861d33c0a61d5a2c9cb455b4d3","sha256":"13dbdd9255cdadc1cdcd98940c57cb368f7a76eaa3870864120b588a08d2893f","sha512":"73568577ec104a151ad05edb990531ddfa3beffc3055c68a527b96cd7fc5e4097b1cadeaab5c75fad7f94e247c545646d3c10f69c577999b84f5de4f6b4bc6f3","ssdeep":"384:sJ/pdraA9ySEiLbzaJbVMGE+HDewnJ+bqgLKUP9TUQWT5JtR6Ri:+/pd+gyMaJmGxsbqgLKodrW156c","tlshash":"ab62c15cd6560457e83bc37c0db6f399867219a8015832d7a2fa1e2e3c6bfa1533190b","first_seen":"2023-07-08T08:51:55Z","last_seen":"2026-04-22T11:08:21.014295Z","times_seen":48,"resource_available":false,"data":null}},"time_used":1548,"timings":{"blocked":237,"dns":0,"connect":0,"send":0,"wait":1270,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T11:07:11.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:12 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856032=htcIJgJLNiyxJJofpuxwU9pvyN1lN040ni8/voHU9xSzlTiuVXfGD0M8B69dninbouMrfanretrvXTnVofkAgrOILtTtYvl2aE/d08QLefJcQ+I6KoXgSbMcA2ZDRA9TziCtEzEFh/CtLR9WZ7cBzyaN3sEEU4ZBcyfFInkQWtLKc9Se1P6+70BF2G78ypuv\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df669b24de\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2855,"timings":{"blocked":1319,"dns":692,"connect":206,"send":0,"wait":217,"receive":0,"ssl":419},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/configPage.js?v=3/20/2026,%2020:11:10","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /configPage.js?v=3/20/2026,%2020:11:10 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 949\r\nlast-modified: Fri, 20 Mar 2026 12:11:18 GMT\r\netag: \"69bd3966-3b5\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424e4\r\nx-cache-status: BYPASS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":949,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (917), with no line terminators","md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-04-22T11:08:21.015479Z","times_seen":1320,"resource_available":true,"data":null}},"time_used":233,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/css/home.1774008371298.4fdc0c2d.css","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:14.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /css/home.1774008371298.4fdc0c2d.css HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:14 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-15957\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856034=g54iPfEydgw012d6wpp1pBzrCCA2Rzo7OV4+S5PLmIYcgnZuNZkRMoBvcVvU75kzoHH4/yuhI5jk8jPYFs3GP+pua82nJrtzTrlOzkYWXYfk8gcqADM9RKXuzuCSEwc01XQhQ7XhfxNqThEosQwGV7RTuFMlhrqpDudfSrlQWwCLmTeoeGt7D+5lv6euTFgx\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6e5f24fb\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88407,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"007862e83d9314c1e7ae4842084bb64d","sha1":"642c968eb2ee468cb813a8e8fbf2c9a17d7831b4","sha256":"bb1e4e9e5ad6d72a3d0b6d93ec8a5cadca9f37963676ccf64ab7ab6aa5f34b04","sha512":"b8cb01b46cb03ceb6ee78c3192bf5a5aed4f8089ad1634a9aa414f6f9bc15fd2f78b6438a9039e1005845703cdb1c19bba4a007cc6414bc55a2f014d589385ea","ssdeep":"1536:fwRzOcRM7jufawS2d3a8WiLKbzGhbG9gpXdNCR9khb+8J/:fBtuSJwLUK09gER9khb+y/","tlshash":"db833a76a6102539b437ca72bae06bd8b524c846d7634a3df2527e25cbc71f212363a4","first_seen":"2026-03-20T12:57:26.763589Z","last_seen":"2026-04-22T11:08:21.016539Z","times_seen":97,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/api/tenant/domain/list","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /api/tenant/domain/list HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nx-request-source: https://h112g.xyz\r\nXign: NxaG/E5yP+92j3EAzM+zEhe0q+YIh8hR889MAd39vgt0UcdPo0pP2nJIJwskYfnnKTR6V0lkI+3MlQ5TrQyD5jPhcSQT9pxZNOiCUw3evQ2PZYYCbi7LS32Tv8IzoWeaS39dthTeOXvTWijsUEfmWzSuF4R+SnY8WF3ewSBQzu4=\r\ntimestamp: 1776856036258\r\nsign: 7gb43162l2ne3l7v\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:17:16 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df747e2531\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1108,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5d9e96bd132a2c24281ae50f2b09efe4","sha1":"503ea18100d0f1573baa195933355a1372e93841","sha256":"7f205b18b5deaae96622989dbc8ad73999a9616e96ef26d909f19525deadb328","sha512":"ab5a589dc81944d2fe05d656777e9e490d42a2fd68c7e577387cfdd47c9b0c5276ca2f91a3868407c373e500d00bb5360a5ae035c7c0cb1addf47f20755a268b","ssdeep":"","tlshash":"fb11c6101c6f12c8d6e8d29263503345388d8b76056db91b69d6b74fae0583a32120a4","first_seen":"2025-08-29T11:05:53.144028Z","last_seen":"2026-04-22T11:08:21.017653Z","times_seen":1277,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/EGAME.d289cd48.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/EGAME.d289cd48.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-e89a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nage: 454109\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125bd\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"eb8991eb9e0db175522c914343f0a10a","sha1":"ce2d41b154df64421d46bceaeb9878da455592dd","sha256":"b837b4e9fc693e5c65eb049c56547caefe1cf73ea31ae59f95ae46d052fd36b2","sha512":"7d2a886e3ac412f6ea1b1ba290064373e1d07a0751bdd7f546af3116ad057d1f17bbe4847179cdf87297a967c0290280ec0c51ab9bfdeb1da0b881e366eb19a8","ssdeep":"1536:hvA9R/SReJczzaRBd6s3DhCDnQcvyFVWGDnmhKYNa67:hIPVczevUIhCDnQc21C7Na67","tlshash":"dd430276882a8fcd499304944bf9afe164eaf19097b3cf91f24c5fe0423d184d881b6b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:21.018608Z","times_seen":1234,"resource_available":false,"data":null}},"time_used":1649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":828,"wait":821,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:19 GMT\r\netag: \"de3591a5d6778f4310b8109f6c781f30\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iw0Nt11ME0LQT5TWwlssq%2FyYERVzwZ3xe2BAG9hGvqJcu1JqWb2uD88sxE5xuBl8sQf7SrT%2B2QpAYBP2e2rN4cV3ALXjv7QGtIiCgHUojJMto3VnBT1kBzpUyJu8agrc2fa2iIfIxBPCcA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492eb679fb-FRA\r\ncontent-length: 52456\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 16270680696967314109\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52456,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"de3591a5d6778f4310b8109f6c781f30","sha1":"cf38d03f69e9d902b826bd9bae7241be5baca1a7","sha256":"63104a6dc58dff9aac50e95151295eb631bdd8ddffb04d6234f8fd15368c1874","sha512":"313cd49eb8f3e9387a5bc197172510fbe05dc51932efb03a11c04b4ac0c31c4cb449a83a64d72ef5b63c4bd6775a196bf6ad50447bea50e7456c95a897d98169","ssdeep":"768:54M8fxEbpGtvfqj0Bs8GkjOhpAh9bzillpUed5V/7hz9WJVI7X1BPFLN7CLrJneU:5ifKNsXI0ex7lgVMPZN7ErJnnZ","tlshash":"953302a0d69cc510dbf8d6bf0a9130fc5e88fa501ea53b6b47808cdd889e5d4e51f60b","first_seen":"2026-01-10T05:58:33.924782Z","last_seen":"2026-04-22T11:08:21.019543Z","times_seen":116,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":137,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h37s.xyz/","fqdn":"h37s.xyz","domain":"h37s.