{"report_id":"8e9ee0e9-1d7b-464e-90d6-d74b8ffefefd","version":6,"status":"done","tags":[],"date":"2025-12-05T17:16:39Z","url":{"schema":"http","addr":"www.yy447.cc/","fqdn":"www.yy447.cc","domain":"yy447.cc","tld":"cc"},"ip":{"addr":"104.21.59.88","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"title":"小黄鸭导航 - 小黄鸭网址导航 -百度电影网址导航","dom":{"size":2058,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"08d24981a289138861778a15c43723a0","sha1":"783fc72e879f78af2ef86dc16bd5e96d4271ef80","sha256":"0c47addedd6368625e066fa509a899f2016a7c4cfc67a7c2d2f71d7544c4e913","sha512":"807b88719a672eeca3acfc7b33f6fc3aa53014c2acf9ac31f1a47450f4c7ffd16da6ee29e55c50cb6ff946b21d9c5feff65e6bf2e208e278a67c02e5ecf5d0ad","ssdeep":"","tlshash":"58410333c6f02809d2aad1609c70579d561746476f660998f7ed3912bfccea390270ee","dom_hash":"domhash1432f389e776afe107448bfb6f18306b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.yy447.cc/","fqdn":"www.yy447.cc","domain":"yy447.cc","tld":"cc"},"ip":{"addr":"104.21.59.88","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-09T17:16:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"www.siiuerz4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"m1.cffpng.com","ip":{"addr":"172.67.149.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-23","domain_rank":6560888,"first_seen":"2025-07-24T04:18:42.68678Z","last_seen":"2025-11-28T03:40:22.453073Z","alert_count":0,"request_count":2,"received_data":379257,"sent_data":910,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"azgu.cc","ip":{"addr":"104.218.235.79","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"domain_registered":"2025-02-22","domain_rank":0,"first_seen":"2025-03-21T01:57:13.897569Z","last_seen":"2025-12-01T12:33:29.396807Z","alert_count":0,"request_count":1,"received_data":166,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cffimg.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-04","domain_rank":1025273,"first_seen":"2025-06-04T14:27:21.57692Z","last_seen":"2025-11-19T06:56:10.114969Z","alert_count":0,"request_count":1,"received_data":96212,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.yy447.cc","ip":{"addr":"172.67.220.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":183068,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.siiuerz4.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-17","domain_rank":0,"first_seen":"2025-10-04T12:53:03.152634Z","last_seen":"2025-11-25T10:48:40.881333Z","alert_count":1,"request_count":1,"received_data":488974,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"img.mresou.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-04-12","domain_rank":4701765,"first_seen":"2022-06-04T02:54:19Z","last_seen":"2025-11-30T14:26:17.885952Z","alert_count":0,"request_count":1,"received_data":23909,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"s14.gifyu.com","ip":{"addr":"142.132.219.49","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2014-06-29","domain_rank":899108,"first_seen":"2025-05-16T13:53:59.163857Z","last_seen":"2025-11-30T10:09:46.231916Z","alert_count":0,"request_count":1,"received_data":247058,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"m1.cffjpg.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-18","domain_rank":0,"first_seen":"2025-10-20T03:38:36.81002Z","last_seen":"2025-11-30T13:41:50.406778Z","alert_count":0,"request_count":1,"received_data":516919,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"146.103.81.70","ip":{"addr":"146.103.81.70","port":5002,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":476395,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"static.wixstatic.com","ip":{"addr":"3.167.2.39","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2013-04-10","domain_rank":40290,"first_seen":"2013-06-07T16:55:33Z","last_seen":"2025-11-30T23:49:48.60671Z","alert_count":0,"request_count":1,"received_data":161001,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"kyrpnwve.xhydh204.top","ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":44,"request_count":44,"received_data":5551105,"sent_data":25426,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"b693b6dcb5809fb00bf69fc723b1f349","sha1":"ef69246fc20887626fa9dac0b67a51dda5b57193","sha256":"97f337430a62ca8a94f165b3df0961d9003a544ca0458329456858082b86e1dc","sha512":"503af6c25194d35db1686cc18bf41f7330eeba626ccc443adf954325098ce9075c8511ace706b1b731ab1480d64d3cc7add067587d839003181e581c6ee70c96","ssdeep":"","tlshash":"9601c0b71a327560e49231636747324c3c11f0837264e6a6778cc25d4fe0fa0a14778d","size":732,"data":"","first_seen":"2025-06-30T08:20:50.311054Z","last_seen":"2026-03-15T22:09:34.366826Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/hao.js.