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T11:07:08.603Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: h37s.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-22T18:09:28.300102Z","times_seen":14071331,"resource_available":true,"data":null}},"time_used":1265,"timings":{"blocked":1265,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75e7253f\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202502/_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202502/_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:17:05 GMT\r\netag: \"6e183b8d89a538d686c746516823bbab\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F0Anmr9T3fdNcQLmPLJbCO1ne5ZcAmjJNtExQq%2FGZ8kUGrDfRce2Io6eq%2BSYNRVRPHYIKAk%2Bxqk%2B21ZM5No5eiddvBJbH5AW2hRN%2B7ke76onPiQgDBaR3l3acoyFzDdz3gaJNBcIrDqciw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40497aac4c6b-WAW\r\ncontent-length: 22168\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 2264627320430636599\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22168,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"6e183b8d89a538d686c746516823bbab","sha1":"27fb1b1ad84055f25af79ee19050fbd23539cbc0","sha256":"4449027e1f98e4c9a25e0fc7329c087b335c9a867961b6d0de2656c6fb86df1a","sha512":"32fda9e7d770041adc83e75ad790f5dc4a9e8e427ca183d98ad0be26743d4854a9f6509f42283fb152cfcd0039aecbad2ee183079b34ecaded7105a8fcaf565b","ssdeep":"384:0Jq0Vf96zLIvbNpNUU2tDeOouLf5GslLXGdB3Rk1SV14Hdyd/2U3lMezZD:0Jq9ENuyOp5G0WdlRkQB12k","tlshash":"ffa2e14f988244a9ddeca5d6e2cf794c44f39cc022fea4669eb455c8b04f5163ee1056","first_seen":"2026-01-10T05:58:33.877781Z","last_seen":"2026-04-22T11:08:21.020564Z","times_seen":116,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":328,"dns":0,"connect":0,"send":0,"wait":94,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df76512554\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c3\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2968,"timings":{"blocked":-1,"dns":0,"connect":0,"send":889,"wait":1027,"receive":1052,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/LOTTERY.4e81790a.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/LOTTERY.4e81790a.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-e929\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856037=yBvV8iIAJV1XYCRdFxWMAikRLiw+keSfElgF2gEzaFNRn4TYKp1ImLR9JbFFaKRpsnauZV7dUbENdnOUI5uoCj203NpqnOtgb3n2lc7LRRxsa8lgIDvGFIAOpKkp4XlRJpEWKLt0txTAmjgwTVy/XjXNmlVcUwBltOPawcR68PsaXxRvnoUcvAAvzX3B84+4\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df79d125bc\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59689,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"f86c9671c7aed55212fe0eb5219a664d","sha1":"6e765dfb0ce3c646d8c808940071554e78e7d409","sha256":"4ba3fff550a17eff9585d6acbc4a96bd515149510f6a8bb7638985fb4b41a181","sha512":"706aa66f138a3459eaf34f5b7a8ffed3dfacecec6adf14a2e83f1149143cfbb059f97aaaac2032587a80c0e30c62e5b46b07b4dc6f3cf5925e6e1db2a8ed45d6","ssdeep":"1536:Cyp1EBaRnsFt9ZXZj0wEYsRvqm1waPbZsY:CLB+sFtzXN0w2ym1fFsY","tlshash":"914302f36beb0bc5b07adbcf4ed354f0067a71496b42dcd44f4120e61ea6199bac420a","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:21.021443Z","times_seen":1234,"resource_available":false,"data":null}},"time_used":1652,"timings":{"blocked":-1,"dns":0,"connect":0,"send":831,"wait":821,"receive":-1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:24 GMT\r\netag: \"8871a786bfdc45ba7ab938f0f567d814\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YBMOgVn8iYAg3XKbEYmXmp9ERLQNTO2GoMmd8XVduzGolPfNPt9F%2F6KTp7exznB0KGEWmJPVy6IE5eCFXVeTP6d4IVjvpYJZcMy7zJlrBik3rRANDU%2BAEzASK66NUKa4zXZGo3gQ%2Bx%2FnHg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40490daed359-FRA\r\ncontent-length: 108004\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 7801152187748800503\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":108004,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"8871a786bfdc45ba7ab938f0f567d814","sha1":"29f65e9f46e35ee041be03321feeb5ad6dcffec5","sha256":"f26f526018b151113ab371e3a64748307b052c41a7ab5b313ea9e1d4fb5c27d7","sha512":"a71fafc80d983437d98b6c6669260a41aee3fc0b52dd3259fb0530ddd8a0a281cec5d6bdcbdd8fd1aa716db89736496d7608e32519eb6366e693c003bcef7e97","ssdeep":"1536:0bmCxBbtKe/h/N267ElA+7YePfJ1LrToGovotEpjB2G5zrk7mJWfz5b49rCqp:0XxHt/X26Ir7Y41rpPWkGiPfNbErCK","tlshash":"a6b31205563908eee4eb2531451db7c7dfcf9921a60328b57052ba4a31e9b83a6b7c18","first_seen":"2026-01-10T05:58:33.859828Z","last_seen":"2026-04-22T11:08:21.022317Z","times_seen":115,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":122,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202503/_enc_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202503/_enc_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:26:29 GMT\r\netag: \"60ed27370158b53f419324c524a4be0c\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RB2jxpSOHfQ51LSavpVfMPZ4QafPRPVRyKGRu4dsKvguMpsxaD6Ol0SMKlx9wpLTVzX6xmuwXjaxA2HTYm7EzYtbnsThsZRtBrDAt5Mi3FwdlwCSoDymyz2xOsPX7rL3fN7hp%2FYKM3nBTg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492995d351-FRA\r\ncontent-length: 103194\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 2649048433154029433\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":103194,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"60ed27370158b53f419324c524a4be0c","sha1":"6524cb5627792d2068dbb8b626286f6e971b42ee","sha256":"039395186b222e55220ded613173a83a459a4f2e0e873cbfed1d1ef91825c3c9","sha512":"510f4faf92a2246be8ef137e870ae81750d8ff67baad4a19c203ea177386793b60f1b9bf6333d64c3abbbd73d89b3c0ae6235ebb3bca8137a420988a1625a767","ssdeep":"3072:mgsNR4fWsUvdSDU+qlX2KtmzD/CbIGM1:mg8R4fWSVKYibIG","tlshash":"aea312850993c5f1bb7598259f7acb30a51a7d70f392ef21cfa94f3ec0b60799a14242","first_seen":"2026-01-10T05:58:33.775212Z","last_seen":"2026-04-22T11:08:21.023157Z","times_seen":116,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":182,"dns":0,"connect":0,"send":0,"wait":117,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e25104aa70574b60b9cf25b537c628c9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e25104aa70574b60b9cf25b537c628c9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 34502\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36420\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e25104aa70574b60b9cf25b537c628c9\"; filename*=utf-8''e25104aa70574b60b9cf25b537c628c9\r\ncontent-md5: xF/OsyqLzCH3cS+41hUctQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fj-9ZwuDFasU5X-oMlFNiNlsZOsW\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:13 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:2\r\nx-m-reqid: jGb9fMPOf\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: RP8AAADrnHEHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34502,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"c45fceb32a8bcc21f7712fb8d6151cb5","sha1":"3fbd670b8315ab14e57fa832514d88d96c64eb16","sha256":"0c839807cf467c13414c8ce3b4623a37888dab0a937f1578ed971b0db871f169","sha512":"c551a6f615a8416f3e8f487e23fc3112d45ffacb42fbb18eaa68c9cb7708c26fa62054560438590b33f6785ad7e15eb139cefc37fd63a56f9a3837060c66bee3","ssdeep":"768:sxE/rN/n87lAYd16xuV7WeCAQ9QLWUrU03iIraCx:sG/rd896HHT9QdwCx","tlshash":"45f2e1123ffda03b341ee25f174d998ccc6b2554e57e1bfb2144e046b2a0e642a5e9f4","first_seen":"2025-01-29T13:39:14.654878Z","last_seen":"2026-04-22T11:08:21.024033Z","times_seen":188,"resource_available":false,"data":null}},"time_used":1830,"timings":{"blocked":220,"dns":0,"connect":0,"send":0,"wait":1278,"receive":332,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75e92540\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:05 GMT\r\netag: \"a57d29baa7610d858c61b10cbd8aa72f\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MiZJJg7ZefDW6EwP23rSdo2yhr7iPWNxv%2FSXx9TsBJn0Xd6y1hSfhfah9YxiVbEOlzoK4YLOjvR3DUqQf2yQACD4DzqRBgXNea2uQSwgvq%2BT5cLwFOEkBU3TBAqNWmWuJCRI95mTsE1KxA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40492ec9d2a8-FRA\r\ncontent-length: 163087\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 2644599037476986981\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":163087,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"a57d29baa7610d858c61b10cbd8aa72f","sha1":"63ccbbb85377a76707714c9a8a9084a5ad7278a1","sha256":"649f1e9b6ed40b404c88242245d1dfcabdd84e553a9a6d0b41ae7479c68586e7","sha512":"f1d50723f3f6e171db06e756ff6530900ee44a26fd593d919767e1941e65e6a76e0b3223b57cde61366214e4b4664cd5e13f0039d01a48f413a1877a840fb4bf","ssdeep":"3072:F2ERsjJw8K6/iWw8B6ssU9m4QkMyu6IDLWuDboEfXO464gl3omZ1AU/eoIOff4e:F2EeFZ/aW6c9bszDCuPo+XO461YmnAiX","tlshash":"0df313d848400afcd04349f96fa09931c3b17bcf13d9869afe8c63ae5d49964bc156ce","first_seen":"2026-01-10T05:58:33.801591Z","last_seen":"2026-04-22T11:08:21.024832Z","times_seen":115,"resource_available":false,"data":null}},"time_used":447,"timings":{"blocked":241,"dns":0,"connect":0,"send":0,"wait":118,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0ded23aef864469ba727efc53e272b62?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0ded23aef864469ba727efc53e272b62?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 35556\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 38206\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"0ded23aef864469ba727efc53e272b62\"; filename*=utf-8''0ded23aef864469ba727efc53e272b62\r\ncontent-md5: 0hGG9lZm9jX3/PW7hzwhtA==\r\ncontent-transfer-encoding: binary\r\netag: \"FjsW0M4bEEzFO1ycFqoeDXPHD8fU\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:05 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:2\r\nx-m-reqid: Wyp2VHfN9\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 9FEAAADD3KRnhqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":35556,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 191 x 191, 8-bit/color RGBA, non-interlaced","md5":"d21186f65666f635f7fcf5bb873c21b4","sha1":"3b16d0ce1b104cc53b5c9c16aa1e0d73c70fc7d4","sha256":"19a1691fe57dc9e24b120851205973bed8e908f4a355496b95b7527aea68cfaf","sha512":"48d3d7ffb6ea6f8696cd841d7d8b7bd32bf284af31ed8700da77976578f72bf05b1f5f09eee2b0c2fe4f05dfa6b3bede61f1b30c7a16216e54ee07c5b517eb56","ssdeep":"768:1qWlTdNdoqmZ8I+azp39WIFa6kX7sHotYjYSc:1qWjboqmZ8I+azDDa6k4hc","tlshash":"aff2d178419e1806fb709dbfda140e86ade35e1802d02fe4af1674279262669a0f29b5","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-04-22T11:08:21.025701Z","times_seen":71,"resource_available":false,"data":null}},"time_used":1905,"timings":{"blocked":227,"dns":0,"connect":0,"send":0,"wait":1288,"receive":390,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/7653.1774008371298.5eafcc69.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/7653.1774008371298.5eafcc69.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-5dd\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6ff12502\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1501,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1501), with no line terminators","md5":"4849391ecd3ae7038c8eca5da5af6cd4","sha1":"6316de5585ce9c3c90e92da7f445df0f1eb06f39","sha256":"7ace68dcf17129b57d79ff5a5ce030178b60d463fa0b0d1027ff5a62981ae2ef","sha512":"04bf30f23c9fc4ee7df1d106f541932dec50cf5794d313087378b16ed5430d29f75a5891abf4e84657525774f2ee231ac62d9e7640000390ee29a08bf23fbae4","ssdeep":"","tlshash":"47310e98b6a171b243af5af98f3f168bf16794c064edb094d096e2e07cb420c4937d29","first_seen":"2026-03-20T12:57:26.686565Z","last_seen":"2026-04-22T11:08:21.02658Z","times_seen":101,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":657,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/31098.1774008371298.4108b3dd.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/31098.1774008371298.4108b3dd.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-561f6\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df72ee2526\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":352758,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65338), with no line terminators","md5":"c7f3dc3d039f9108016a722f0cb67f77","sha1":"b3d7fd0defe3af0c969c7c5c2afec44318b53f46","sha256":"da9b6ff944181c6ba054b7c64b382468862b8767bee7053ec78ab2246a40c532","sha512":"ae83d1e6822daab3ec75a98df2eb46c2c8c111870173484aac1244e8f9a88606c5c060e9aa2ed4b9bf17014808f18276d7fa7f91d3d4307c14379c60fffb51b5","ssdeep":"1536:j+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:2KK5sY4brG7O3SnLJNpL","tlshash":"4374b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec96c446aaf8865e91857245c4da","first_seen":"2025-12-20T17:10:08.001231Z","last_seen":"2026-04-22T11:08:21.027439Z","times_seen":121,"resource_available":true,"data":null}},"time_used":593,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":593,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df762d254d\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df76492551\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/516f17d0191142a9825aac89a6db8f60?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/516f17d0191142a9825aac89a6db8f60?