%E4%B8%8B%E8%BD%BD","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3bdcd3f58fd80319e529a322df269efa","sha1":"428cf059eaba1f5d0067a36cd29ae207a3a4294a","sha256":"29878d69fb72cbfbbb685171df5abd141eafa1ea3701a1780bed30e78d04880d","sha512":"23e312b14bb2648035cda4760b53d89948e928b4c4afc84d6eef9cdbb50d577a9f3a20db0177cf0fa4bb600a8e43a1eff2f23a411ff237e9af03dd2c38ac98de","ssdeep":"3072:t4J+R3jL5TCOauTwD6FdnCVQNea98HrbZyE:9RzEOQ0+iea98HrNT","tlshash":"ffb3f7c9b6d2705286b730b851bf410bf17a98abb4088960f4acc8e47f74e59517bf6c","size":114933,"data":"","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-25T08:00:30.301669Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dfbba5a29cb0d11afb47df28928fff24","sha1":"9698620dfc4d91cd65c05bcbe14f91cc3ff6909b","sha256":"0323fb2df4bbf5e66ffaa9996f909fa3aeef33abf975c71e25d26e34aaf0d90e","sha512":"ebc80bae5386ff74b2a6882f02306e63542e58f9d622ea7de49f2f228417cb0c403d5fdbad7b0b95a1c550b28362b54d4c41208a04ae248d574092591ba69d15","ssdeep":"","tlshash":"c0e0ab2998e70a384cf63a441038ca3934f838a4aab3d057525cc82cce39fc50c10aec","size":424,"data":"","first_seen":"2023-03-08T20:11:10Z","last_seen":"2025-12-21T08:54:05.988986Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"a00ed13bcafb81e59379074fcaaaedfa","sha1":"56ce7a40dec804c7dad729adba2c4dd5689f56ff","sha256":"6b787279fb4c89b00ece56e87f13cce68011b090d8f78de3fa92af57d342aeb6","sha512":"a29ff3890fcadd6c713f7f15d41f70fe302f2c9eba49583ce17999a1aec091265026f4f64d2be918e4ab93a61df384eee8c069d22c0e52bf61e611ada9a6e656","ssdeep":"","tlshash":"3f7000a28b0228008820302a88c02200a2020080a00800200288008c0208030308020c","size":20,"data":"","first_seen":"2025-06-30T08:20:50.313532Z","last_seen":"2026-03-15T22:09:34.365829Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/dongtai.js","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"85d32478823de8493b0274ff440bfe9a","sha1":"659c387aed9276c3e3eddfa7006c3007309edcf7","sha256":"c1f2baad8d4e464dcbdc7250c297000e0986a84fa401e6f798799fa3c9287a4b","sha512":"7e6a0018896b5d8c5b3f81cbbd9f2be193a194b2e08e6da12b8f171438ad033a7381016c8477aaf5297e40613a7dff60e5f3a3d825138edda0c1ed52fcc376ee","ssdeep":"","tlshash":"bb511f2871a4107546b657ba9bc35404f466b0b73913c89cfe0c95109fb2f54faeafc6","size":2677,"data":"","first_seen":"2025-12-05T17:16:50.659275Z","last_seen":"2025-12-21T08:54:05.969702Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T11:47:50.904159Z","times_seen":292023,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0581f16a1bd19f454711e648400b8365","sha1":"b84a0317919aa466b5f04c9f28dff88bf5717d80","sha256":"2699dc23bf6f6111ed580ddf10fdeddf00974addbc855c53f134648fd7d74e07","sha512":"f661d13f0fd712e29b7d3e45c37c6802c6d96f049f202f15c92bf9a285bf95cec2d41996d39ef7572007305769f6bd6eda123153b70a71b8e803d8dd6edee70d","ssdeep":"","tlshash":"c9e02b2998e706384cf67a441079da7934f878a4aaa3d05b525cc86dcd39fd54c14aec","size":424,"data":"","first_seen":"2024-12-14T05:48:44.868584Z","last_seen":"2025-12-21T08:54:05.990104Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/hdcm-ad-88.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/hdcm-ad-88.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 3829\r\nlast-modified: Tue, 14 Oct 2025 04:00:18 GMT\r\netag: \"68edcad2-ef5\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ahx541KufppSufOhfOG%2Bkk94UvxH6gbigFkplBswqYf9vCLwrCMNJNc00dsmcZB%2FuSBN3BGs2ZkzRqk0rCmhcxT%2FwVx6y2sbQx07I85PE5l55LM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd8aaa56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3829,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 88 x 88","md5":"90b50834ed3be29c7055cf1d8606109e","sha1":"e80a5fb33bbd39cb7431cd1e89c536951095fd3a","sha256":"ba13312c3ba9ce3c8e53b183f5d05cb37ffca80bce8bc051597d3bdec76aade4","sha512":"cab6ed1cb0769d68e1ec92414c9bddf7fa27931ef6ca61e211c174780cb963fc6bc145e60738f3c974a2e7adc68404f41c14910e7d4baa46b4a676dae68ecfd7","ssdeep":"","tlshash":"b1812c38e9982c60dd045f351ad614aa6d83e5008e9465b726e5dc2dc91c0b753f94c3","first_seen":"2025-10-17T04:36:07.612641Z","last_seen":"2025-12-21T08:54:05.967561Z","times_seen":6,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":478,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/20250604_190338094_MQq.gif","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"172.67.149.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 14:34:35 GMT","end":"Mon, 16 Feb 2026 15:34:20 GMT"},"fingerprint":{"sha1":"DB:1A:63:A0:2A:CB:33:B5:23:76:99:54:2D:47:3C:62:23:EC:44:B9","sha256":"BB:38:C6:37:62:EA:B0:8D:BA:2F:B0:EB:AE:A2:C8:CC:F6:86:0B:C0:BD:1F:FA:D1:9E:41:75:E0:AC:D0:92:FE"}}},"request":{"raw":"GET /20250604_190338094_MQq.gif HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 330728\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yIaLtgl5wdPNbXiAGkEHWJkWLaRIzkn6lmuTfgWGl4HBzy29tEEzHZ7w5acN%2FFsTCtu48OsjAhjyHe9Df%2FL9aBDYVOTvynYzjVIWCZI%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"f5d6b91b7657de6a60a1ed58c9a4bac0\"\r\nlast-modified: Wed, 04 Jun 2025 11:03:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-ray: 9a9530be0829c759-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":330728,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"f5d6b91b7657de6a60a1ed58c9a4bac0","sha1":"7e2aab406534c95954afe5a50df4cef17436010b","sha256":"2c1b1d4c0f2f837a63a8b81670780d0f9a4f8f7c9f0ef189641388a2a916e7ec","sha512":"8006fa882a058ed01debd68466cf3a85da3c31fa25c563713e4b81a62449ebe167eb71712af6f0065616a7030e0a1c3ba75a1c79712c81e5e72f7041603fa69f","ssdeep":"6144:wHkK3eOTehELXk68EaEc+CO5ueH+vk9oiqoIXdmquDB7O7fZn7pNEigK:wHkKunyU688bCONfWiqel7m7pNEDK","tlshash":"ce64235edb285072f1540eb5172e3f3443f096b0faa8778b2d9f759b7491a2c2b8d290","first_seen":"2024-07-02T11:31:41Z","last_seen":"2026-01-06T03:16:05.718412Z","times_seen":371,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":4,"connect":7,"send":0,"wait":275,"receive":11,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/021.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/021.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 134385\r\nlast-modified: Thu, 20 Oct 2022 07:41:30 GMT\r\netag: \"6350fbaa-20cf1\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fgC3DBnv1jvR53g8PH7o3oXh8Mw8FjucB9K7mw945iVXimMHS6aFF1xWWLyigRdTWb%2BAJoNZ3PgzpoelLB6nU23Y%2B3h8AoBkhTP2uKS7lH9OKDQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac456b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":134385,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 80 x 80","md5":"eb4495650d623a5eb6b47942ca1b06b7","sha1":"474bdedaf9fc0a882ab1ed73a39e27c5c08337b0","sha256":"6e3b9550b3433a9176149866aae272d3783583aee10b5a87ade53c08fd0dc311","sha512":"48c9ba38cb1bf6a386cc9567d9b68a8181bbf1f7af951d315bfd1d73cc461951fcf8439fedace2af85acdccc96285a9a475d288593a48b4c05c41609e596eb79","ssdeep":"3072:iSnfC0lPdXaHhbI3x7na05KInDRgw9PowQZ3E23qPdgcVUM:npllqBU3x7Xtj9AwQZDc","tlshash":"a8d312b531dc3acdc5ed18a41f927c1a723e1142828de84889bed932b0b29b94dac15f","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-31T13:11:01.026189Z","times_seen":19,"resource_available":false,"data":null}},"time_used":962,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":471,"receive":491,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/hengfuwenzi/tu/960xin80.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/hengfuwenzi/guanggao.html","date":"2025-12-05T17:16:17.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /hengfuwenzi/tu/960xin80.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/hengfuwenzi/guanggao.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:18 GMT\r\ncontent-type: image/gif\r\ncontent-length: 815421\r\nlast-modified: Thu, 12 Jun 2025 07:39:11 GMT\r\netag: \"684a841f-c713d\"\r\nexpires: Sun, 04 Jan 2026 17:16:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XEQSGpVeGQiGlrTWIBnMsSiIupYfkG2Wx3JlhWL2HrunQ2l5uWPkC7Saj8xMpkivm6zZudDOdQvKYyAAF9KIYgnzQYYQwC%2F0X15jjGFBCu%2F94ks%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530c44afe56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":815421,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 800 x 67","md5":"6a6ee729e00eacd752012033341e2fed","sha1":"ef1cf69b46b882c2c8ccd19cede13190c774d1b0","sha256":"2e3a0a7915ef1c5e34432e8781dcf74d9e6296b7aa01643288043b9ebafcbdda","sha512":"2fe1722f1d94af499fedb0b55c5e15b7a56488208e1b40582acc0ccf1a758081a24b7bf0ee0daeca61637b6a8397af7a679108814a0fe786de8502b8486400d6","ssdeep":"12288:ew8NnhxzfpQnZmFR1LUtmAxWbIUPOHEjBwhZCf6wpIZuGA/onHVr6BmwrjfORy9W:/WXfNFRetmr8UPeE1oZCf6XZqAPwnWwW","tlshash":"400523074098cb98726a797f327bdf751e7a1b344aa590621cbdfbac0e360dcd6a5103","first_seen":"2024-09-19T22:00:15.950745Z","last_seen":"2025-12-21T08:59:15.944829Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1006,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":790,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/styles.css","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/styles.css HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 04 Dec 2019 12:20:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5de7a4ab-764a\"\r\nexpires: Sat, 06 Dec 2025 05:16:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gljL9%2B0HP%2FEHKzyfJuPJrUnHt85S5j8x3LxfhZomhdgIY1lykwFzqsUF3zoMF%2FryfjwqDgA%2Fi0PcNcuwEd7IIKTDP%2FN9m%2Fd3GXDAApx9syM6Y7o%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a9530bd6a9f56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30282,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30282), with