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 6190\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 88630\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"516f17d0191142a9825aac89a6db8f60\"; filename*=utf-8''516f17d0191142a9825aac89a6db8f60\r\ncontent-md5: PKPKyEsF/urRZl/Eb++FDQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FmnmhwrtjpxURHmsbEN_VD1TpIF3\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:10 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 9pzHJDjId\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: huEAAAAxrD-LWKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6190,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 78 x 78, 8-bit/color RGBA, non-interlaced","md5":"3ca3cac84b05feead1665fc46fef850d","sha1":"69e6870aed8e9c544479ac6c437f543d53a48177","sha256":"efd8f9700eef7d83f7ebec5d82fa6bc091b7b071f184a683e410591198e8d00e","sha512":"5fec56a224e07eba813801cee83acacb18256d011764a454befdec7c869d326142fd9fde5c8929657e3ce409dbc15704a70dd9e1bcf69e475554e5141ce84ea6","ssdeep":"96:O+k8S9stPIKEyNhwVV76p3V6gnPPJlF7sfOhQ7XGSUOUuioZ8KH+gKW6fDoqNI19:DkFKnaVGj3XJ36UJsn+gKFjNO9","tlshash":"44d190bb5bc888485a6cf41e037d35818c8ddc99c9ddd76c9f14d8a37fc518d6a80d21","first_seen":"2023-06-08T21:23:36Z","last_seen":"2026-04-22T11:08:21.028319Z","times_seen":39,"resource_available":false,"data":null}},"time_used":2025,"timings":{"blocked":1251,"dns":0,"connect":0,"send":0,"wait":773,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/away-bg.00d4ba2a.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/away-bg.00d4ba2a.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-f2b\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nage: 448229\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7b9325d3\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3883,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 277 x 80, 8-bit colormap, non-interlaced","md5":"ce3e5a71ef5dcf15c030882243e12315","sha1":"d4fdd1329ecac30941a67bd5108bad525c791c12","sha256":"3c2aad01ce2fce6463d6ed3bde348515922dd019d8a670b07b53d66b39c68d3d","sha512":"f6a55d8c079529988760a1c22541c097af159a3653f5ffe89c5c31ee20371f2c879c64797319f4176be77c821294f0f72d83ad77f2a0141203c857c8f987966c","ssdeep":"","tlshash":"6f815cf693e66bd0d5675106a3a14c89624d69d925a325530923f45ec3bb1ac02fe381","first_seen":"2025-08-29T11:05:53.10673Z","last_seen":"2026-04-22T11:08:21.029192Z","times_seen":1236,"resource_available":false,"data":null}},"time_used":983,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":983,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/css/chunk-common.1774008371298.fcaa3bb6.css","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /css/chunk-common.1774008371298.fcaa3bb6.css HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-340e\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424e6\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13326,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13326), with no line terminators","md5":"826c687e5a03ee71f95d5348db199e55","sha1":"46d95f05e1da96866b57353cd147ecfe9f20f2dc","sha256":"daf2bc8bfaa2d7608bfcd21eb0a6aeda1d3452dc26f2b8577a7c69e599bb8d3e","sha512":"47a2d7bf1b9905ec12876df1008c5b7cd9da2ef5d6f72026fea2ef705e6b63bf2f88941c5b57b112aa663a612327e48e1e85da444a119e7187b615b4089da7df","ssdeep":"192:4dQK/X4cBY4mZGX1lsUTLA7gY3bz/i//LN4hHSQZA2VxM2XwKjv0:M8oTG3bz/i//LihHBrxP0","tlshash":"7852b831d635b53ce57be226f9d09adc6024d417e2730baeea653b3ac5ca4d215332c8","first_seen":"2025-08-29T11:05:53.265444Z","last_seen":"2026-04-22T11:08:21.030027Z","times_seen":1325,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/22872.1774008371298.dbee35b5.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/22872.1774008371298.dbee35b5.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-269c6\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df693124f1\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158150,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7175b6eb280645cb927a6029a62c7c21","sha1":"264fbb24690994bc08e806084b2ef95a873a15b0","sha256":"bdfbca520ec194cc9ff168262b9782d417b0eba0922a4795838bd42516cb0ce2","sha512":"76eb372bb0a5a8b4cfda738a06ee8fe14926addf2c20e31851a8555160fd682583d83ee493c23d71c5f2423aaac32b41dd591347a5834111548cfbf97ade1d21","ssdeep":"3072:pPHW7tB4Vgj5tNlxyUYwOW1YegxYffj7TEOiG1Zl+DJVkzEcx1nKs:tHW7tBwgttXxyUYwOW5ffjAG1T+DJVkV","tlshash":"52f30bd4f2c070f6475f85f2a22b5065b26f4d92318c98b0e15ba6547f21b48c7abeec","first_seen":"2026-03-20T12:57:26.639894Z","last_seen":"2026-04-22T11:08:21.030833Z","times_seen":99,"resource_available":true,"data":null}},"time_used":846,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":846,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75e4253e\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:41 GMT\r\netag: \"57e2ced1fc2b99a4589753213a6f10b0\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ls6DcyOI8Kog6XBxLbrKcscsLLjNYvQMGkgJ0%2B5RpUgbgfvjUz10hriFkKUSTJr%2FtoQ4I7NyF1965JjDxQGQZBUvjc9857w1y%2F2ZbFam2QD4z3m4bdgtje10uY5YDzTTTZvF4WEowNbwIQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9eec4c2fff841c2a-FRA\r\ncontent-length: 396057\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250257\r\neo-log-uuid: 6743322387497916870\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":396057,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"57e2ced1fc2b99a4589753213a6f10b0","sha1":"1f5f15d4dd130c38a42ca7fe3eeede26b521cf46","sha256":"df38cb64331a2e43581a2cfd5fa1fbf00f8e0ed821ce05eeb2440f17dfa9aacf","sha512":"d06552ba67916544e1d6053eb43c9300a010edf694d2c43c5a6a080cddb280a22a62def320124f293ba1d3a1af6121a5d5be4bddb6c724077e4963ebfa6996ce","ssdeep":"6144:nnkD2g7Xp2j6ic0qwwyN3TV9rOxsiitOVWkjtA8xsf5eCnqLhAi5iZS8fVSA:nQ7p2j6rxwwyNniM+WkjtAgErq18k8fV","tlshash":"658423b2c8f6c90a736bf975649d99469124fc4f36ef5cf9e1249c2f3602a32690813c","first_seen":"2025-12-29T19:25:02.006856Z","last_seen":"2026-04-22T11:08:21.031717Z","times_seen":844,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":180,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202508%2F_enc_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c8\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":3168,"timings":{"blocked":-1,"dns":0,"connect":0,"send":764,"wait":1028,"receive":1376,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.esportsdata.cc/202/1/2dc43aced237a30eda64c2e4dff1a090.png?win007=sell","fqdn":"img.esportsdata.cc","domain":"esportsdata.cc","tld":"cc"},"ip":{"addr":"172.67.70.146","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"esportsdata.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Mar 2026 23:12:08 GMT","end":"Tue, 16 Jun 2026 00:12:03 GMT"},"fingerprint":{"sha1":"92:F5:5A:A8:A5:59:F9:F0:7D:50:68:88:DE:A1:89:49:EE:A1:9B:DB","sha256":"C8:7E:DB:B7:40:4A:27:62:83:FC:97:6D:2D:A5:85:D9:BB:DA:40:15:FA:3B:72:F3:9E:C3:26:3B:42:16:80:C8"}}},"request":{"raw":"GET /202/1/2dc43aced237a30eda64c2e4dff1a090.png?win007=sell HTTP/1.1\r\nHost: img.esportsdata.