no line terminators","md5":"90903c8ac5d36fcfd63d5a4f63927639","sha1":"00c2892e805ba3fde75c9eb06f6429063e2e519f","sha256":"e9b4ac92177f65548b6ccec434c66ad208a6cea98c0ecee6a6e4d16d3258d5ea","sha512":"7410bc2b4268a8985d386d1f1aa573287171991ad4bc4822e326e98eb6224c66718ce69a9fa55f0649d191dcf816664fe8cf0abc1c3782f7791e64146b2f6f60","ssdeep":"384:3M5Z+i3ngeAMRE+006mlnH8RVPMVRrxq1i9WfFabDC00sqEys:F06mlnH8RVCLqgzDys","tlshash":"71d286a09615151e712b8532f0d2aa8a3224514bf7776ff6fa34393acdda2c21173f87","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.969179Z","times_seen":7,"resource_available":false,"data":null}},"time_used":487,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":487,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"azgu.cc/umit7.gif","fqdn":"azgu.cc","domain":"azgu.cc","tld":"cc"},"ip":{"addr":"104.218.235.79","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"azgu.cc","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 15:21:36 GMT","end":"Tue, 06 Jan 2026 15:21:35 GMT"},"fingerprint":{"sha1":"FC:D7:02:5A:9A:DE:9F:89:F4:04:13:98:A2:85:17:F9:CF:EE:46:D4","sha256":"E0:18:26:CB:BF:82:43:AE:59:F8:95:A6:75:1A:93:7A:6F:4E:BB:BD:46:5D:F1:D7:81:76:DF:25:B5:15:30:88"}}},"request":{"raw":"GET /umit7.gif HTTP/1.1\r\nHost: azgu.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\nstrict-transport-security: max-age=31536000\r\ndate: Fri, 05 Dec 2025 17:16:18 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":2550,"timings":{"blocked":1153,"dns":797,"connect":191,"send":0,"wait":187,"receive":20,"ssl":197},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/1.webp","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/1.webp HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/webp\r\ncontent-length: 82934\r\nlast-modified: Wed, 08 Jan 2025 06:17:36 GMT\r\netag: \"677e1880-143f6\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pXatdajDui4ay0h2nlFTKA%2FOoWns4RxDk8JVhJgbHroCX9o9KXlNP03YVI587fmtaSzWjlJdxUUqU804GUZbFkQYy8eR6hLfIncXQ4fHdESaApY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab456b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":82934,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"52cccb782ea6e7bb783bd673f7ab7d75","sha1":"2ea862817cd3c2ed2adfdcf4cdd960a75af6954e","sha256":"df3e68afb49ab86ea405ad9aec36638a3ebc27316c1c467e770bfdf0857c03bf","sha512":"60bc35af889ef32cf2d56342dcde839c247e0798b3bdbb3da8451a8ba5ac5fe3d763ad4957e463f19ed89906f67912d1991e4f751cc6a5adc6b6638c2bf7fbc1","ssdeep":"1536:C0hOpTxEyIPoPlWfJAok7tyi5tve6wXsAV6OC551DmUVSN9YudYIrkupgKvjEQ7B:epDIPilGJAoOyWhXq6hBKdYIL9IuFX","tlshash":"978312e6d65263b2d3dd8173c7508a8d4f028311f5f8a7e49d74dbb6f7a1a60406c192","first_seen":"2025-09-21T04:53:02.737143Z","last_seen":"2025-12-21T08:54:05.975608Z","times_seen":5,"resource_available":false,"data":null}},"time_used":965,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":533,"receive":432,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s14.gifyu.com/images/bx5In.gif","fqdn":"s14.gifyu.com","domain":"gifyu.com","tld":"com"},"ip":{"addr":"142.132.219.49","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gifyu.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 09 Nov 2025 15:20:42 GMT","end":"Sat, 07 Feb 2026 15:20:41 GMT"},"fingerprint":{"sha1":"E7:5C:E3:5A:57:37:54:31:27:B8:9F:3D:35:FF:A8:5A:26:84:41:C9","sha256":"87:4B:37:3B:35:0D:CF:6F:E9:30:36:39:5B:7B:E7:0E:02:23:DB:F7:61:D3:AC:73:86:09:5D:D6:B9:68:E4:C6"}}},"request":{"raw":"GET /images/bx5In.gif HTTP/1.1\r\nHost: s14.gifyu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 246713\r\nlast-modified: Wed, 11 Jun 2025 15:15:39 GMT\r\netag: \"68499d9b-3c3b9\"\r\nexpires: Mon, 08 Dec 2025 17:16:17 GMT\r\ncache-control: max-age=259200, public, immutable, max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":246713,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 400 x 400","md5":"f7a0ff3e87905c81e15e790462b178fa","sha1":"8a3ddf90529a73cfe09086fc4f38ba2b25ed5730","sha256":"40cda6a840f73f1d2447942d726105be9f7c9217393c759b810dae8845ee97b8","sha512":"a56cf5a24f448383456b524ed14143fc90488e7188a20fc40266c3a07584ee2cdb4ca77a822f1e32a3f17841a184dadc3780be8916bc0c3062889dcc6d652ec4","ssdeep":"6144:HDfrZ4gxLEpaMt/w/lpqNOvH9tPgfdHZCXlhrRIj:H/ZPLEJK/KNIto3q/ti","tlshash":"ba3412525248d70ae9ea352b3f619222f9d618f11f1dbb05d86be1290c1d8f8f8de5c3","first_seen":"2025-10-19T18:38:08.210902Z","last_seen":"2025-12-21T08:54:05.952068Z","times_seen":5,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":37,"connect":38,"send":0,"wait":51,"receive":93,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/font/fontello.woff2?49345754","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:17.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/font/fontello.woff2?49345754 HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/fontello.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 4248\r\nlast-modified: Thu, 05 Dec 2019 06:28:24 GMT\r\netag: \"5de8a388-1098\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DXi5g2O4k09kxme9Iszj3KUV02yYUQSqHMjRDXsAS%2BOXYs7fnv7IycD82tNxpefORZ5RICg8W6CP5GP8lCx0XKT%2BeSTUphPeOdYm%2B5CgqWU99O0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530c1caeb56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4248,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4248, version 1.0","md5":"e72df2be6edd1500cce4c0c00c18ca90","sha1":"a287cf2964d1ab9cd6e3f5dadb890855db91464b","sha256":"c83007a5d7604e0ad30e684cbda494445fa6112322d5127b8074c001eedceae0","sha512":"c88d25ccbc99d491025d9717da36c6fd3138fde6fb09520cd4fbb558715961a4c739056b8c3143f1645678678fb5d41b6562d32a5148504d4d3498ed78544a71","ssdeep":"96:e8g2CbHBvup2AIlWC2rEKwaJpLrJ5pGlyH+4M353KEO6e+uM:Gbpk2FvNKwaJpclyHw3dj5e+uM","tlshash":"77918e8ca28e8f26d415f4af1894ac3bb948bdd4f51eec8454a0b24463be6b19881335","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.961977Z","times_seen":8,"resource_available":false,"data":null}},"time_used":162,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/tocofa.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/tocofa.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 22401\r\nlast-modified: Tue, 31 Dec 2024 04:07:50 GMT\r\netag: \"67736e16-5781\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YFGCEFBRUJVFJbWTtKfxSfYy1pQvgjzQGYAZHwXDo04bXJa%2BJCy91enAR%2FUmu4eBFbp0%2F%2FzQ%2BGZc%2FngzLu4SpJ2BxYZGZg0qTaMR4LRzoEAPxXQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab356b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22401,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGB, non-interlaced","md5":"6d5bae45384418803f7d4324e80f4faa","sha1":"4aa9f9ba6590aefbec440069f3cdaf61ec92ebeb","sha256":"4fa27d8db1145705d6d37093976675e8747963d5a69410597d4d4ade8eb156c7","sha512":"79d8e0fbe54a0de477d8c4d1e924dbca28ca11d4ccdbe3e974e5db8d1b61b7e2f68cd08931da7d1bf179b71176064d5c068b1fbc968b1a54cbea9d17578eeeec","ssdeep":"384:5krVOLyR620O/9qqPV08UG55hOebRi5L2oPLSwqtD4sEmnO8B7Jt6tI:VO1xV0O55hlRi5LdsEmn5B9t6W","tlshash":"09a2e169307864ef90335d6fd817cd762b13f5a7c988b051ead9864378a1412f8a83ed","first_seen":"2025-06-30T08:20:50.302614Z","last_seen":"2025-12-21T08:54:05.983705Z","times_seen":4,"resource_available":false,"data":null}},"time_used":726,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":535,"receive":191,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/photo8866.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/photo8866.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5625\r\nlast-modified: Sat, 28 Sep 2024 04:02:20 GMT\r\netag: \"66f77fcc-15f9\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eO6s8tFVhknQKkAo6wUTbwA%2FOH7X%2FKi1y9slLVIW%2FAmo1qbq%2F23tB4wQ%2FC%2BOzvQBI21zs8DOXhzasBa1XceLs4SBwRkWx7beKDIxyzzFyahpVXA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab656b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5625,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 150x112, components 3","md5":"b63807b6108ea0cfa52fced2f089f4b7","sha1":"9060768d49b63cda032f7ddd41f2db7949f1f548","sha256":"eaf0b1fcebd03dcc821748e776e1428aff0eafef1b46a940a6348c34d63cc310","sha512":"eeeb7ae6cc4e2c9962f1a195721e824dc346ba2d3ab484dfab208de3b7b9b90f41acc7bdf0c0abb311634e065c3572c571f3a972b0685a4c6b1614b21cdbea9c","ssdeep":"96:ZElbw+ifKq9H5OIh3q0ADSvevLF4ofv8ApGnWl+rD2vYBtrnNW8Mcu9K41jl:0wDBgIFq0zveZHfxpYryws8AkO","tlshash":"7fc16e32d3de464ee4df1aba9ef446f6f79430f547ee496c06950338470190895b8b8b","first_seen":"2024-12-14T05:48:44.795907Z","last_seen":"2025-12-21T08:54:05.968091Z","times_seen":4,"resource_available":false,"data":null}},"time_used":483,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":483,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/91cffflls.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/91cffflls.