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 4261\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"ffef9dd4fa2de7b93ba8185ac4688244\"\r\nlast-modified: Wed, 11 Sep 2024 06:47:09 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Origin, Accept-Encoding\r\nx-amz-id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\r\nx-amz-replication-status: COMPLETED\r\nx-amz-request-id: 18A8A926FF7E9873\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncache-control: max-age=2678400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a2wQig4zmmRpBr5CkKQnQ1642qGgPorc3lqZ5a6NWKAUQzRuF38corxuVK%2BckE%2F6xfCWxkefGbSTK9A0a4WGGcGyf4yA6Zdoaxn%2FMevI%2BNLzAYtI6Jj%2FqUh%2FUpWR4kQOIc6Seg%3D%3D\"}]}\r\ncf-ray: 9f0429f87fb1723c-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4261,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"ffef9dd4fa2de7b93ba8185ac4688244","sha1":"cb6b71ea766b22ad0005fb47e7225372f4351d66","sha256":"e1b08953d4cd3e41d4b0bd118dd196c696b5fba6489cab3cb9fd8c9e8eb08587","sha512":"1ca9bd740382c10bb6cb4c6c1de63cee42f278d1c39c504e76236c0206033bca1fdda34e42879a96d57131a7d3c772777fa1b650d3cf0e0d75227b98994bebfe","ssdeep":"96:oDsC2CNc2arnki8DZrctsmB7NruNEUUlgthCExBqSCzjOooQ:yp5NrarnkisZrUPVKEUUlgtoSCz5oQ","tlshash":"ea917db80c6b4695de657f31a1fdd384f0f83a28f6b7d68925a8ac34bdc03462679340","first_seen":"2025-10-10T08:25:33.490951Z","last_seen":"2026-04-22T11:08:21.032586Z","times_seen":29,"resource_available":false,"data":null}},"time_used":980,"timings":{"blocked":-1,"dns":22,"connect":3,"send":0,"wait":899,"receive":6,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"img.esportsdata.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/313ce6202fe14ccaa2e0d127ea31ff9c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/313ce6202fe14ccaa2e0d127ea31ff9c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 181841\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 84731\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"313ce6202fe14ccaa2e0d127ea31ff9c\"; filename*=utf-8''313ce6202fe14ccaa2e0d127ea31ff9c\r\ncontent-md5: lBS80lQ1cEfD/NYCa/+QxQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fn_DOpw7FqVvzd5JI9Z3fU7Mp2w0\"\r\nlast-modified: Wed, 15 Apr 2026 19:28:15 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:6\r\nx-m-reqid: pldoq8zOv\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: PfAAAACgMicXXKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":181841,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 390, 8-bit/color RGBA, non-interlaced","md5":"9414bcd254357047c3fcd6026bff90c5","sha1":"7fc33a9c3b16a56fcdde4923d6777d4ecca76c34","sha256":"284d986baff896d8721e8bdf2ee8879d7fc6b0025571ed8f316d3798f3ccee53","sha512":"61336ba4d9865179d22057b2dec126dbcdd7fbe4c318bef687747642b63b2c247902a73d76523c8d85c9e6ba60ec051d593b3d2cdcfa62359ac900a8a98526d1","ssdeep":"3072:+F2kpVVEbMJiWLsnxt+CYX2T9vHBbtQeGF+VOyOYXph4Gd6NVPB496iYKuMozOO:+XJkAsxtxYMtQeGwQTYXb4/rZ49+KKzx","tlshash":"a604125d9edf2ad753ed7cabe1f0d180e943d017e46136c5538ccae62a633510f05aa4","first_seen":"2025-09-21T04:12:33.901438Z","last_seen":"2026-04-22T11:08:21.033486Z","times_seen":13,"resource_available":false,"data":null}},"time_used":3276,"timings":{"blocked":1047,"dns":0,"connect":0,"send":0,"wait":1297,"receive":932,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/8b6af3fb036a41e2a1529313444bbc05?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/8b6af3fb036a41e2a1529313444bbc05?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 15192\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 38106\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"8b6af3fb036a41e2a1529313444bbc05\"; filename*=utf-8''8b6af3fb036a41e2a1529313444bbc05\r\ncontent-md5: xgbEgiXCrcCzulvNUcWMFg==\r\ncontent-transfer-encoding: binary\r\netag: \"FtHH8EEyhM7cSc1olRmw-kvQFyDh\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:07 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:3\r\nx-m-reqid: gGKtYgHcL\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: DaQAAAB1vs1-hqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15192,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 221, 8-bit/color RGBA, non-interlaced","md5":"c606c48225c2adc0b3ba5bcd51c58c16","sha1":"d1c7f0413284cedc49cd689519b0fa4bd01720e1","sha256":"4a729e6248235e426d81a76ffab923a009267907c8c9d8df10c2c4daea69b0a0","sha512":"3406c8e2fe668ae9ea85b3ccab3dec6603366cc8b5c48039f481430228d8e5664404285d8de75b33a4e1e2cff3fabc2005b7fa66d1006361c8207ce0ba99172f","ssdeep":"384:lmE39xvqYfOB9aogmVSQ6ow1uZzQInm9EtuQ:8ENxvffbog+NwwUImML","tlshash":"9662df2cf70139f487a6289ab20155baaed04abaf8a08df51ca3bcdd4e087123d33540","first_seen":"2023-07-15T11:13:39Z","last_seen":"2026-04-22T11:08:21.034317Z","times_seen":45,"resource_available":false,"data":null}},"time_used":1822,"timings":{"blocked":225,"dns":0,"connect":0,"send":0,"wait":1283,"receive":314,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/theme.config.fc203cc4.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:13.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /theme.config.fc203cc4.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-1a625\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856033=d0MIuMoednbFQ5U8tsCxeez29ETrtdo9Zgyz/QwU/ELHENOwaH+czvd5omOIcaSJiF5HiKpZ+x8XCIwtSwz7FpJdkRycCJuZ8/2d2s65AjozeiH+1ee4YqLZzuDPxZvyR0NW6zs6HTTmmvFnXWvjBA/Z82Vx/Svepv9kX7Bn19UvsqioJTtnDS833D29Gut8\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df686424e9\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108069,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38260)","md5":"e39ced69d69f9688784395377564c248","sha1":"606635fa0c6e2346e8a73f078786c6bd6c52e6d0","sha256":"9160870cf6a7c38e4b1143f917e0f6de3a84e97b1c65640456f05af40344481e","sha512":"916149035ec7a0a71867dd77a38aa3c16f3b352f325e1daf384d4a8db0e27582e8b8118961292a2836821d2ac5d1f5b0b0780df0e739612382e7c9769649be57","ssdeep":"1536:D2JREobnmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qKtlGu1Jnz45Hl","tlshash":"67b3aa7ee20c963a6177a8bfb46ce111d12e9c0cab1d5fdef03d60a25610669c831de9","first_seen":"2026-03-20T12:57:26.635497Z","last_seen":"2026-04-22T11:08:21.035185Z","times_seen":100,"resource_available":true,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/202508/_enc_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:03 GMT\r\netag: \"800055c0ca062917b33030dc93ade763\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y1Oiwr9%2BIUmfIUMeT1WVCfq76p5GTJEHsbllUufLCM5zF%2BjnJtyUT1JKju5FWbM%2B44JPTiv41tTaGJHfM5fWtZLtOInFpOiqySDue22bleCk1G8bHwFtWyZ4v%2By%2FDDXLgwH8t6%2FZMonfeQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec40490df69f36-FRA\r\ncontent-length: 147613\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 213467809933917373\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":147613,"size_decoded":0,"mime_type":"image/png","magic":"data","md5":"800055c0ca062917b33030dc93ade763","sha1":"35285ca19256230c22e355ed6c7f56a1b1f2ab74","sha256":"9fd5965bd7f3b9986c526e1f72afcb8f77035541df36ec3fdae5d95da24b45e4","sha512":"a24f23ebb308be947315dac9afad790186da73bf0e8dcabb1fa9a915f3f025192a0f5ba3b37138c99e35ca44abf182306aa2ce040bdb9261c0868da6fe058887","ssdeep":"3072:WpjsS/+EYEXoMenKagm4TP/DImKbojBuxcpGtBoWrYRMv:RS2tfgm4nI8UxXBrYq","tlshash":"9fe31204f52b98e2cd960db23a354cc149bc5e980b8f39e5e4c3d677644725adae72cc","first_seen":"2026-01-10T05:58:33.880065Z","last_seen":"2026-04-22T11:08:21.036008Z","times_seen":115,"resource_available":false,"data":null}},"time_used":414,"timings":{"blocked":251,"dns":0,"connect":0,"send":0,"wait":94,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/bj2.a8fabbac.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/bj2.a8fabbac.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h112g.xyz/css/home.1774008371298.4fdc0c2d.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-5809c\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 448238\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df71322517\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 641, 8-bit/color RGBA, non-interlaced","md5":"e0fe8ffeed1841f74df53c3b0c1f2db0","sha1":"77bf6dfe664cdc936776654af151f49368479ec3","sha256":"db4d87e8a403e388c54dd5d114b738c82e1d2dbe65b95630fd5782179f0d7d54","sha512":"825bf73262c2b613b6a8a8397f869db6b2cd4118e554689d228503e7a04c4e674d49c5649e4ac8e2423a7b526c0f6621c259566d0e9bb6ebfa0712a7352968fa","ssdeep":"6144:iAHwIFRCiRIygxWS9v34xfZzuwbIYGzl8BPp0eIiOk3Fg7la6RUIs4pU2:rwy0IgxDEfQwbjw8dpmiOiFgpLHFU2","tlshash":"2874238d711d48cc9c9b45003dd82d9e1c55aa2f7aab20b58264fed24d17ddeec0ea3b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:21.036769Z","times_seen":1215,"resource_available":false,"data":null}},"time_used":557,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":557,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: VfdQ1Gb9u5cM9Z5DG6Sjf9nqVo/DVsHcdc32lBHTlLOYe8kgvswISH2dKhbMwGhdbUTAtKwidE65XdRVb4kt2woaWw7x9Vg2OazL2kcW13OZbK+NnndsqBPmzP9ocWVErDqVs8RG1Q1mmQVY+Tf+GtPvS7cR1A3UMiGqEh9Mx8w=\r\ntimestamp: 1776856036032\r\nsign: 71p3731564v61f5s\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:12:16 GMT\r\ncache-control: public, max-age=300, s-maxage=300, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7330252a\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31065,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"ba486e1ed995378682982171f0a23b74","sha1":"edda2ae4161aa0b88d6a4b24bd8995a26f16eed1","sha256":"4a7edc1a34968aaf9d016672647be60df0d21ee73c3ab14e6be9961de61688ec","sha512":"6e91135f3450a01336773c0ba78af80f95ab36d7c81492cf212a19c3fa82a4ff0ed4220d33cc642ca26bb4b1270dbf631d48a60583642da35ff52e03139a6024","ssdeep":"768:OOYNfDUecJ+03R3V2pD8WF+X/ihrYMmfPNcJYw9D/9anq39tbcBGdVBUlN19tW:OOYNfoeM+0E8WF+X6dn+PW9D/XU4iW","tlshash":"e823e0024252e3b0e3a365fd29134ace07019588adeafd50e9b0d5631e5e339b7de9d3","first_seen":"2026-04-22T11:08:21.037574Z","last_seen":"2026-04-22T11:08:21.037574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df75e1253d\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/4a021aa1d38940588c9525c69a554d91?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/4a021aa1d38940588c9525c69a554d91?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 134020\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36420\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"4a021aa1d38940588c9525c69a554d91\"; filename*=utf-8''4a021aa1d38940588c9525c69a554d91\r\ncontent-md5: JuEYvrtIUN8wHtlpRrqQFA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fgt4dTfmgh7x_P2CiuqwqWw3Y02x\"\r\nlast-modified: Mon, 20 Apr 2026 13:32:55 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: dnLDFxP30\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 1BUAAACjWGQHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134020,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"26e118bebb4850df301ed96946ba9014","sha1":"0b787537e6821ef1fcfd828aeab0a96c37634db1","sha256":"0d2f2b27e886fe970b30dc3ef18682604aeaddaccc129c9a4053e519d12cfb2c","sha512":"068b63f23a12beaa4063e50f75937347e52988a325d1df676166f2180b23c0e775290aa213b68af649a5cf89c934fccca3ded9aedc9f7c12a7f98084cadbd23e","ssdeep":"3072:TeyTrsPFEpGsFOp3LLbD7yG/1mri5cAtWTC9Jywk6k6ASfy:fTwpsFOp3LLLtZh1ASfy","tlshash":"0dd312378486d0a9c1f5e33caf06d9d70434192f229e2a6141fbc8efeaa9d444f74b21","first_seen":"2025-03-28T18:20:50.063499Z","last_seen":"2026-04-22T11:08:21.039925Z","times_seen":96,"resource_available":false,"data":null}},"time_used":2298,"timings":{"blocked":218,"dns":0,"connect":0,"send":0,"wait":1259,"receive":821,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/js/35142.1774008371298.3cc050ac.js","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /js/35142.1774008371298.3cc050ac.js HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-523c6\"\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df6feb2500\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":336838,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64888), with no line terminators","md5":"6dc1a689b76ff5bad0646d54ec0a9c05","sha1":"797feeaf7f90219f3165ca0d0470cda8c3af210e","sha256":"5d8368dbdb82a8a24ee7b3c6b027e9b375b9241ac1eebbb7ad071055e08a590f","sha512":"cc14c86a64ed978529316706abe98ca1c2c882b0d05d18c146037cf1440dac24d5e9103c368726bcd9945099308ddac934040c12bc8e70a41427edfa32ed8f1f","ssdeep":"6144:2jhhkpltqniyveBHlBfb04ae7Ancbt8ZijKfILToSlthWe/futUDvaRtZYD5jMDq:2jhhkplwniyv0HlBfb04aaAncbt8Zijn","tlshash":"19643c84b690b17883af86fb721a9195d24e0e9460ccace4f33d6e40bf15746b8775ec","first_seen":"2026-03-20T12:57:26.765153Z","last_seen":"2026-04-22T11:08:21.040798Z","times_seen":99,"resource_available":true,"data":null}},"time_used":604,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":604,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/img/partner.dca3fc6e.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:15.