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5666\r\nlast-modified: Wed, 20 Mar 2024 01:48:43 GMT\r\netag: \"65fa407b-1622\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VJ94qPt505ylOI%2F81Xz8i0hOibCUHWSY1ZZM3GZCcvTKrlUgYuc8tnrL8uZnRT90Gl8N%2B%2FggLpUoX%2BYGFK6vHWcZIyGC%2Ft66AB%2BVsOCM%2BdIBBiI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcaba56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5666,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 200x200, components 3","md5":"af34f16bfb4501bf1e0e9c8c4b38fda7","sha1":"7ffb2168cfc6e3158948cd35e79190a478d37491","sha256":"b50947a3afbfcaa91ff36fee345f87203d32908ce11d5d13b0705c35ee3eef08","sha512":"525af8178cd35f11343c1f57214004b2a4c2f32f9d83fe6d329f49df2a1213f15bc908574df843b8dce3ecf2c3bb8a91be6f3e947363a979585b5681836a87a0","ssdeep":"96:WwDEcWd+ete8sv0vgHMDHHjTstglqLiVijrsAyNl/iFCiRjAVrpgu2I:VytemYHEHjo3E2nBAVfP","tlshash":"9dc18d8d6e5fef31c7ed50721dad73323e264d9b2a910d4e6af259202a538c04e0127e","first_seen":"2024-12-14T05:48:44.798335Z","last_seen":"2025-12-21T08:54:05.953529Z","times_seen":4,"resource_available":false,"data":null}},"time_used":530,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":530,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/logocaoliu.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/logocaoliu.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 8908\r\nlast-modified: Tue, 08 Jul 2025 01:51:48 GMT\r\netag: \"686c79b4-22cc\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z58MKQwamRiT2WAVN5iS4DyDP6AAsZvQQLeDERML2Cb87kkxs5nCPYpkcr80wULmakWOeHQenzcLpF%2Bn4ezDjd6y9L4%2BZ6jop3OmxYqsKyTvEBA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac756b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8908,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 92 x 93, 8-bit/color RGBA, non-interlaced","md5":"6056bf74f90fb3a9480d5985ecaaed02","sha1":"ba97c60560bae9bdcd83f54524d4904220fbdeeb","sha256":"a20196a4a9a34e53523699ffc375885cf5fcebd9f6ac6db6628a87353276619c","sha512":"f7a448c7b2db4939e4d022c274564b12a38372a0651904ba091680c961d02d61a75178057d2e7ce29f06c0ee58aa77ce03cc1e2c03ff8f3d7596eb8e45c0dad7","ssdeep":"192:NbPNqiPkND22COlLS9Pbaq92y4+Ci0bpLYsFXhn1KJ8If8mxcrJ:NbP/y22COpuPbaQ2y4Li0NLYq1KJ8y89","tlshash":"2502afccfe4a4a217866e81faaa60ede1cb13eee464b57172006bc83d5312b990d51c8","first_seen":"2025-09-21T04:53:02.722075Z","last_seen":"2025-12-21T08:54:05.958183Z","times_seen":5,"resource_available":false,"data":null}},"time_used":554,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":530,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/hengfuwenzi/guanggao.html","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:17.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /hengfuwenzi/guanggao.html HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: text/html\r\nlast-modified: Fri, 05 Dec 2025 06:20:01 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aYyHYEpOuqyAR18YgUZr05l5tDKMpZJbj%2BOoPyyQwjOuxIlCzWuehjiYht4tZplWRt7S1%2FJCloT1Oivical%2FIvNO%2BZhBH9qC6VtFnEipuvCry24%3D\"}]}\r\ncf-ray: 9a9530c0eae856b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2148,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"04a3516c3af442743b0e070d8c5ed2d7","sha1":"2c6d211528cf3c68b20982f1a791657b2baa18fb","sha256":"273d1cefbf5714ba16e7e32a83de466a23f43505d06e8f1c38ce84050625158f","sha512":"d97d49a9f4cd6cdd0df852d085406677706082b12ba3ccdf3933e4fb9e4ca3405d4121275a9c61a630940a1263e5e8d98111f22b1291d5a611c4aa4df8bd2785","ssdeep":"","tlshash":"e941f32686d12849d37ac2608c3457ddf6334147ab570ea8fbae3b137f9cd5150271e6","first_seen":"2025-12-05T17:16:50.617989Z","last_seen":"2025-12-21T08:54:05.959204Z","times_seen":2,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/c6f4a09a939942.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/c6f4a09a939942.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 30756\r\nlast-modified: Sat, 25 Nov 2023 02:12:35 GMT\r\netag: \"65615813-7824\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xMh5i7gDaybYYAQZ%2B72PsL5ZIfKt3FpAvZ5nbpFlh%2FLzAQ8ZrU8HY0%2FPf3aiPnF6T8sVVYDbC2JkkGJMvuwjNZJYZy9TzoukxRruEUdwC6wC0II%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa356b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30756,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"70baa23e47d2597ab3faf106b76f4163","sha1":"270000963719b3eaa9287d3fb7de18d469d16ea7","sha256":"ebfa2e154dad24b346079320a7af788d174115d11561b5aa95339547aa440f7d","sha512":"f5d4214fa1435eeb8295035679d9e90057fea3bf880f0fbd99cb392d141e6ec51c0f75bdb56d6a8f555c3262d921b8eadc58c52b90d7b5080ef9d6d4a49fe6b2","ssdeep":"768:1a1EliANDA5ELNNfv2SlMpJP1Ezqg1HN9Mv:1OT5ELNN8wZtqv","tlshash":"8cd2e1af5e3000caab9da1f8742b7bb9dd040cb42199779a74407eed7e5384f36144ba","first_seen":"2023-05-14T09:23:39Z","last_seen":"2025-12-21T08:54:05.97421Z","times_seen":25,"resource_available":false,"data":null}},"time_used":679,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":475,"receive":204,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cffimg.com/20250604_201544843_BSd.gif","fqdn":"cffimg.com","domain":"cffimg.