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /img/partner.dca3fc6e.png HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:15 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 20 Mar 2026 12:11:10 GMT\r\netag: W/\"69bd395e-7129\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856035=Fz0JVnE+JlB6vAMRSGSHi5v4YLsmCHZW4tXEm4HN4vPf8+1XKpPSFFOdkWtUx5zULK3VAobI+fg8CUonwYDEl0VVi3azkKIP0dVfdmy2BR1x6wQmS3zeq3b1W1MoiR19s+zdr6BW7xo9J+ZDyVUA6VJCkx74896KWPSkq9o4BiPRRbysOYHTkCW5RAjtw1ki\r\nage: 454121\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7132251e\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 151, 8-bit/color RGBA, non-interlaced","md5":"7374b72d05130af2d77119eb0eb4ba10","sha1":"5b3e5e621329685de250121b2fd9c798f46f7d65","sha256":"059a622a7f1f0f1f239d624f19b0f5531c0f0aedadb8ccd40d2570a76dd56752","sha512":"c2d0f744838a882c8ac15de6bb0bfbeb3dd2f31550cc7a259b9890ea38eddf835902171c1346ed7e1d2005ba18b929d598002d60b7355df72073d955521b18b0","ssdeep":"768:tAAoY1X4ITISUWhiqmMiuCaUENwHoacq8zqWx6:abaX4SIYIdMMow8zqi6","tlshash":"a2d2e0ecdc3058f1f533894dc979813a6f3886ba05e359817a36f92bddc3e8506491e6","first_seen":"2025-08-29T11:05:53.287538Z","last_seen":"2026-04-22T11:08:21.041575Z","times_seen":1200,"resource_available":false,"data":null}},"time_used":713,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":713,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://h112g.xyz\r\nXign: UsIbZBaR857iXI83DWuzE5ajM0yvDTxnLHpTQD0f817VQm6tzAf6Zb+MwacGtQep4TATZh+DlqbFPZS0AUZ8SXQwiwXRPvL2/0/z+gjTB3vxeM8BYfHPhZKaLl30YbvaHoVHlHsCHwKPtd+onJEC33hsRSEQ2GtJuP+TqaAbeC0=\r\ntimestamp: 1776856036032\r\nsign: 4u6ur2616b1p5b5v\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: 8BNbQfp8YayciXWAYemxaeMFD5iGH2S6\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: application/json\r\nexpires: Wed, 22 Apr 2026 11:17:16 GMT\r\ncache-control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nx-xss-protection: 1; mode=block\r\npragma: public\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=63072000; includeSubdomains; preload\r\naccess-control-allow-origin: *\r\nx-custom-check: true, true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df7333252b\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1762,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"09eb386f9fb1678bbfb2be6d4ec37496","sha1":"87c11d0616823f057b1484041d6f5d4c39bdc60b","sha256":"a92ec1e6cd2dc211a00c8edce13f78e84f0092a6d5ff53ab10f71db5f88a643e","sha512":"e612d1768c250cc05874c1c67d0fd9b1cf7d5ffd51876d6bb270454c7360fef2771ca87f2deef65ac0b92d0abb4b3a6505a88353171c6a66b75a225fab172185","ssdeep":"","tlshash":"24513b40774ea3caf04088d955e4969c67f18789d4cb9f68ce744d5318af04c266f91c","first_seen":"2026-04-19T23:11:58.584794Z","last_seen":"2026-04-22T11:08:21.042398Z","times_seen":5,"resource_available":false,"data":null}},"time_used":527,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":527,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt-img-cn.jcjyftf.com/gpmaster/_enc_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png","fqdn":"rtt-img-cn.jcjyftf.com","domain":"jcjyftf.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt-img-cn.jcjyftf.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 19 Apr 2026 00:00:00 GMT","end":"Fri, 17 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:50:AB:8C:E4:4E:F7:44:E0:EA:9B:D6:41:3B:38:FC:AC:E4:ED:59","sha256":"54:AF:FC:82:6A:E1:9B:D6:B2:E3:A7:5E:B9:B9:81:81:B8:7E:05:F8:BC:61:9D:90:7D:28:58:C4:CC:A1:77:3B"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png HTTP/1.1\r\nHost: rtt-img-cn.jcjyftf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nOrigin: https://h112g.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:07:48 GMT\r\netag: \"e2d00e57be570c53a1c3fabdfa16c6d0\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F7hBD%2F2aKeJe7u703%2B8S2y4SvJX%2BmfigKgO6rkczV9sC0va6d5j7eZTC9ss86Tiftc99T6HNj7rqXbthuKp7domDLaqlbn8mav03fpeOt%2Fodp3CbIrpxP%2FXd7SBiHeDUdOVZWLNl72pDGA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9eec4048aaf3dbb7-FRA\r\ncontent-length: 10174\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Wed, 22 Apr 2026 11:07:17 GMT\r\nage: 250744\r\neo-log-uuid: 14520673230885565609\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10174,"size_decoded":0,"mime_type":"image/webp","magic":"data","md5":"e2d00e57be570c53a1c3fabdfa16c6d0","sha1":"1cf69415a160d77ac7e235e7c28f561dafd544c6","sha256":"ab9581ceaedd366b53203807b50ad13a4ac048221e4525bf20eb26f775337b5e","sha512":"7e82d1fcf324a1c9303f346b3a25805ac953611e0fb74fce24a7ab128c0c7a8dc28566c4bf071425a0ed747184eb7f25d7d44c7b2cd43d1464199bf649bb3784","ssdeep":"192:i8jXYXj6SZFy5siAvpSdg/2OwNHKThGZ0G9g1/5gqWLbG0X6YqIsyT:/XbMFy5siMSdNQh3oSe6Ye","tlshash":"fa22afa5b4fe2fa1484df5f1f78bd64151aa6d7432ba835d69f98672140c29888303f2","first_seen":"2026-01-10T05:58:33.822678Z","last_seen":"2026-04-22T11:08:21.043177Z","times_seen":116,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":332,"dns":0,"connect":0,"send":0,"wait":31,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2Fgpmaster%2F_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7a9b25c1\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2952,"timings":{"blocked":-1,"dns":0,"connect":0,"send":874,"wait":1026,"receive":1052,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/0be85d794e594043af1d391403b131e6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:17.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/0be85d794e594043af1d391403b131e6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 58488\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 56224\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"0be85d794e594043af1d391403b131e6\"; filename*=utf-8''0be85d794e594043af1d391403b131e6\r\ncontent-md5: 83jrHqBOU5mbiQUaoyRN5g==\r\ncontent-transfer-encoding: binary\r\netag: \"FmijecFtsxscEDUokd5bPf5Y5kj0\"\r\nlast-modified: Thu, 16 Apr 2026 19:30:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3:9\r\nx-m-reqid: aBGHrxyRl\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 5gkAAAAnFGoEdqgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58488,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f378eb1ea04e53999b89051aa3244de6","sha1":"68a379c16db31b1c10352891de5b3dfe58e648f4","sha256":"6d97cb2ffb41686581fb8278013726d9816440ad2d139f4f5ed7e4e59edf9d6b","sha512":"7719bedbdd9985f02c4a3a06631a7b2f236438de4b11f3ba20f5b72d2374b67141cc1205f881670a0227cb198c4eb450ccef7bb35640b70d21bc1b03a55993ce","ssdeep":"768:Ij5XxD36zb/IbbaLFUHwVcXli6hrF/Fi3y3GfmCOxY88xlkZLN4n08p9HNDUvqi7:IF0AOLFuwVQi6/EhfmelkXcHGK4X","tlshash":"e24302016cd64d8822525756dca833cb959beadd3c885e87d30335a5b0abfe5f8433d4","first_seen":"2025-01-07T09:47:10.013981Z","last_seen":"2026-04-22T11:08:21.044148Z","times_seen":348,"resource_available":false,"data":null}},"time_used":3046,"timings":{"blocked":942,"dns":0,"connect":0,"send":0,"wait":1274,"receive":830,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/noData/cms_noimg.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/noData/cms_noimg.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-269a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856038=6b4o/KW/4CiaPY9SUr3U8L6jGlHPgkRB2jaYkQg8xHNJm6Te7gYwhg/L81IBTgd1EXd6cBc+fybC8HSFb9xneQ9xraUialSqoZdTnDME+i3+IshP/ukH/F/yAnwe42Ha14kC+k+fbMCUG+ak5mHmkiqZNiQfSfFhXDUfdjhjnNO6RztbeI9E7Jxq3ZSo0X+N\r\nage: 454123\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55e19db4df7b9e25d4\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9882,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 700, 8-bit/color RGBA, non-interlaced","md5":"85e60fd8767b18839ffb552a5d543f8a","sha1":"341cfd68a5b39cb246af6ade1e3171c857d2df5a","sha256":"4b7ad68306ffac25830d1016ba86154890deef8bd77a03257b767b37de1c8338","sha512":"785f028aab80d3f96794431f84025483f490d7d642022404a7b14ccb4785aa52fe4a21048d44acda3bd160eedeaccfb4959a677986dfe47ef038d80724f2acb2","ssdeep":"96:74iGykVWI7TGvGJUgTFSebsBzYofEC16+TqBK7R7LWKaR8a8D7uZNgAMXFL73:74iyHunEFSebsvP1nTP7IF2uAAMX5","tlshash":"141259118573d43cd82ce57926df6fb93b709f996890476e8328e7342f2a2f78d60848","first_seen":"2023-05-01T09:33:58Z","last_seen":"2026-04-22T11:08:21.045352Z","times_seen":2090,"resource_available":false,"data":null}},"time_used":973,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":973,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/kc523-1/download/download_nav.png?1774008313834","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /kc523-1/download/download_nav.png?1774008313834 HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Sep 2025 12:19:27 GMT\r\netag: W/\"68dbcacf-2c05a\"\r\ncache-control: public, max-age=2592000, immutable\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nage: 448239\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df74812532\r\nx-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 820 x 600, 8-bit colormap, non-interlaced","md5":"87eaffe415a7eb41b7b4b8a868bb3b32","sha1":"575618003efbf8dc8ea781379aeff463cd0cc498","sha256":"4264138e0c015e52e3efa14e34ce9c52490316935b4667756ea631b96eca64dd","sha512":"2b06fbacffed6de2fb1d4a6db2cbd0d9c5c790f9b5a10a6dceac64ff69d300f20628c465a720102da9bd857c80be886ab0a37848929741d2bdef6eddbe0de8bf","ssdeep":"3072:iWlCRQlVF5aSW/mUdJSu3405ovKFzkRKcZjF9Km/mKg/hPFsQBhXRU0K:iWM2I405oCRncZHL/mKWBhXRU0K","tlshash":"0f0412cc23773ffbf8a0865a83fbc1599c3bfd0824e56722ea1662b5186053145a59cb","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-04-22T11:08:21.046269Z","times_seen":1165,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h112g.xyz/home#https%3A%2F%2Frtt-img-cn.jcjyftf.com%2F202503%2F_enc_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png","fqdn":"h112g.xyz","domain":"h112g.xyz","tld":"xyz"},"ip":{"addr":"154.39.104.128","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:16.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"b260f.xyz","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 15 Apr 2026 06:26:57 GMT","end":"Tue, 14 Jul 2026 06:26:56 GMT"},"fingerprint":{"sha1":"BE:16:F4:2F:68:FB:F1:93:A5:BE:89:7E:F2:51:2F:56:8A:25:85:13","sha256":"15:9F:EA:E2:E6:6B:39:CF:C5:B5:D5:57:41:1D:CC:2E:CF:4A:FE:27:0E:B6:DB:D2:7C:9B:D4:45:18:6B:95:59"}}},"request":{"raw":"GET /home HTTP/1.1\r\nHost: h112g.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Apr 2026 11:07:16 GMT\r\ncontent-type: text/html\r\ncache-control: public, s-maxage=600, max-age=0\r\naccess-control-allow-origin: *\r\nx-custom-check: true\r\ncontent-encoding: gzip\r\nserver: Nginx\r\nl-safe: 1776856036=TygcwMve+dP8Do6ldcIiBxcHnOnMVtswC1NmYZiIbaqbSvu4cRm01hoto4ijLSox9KWV/ivykf0pp4YAa5pm1GMGByIffpKZUydqGgwv9sao0Yi3F2/URTfLoFxxwUHHqL2EeYgkjjHmOqJJRpRAZVhRVhH3eK06rtC5o8qw9WHaRMj9TIRg0jXXLVHdi7qZ\r\nl-via: l1=4iaGgjza0Vwox8nX\r\nl-version: 1776237928\r\nl-request-id: d55d19db4df76202549\r\nx-cache-status: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24206,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"3b21c427b48b1144614d8840de1420cb","sha1":"49d4c88e8706eb72721b5e0621145231e11de963","sha256":"93228ed7ea32fdaafb6bae5b8db8f6d99135ac4fc0ccac24c3acb913c3770f8a","sha512":"921059f2629f854c4483c117744cc6be6b27f2baf81eaac0ffd9a530297e94e4eda0c6850938d21eef294d7a3220fca99fa96ebfb46223d87f59ed72ad58de1f","ssdeep":"384:43ERrxqNBPJQ5F82VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:5RVqrJUF8iNYiKop/E6wkpcu2llz","tlshash":"70b2295a9df309662523303a2f7fb2087ab1c0134309ed403e4de7594f959aa46e7bd6","first_seen":"2026-03-20T12:57:26.634528Z","last_seen":"2026-04-22T11:08:20.819863Z","times_seen":100,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"h112g.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"h112g.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/3f39eedfec134c09aac9e621b1aabf9a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.241","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h112g.xyz/","date":"2026-04-22T11:07:18.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/3f39eedfec134c09aac9e621b1aabf9a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h112g.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Apr 2026 11:07:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 20865\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 36421\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"3f39eedfec134c09aac9e621b1aabf9a\"; filename*=utf-8''3f39eedfec134c09aac9e621b1aabf9a\r\ncontent-md5: qAxXPznIcLOTvFsXcXW14g==\r\ncontent-transfer-encoding: binary\r\netag: \"FgHbhISBeguR0qovlwTrvmptPkqO\"\r\nlast-modified: Thu, 16 Apr 2026 19:31:13 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: bjs2vpREH\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: -ckAAAD_mEoHiKgY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":20865,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 261 x 261, 8-bit/color RGBA, non-interlaced","md5":"a80c573f39c870b393bc5b177175b5e2","sha1":"01db8484817a0b91d2aa2f9704ebbe6a6d3e4a8e","sha256":"da1bc954f1050812e2fa9ae2595848bc25e7e12cfb5bde2301564a11cc38026b","sha512":"d03e51ae6c17a5695db2a61d042ffaf7f84cbe6dd143fa918c279013c04c1e8826acc13e6d1a014ae97a9a1e6d013d478e28305a03c6199f03adecc93d045554","ssdeep":"384:ctP98PNmLTmuzc+aVzbxisMMq/ppu+O6XtOp8499MgGEKt:cy2m/bxsMqa+O4Mp8KCb","tlshash":"0d92d1136fecc9961c1310d669a30c60bdae968cf438bd375d4b4ba661315d263d0d0f","first_seen":"2023-08-31T00:31:19Z","last_seen":"2026-04-22T11:08:21.047158Z","times_seen":126,"resource_available":false,"data":null}},"time_used":1564,"timings":{"blocked":223,"dns":0,"connect":0,"send":0,"wait":1263,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}