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bbc0c019.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 10:13:05 GMT","end":"Thu, 26 Feb 2026 11:12:55 GMT"},"fingerprint":{"sha1":"21:92:6F:F1:0C:26:90:13:D4:0D:60:91:5A:7D:47:81:35:CF:23:1F","sha256":"5F:66:8A:DD:90:DD:D2:EE:82:D4:85:D7:FE:54:17:09:F1:36:EB:BE:9B:D1:A1:FE:FC:58:7E:A6:70:07:A1:17"}}},"request":{"raw":"GET /20250604_201544843_BSd.gif HTTP/1.1\r\nHost: cffimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 95566\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zl4jJ4Y9%2BxParo8tDcqIdxRa7TJ2JHc1f9hMqpU1CY5nAiNw%2FjVTmxWsjT3zYicXdHpjljKPGPfsDDBBwOOWZj0hkFPf7henxMg%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"7ff1a28ea4cbda124750d8794ab7f6cf\"\r\nlast-modified: Wed, 04 Jun 2025 12:15:45 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-ray: 9a9530be6b438be6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95566,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"7ff1a28ea4cbda124750d8794ab7f6cf","sha1":"00ef3692585f6f4fee163152b07c17d000cd93af","sha256":"d4f77fb4553c6d69956fde3554f20c88dbea676b5af4a6cd0fd1ecab7cbd9089","sha512":"244b78522d5100785842e1982092badff28f7aaa19033810947e089674e47a37092d1d227d779062e113351a5c04b60bc005528a3859114fab15cba7cd34b15c","ssdeep":"1536:tU7mMsiznhdD8s1wmRtt7su1JBmocYARK8P8TxrG1L9kgi6JHEMrgF4+xtbl:YmIznhdma7jf1cYML81ruFi6JHg4+PB","tlshash":"ca9312d3dc51e21bbf429464f91ee196cec8e23c25d9d24d923210d7a47027e26b7a4f","first_seen":"2024-10-12T13:55:15.543995Z","last_seen":"2026-01-25T23:10:56.683427Z","times_seen":5,"resource_available":false,"data":null}},"time_used":868,"timings":{"blocked":-1,"dns":49,"connect":1,"send":0,"wait":617,"receive":168,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/fontello.css","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/fontello.css HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 04 Dec 2019 12:17:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5de7a3f4-a84\"\r\nexpires: Sat, 06 Dec 2025 05:16:16 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sVjVv67eD1ga%2BqyLOOeSWAM7hxmcwk5QnmhxNBkTVyMIsQSopYsqL%2F%2BjzLiGybWMBiaB7gC3xdVFlO75%2BbuEGSNS3PfHXx%2F%2Bi%2BtbEkS858XSXt8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a9530bd6a9e56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2692,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"97dbe8966fd43d75528e72b75d3b73db","sha1":"07d340ffbd1635d7aff9da494f13cb9bed586d56","sha256":"d20f166f2b9f8d0c2df4a47b3cb1db07c8e22da841e754359cae8c4e3457f4b1","sha512":"1ebfe7495706aedb326a40d98cfbf6fdb5249901747c474cd2cae377ffd28aea3ef50af30d82fa804144a04367623d780b543c9595c5b699aaeb7b43cce9cd2c","ssdeep":"","tlshash":"80519bf18e8820810bd69a8b37cb72645f5cf22a69419d83f05b656cdfee66443e53cc","first_seen":"2025-06-20T02:15:19.744143Z","last_seen":"2025-12-21T08:54:05.966386Z","times_seen":5,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/aiqinglaile.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/aiqinglaile.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3514\r\nlast-modified: Wed, 21 May 2025 03:49:26 GMT\r\netag: \"682d4d46-dba\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TQH1OES2VcTpsa%2FL20l822wEQrjF5gNUR%2Bp075%2B40pERLOq200M%2BVXRhwc5E8SPlAQafyRSYTKES%2FdH14nphdKFT3zr3fTdZ4So3O5h0Idck0Zw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab856b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3514,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 120x120, components 3","md5":"491d2f8f545a8f42801bdf54c78c4696","sha1":"1dd4abc0caaeacfe21319af16f434a5d19e1fe14","sha256":"26a676aa8cc557ce45c37344098d011f55081df59020124ce0fa38d970d5f2ea","sha512":"a0ca3528306e67a06559691a8c35b70d7667c23e44bbcf000959990f00a95812ee9c97172295ad01f49f46b8af195bf0cb438c14d97e5d032e42d4d8f64801d5","ssdeep":"","tlshash":"f3714d59b90f990ecf28096c4bc51216f433f950a0d0ce35d646a417211edc65efc74e","first_seen":"2025-09-21T04:53:02.713804Z","last_seen":"2025-12-21T08:54:05.963821Z","times_seen":3,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffjpg.com/20251010_234229870_NSf.gif","fqdn":"m1.cffjpg.com","domain":"cffjpg.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"4990c111.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 11:05:03 GMT","end":"Fri, 16 Jan 2026 12:04:52 GMT"},"fingerprint":{"sha1":"E7:25:6E:8B:3A:50:53:76:CE:BE:D9:FF:20:53:FC:CC:84:71:24:6A","sha256":"1A:E3:7E:9D:01:A5:60:FD:ED:D7:69:BF:04:EC:1F:A0:14:34:31:F7:CB:7E:5A:6F:B3:53:25:9B:1F:50:F0:C9"}}},"request":{"raw":"GET /20251010_234229870_NSf.gif HTTP/1.1\r\nHost: m1.cffjpg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 516266\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NtptWyS5oRzfU7jx8DeTjLeEPgHPXpJHcDc6G1CCJNVghwtzaunsiYNFER9SQELX%2FhGxN96%2FF9kWsouedTacERV3mcEUY5QOrtp%2FlPs%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"d4809282cb48a8b0a4483a8d5bdd6375\"\r\nlast-modified: Fri, 10 Oct 2025 15:42:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-ray: 9a9530be4c5c8deb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":516266,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 350 x 350","md5":"d4809282cb48a8b0a4483a8d5bdd6375","sha1":"8b3dd0400ba86ae22f330e3ecb27fe1fd4216be0","sha256":"90740c826dfeebcb18d9fc618c8c33af52914ae98d990d1c0a2a85f2cbd7d108","sha512":"fab51c692d230819e2c6a123ca925c81035ce6edbf796dd70b773fe7091043cbe6ff2168735ca5b3fa9281eb232318798cf6dc4cb314cab01b8db88f961cc8cd","ssdeep":"12288:L0aI+Tu9CzPKgk+z4QEeuqNNPvb5V4ZAYWSAKT4CA+CS77:1TrHz4oNnEm1TKTnd7","tlshash":"c2b4233d8e2e4d064005d0d5713bbd53f6a9af32a5811b5ecd8041ee0a1adbf6663f2b","first_seen":"2025-12-05T17:16:50.631456Z","last_seen":"2025-12-21T08:54:05.972518Z","times_seen":3,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":21,"connect":2,"send":0,"wait":194,"receive":19,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/aff0.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/aff0.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 6030\r\nlast-modified: Wed, 15 Mar 2023 12:28:31 GMT\r\netag: \"6411b9ef-178e\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X0jdOj5jHtJfMNdTv1%2BgROc%2F%2BIBzk3kXugQw84AzV5m7h31XgdVyaVvrc6g8etUTjCsU3xeXoE4wFTRNFlWhRBCpptBmjSlutRhCEXVt8xcOF48%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab956b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6030,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 150x150, components 3","md5":"2acce2f3d6eab4395b8809757f56b1ea","sha1":"aeb443d7271ec6307995b857998d9c0fb8deac2e","sha256":"945cf1fdb412d30e370ea81c1fe147e42368653b86fc208f2daff863aad141ba","sha512":"f6982838b32a744e8cb7bffa3ca8dcd1986d0a82496e8f3ee87737b04290c7c6b775884649661eec47ad5aa355a4a2a3f597026fe018ba8a6726c0565824e218","ssdeep":"96:ITOOTdtdoLl89cpMikX5dFA0rmGm4XC5Q7TvnEmrfNpf8srDsrV8ODqIZY/gbw+c:ITJTBxOJk/FA0KG3L7Tf7rfTnsrV8O+r","tlshash":"12c16e7f805305888b64f53559f9f6f2c053348ebe9b994947342a32a18bca7eec64d0","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.956876Z","times_seen":11,"resource_available":false,"data":null}},"time_used":483,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/1588666.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/1588666.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 140695\r\nlast-modified: Mon, 10 Jun 2024 01:47:59 GMT\r\netag: \"66665b4f-22597\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2nRe0DgkOgdrJmAu5Cd544m9QoRolcR1Dt4cCT3OJMSJvd39K3YnAFx6uWU%2Bw3DS6wpRYuuPM1tD7Hk%2BhwfMRy0lBc5Hx4A6PNPymc7QevGUwjk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab256b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140695,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"fe7300fc3c8f5e961eba92613e70958b","sha1":"52efb7f5b617e22abf6edb905d24c6e42aa52ea7","sha256":"ea0e9ab74f69182bb0eb28335c51f787528deae2fcd69e456af359bbec801b33","sha512":"996dcaad5665a187e254f54fa3e25b36df185569f16a817002c292caa0d93eb2a0781638316ba084196ef6866074098f2229dad00b3ef0afe7f50e833c26dd5c","ssdeep":"3072:6DkYBIJMcOPokDcBhlXBYtpdwU5dQZth7rvpyOjEa9Urfw:ctBIWMk4XBYJwNZb7tyaGs","tlshash":"ead3123ac22e4f52af284b92203825d059641cf7e8d7e507954bff79bb3981d863934b","first_seen":"2023-05-02T12:36:54Z","last_seen":"2026-02-08T12:46:08.778507Z","times_seen":257,"resource_available":false,"data":null}},"time_used":980,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":506,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/douyinmax.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/douyinmax.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55373\r\nlast-modified: Fri, 14 Feb 2025 03:28:44 GMT\r\netag: \"67aeb86c-d84d\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FuWPvIjPZzhjeW9EFKDJ6fI8r2lGsZhsQ6C0VIcP7%2B3tvaNtnj4Vw2qUmweaVtTfnrgAymrTCqsUjGm7Dzs9fxEErRlo%2Bzrj87JKtMwMGku8X3s%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac556b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55373,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1024, components 3","md5":"1c2a027c2d0c6acb58dc7b192b1a4e1c","sha1":"539c8986a78a9e730ae4bf1abaafbd3170928600","sha256":"e390d7eb1bd422f3d30a9d65dc8ba8da32e0b11d363f4fbb8971a23d5305ccf2","sha512":"e96d34329c22be9ffd429ae1110f74ef07596ba2d851dd5a28857e880cb721024ffdcef7b8a17a5a6e10fa4ad1b9c865936a58abb236a087b57fc97b93d15c60","ssdeep":"1536:Its6V4IAg1uQ/NPZBS6y+QddyW5RO9DnUfA4MP:Iv4E9FPjvyP7zGupI","tlshash":"b143f14a72355cd7d02037b25751224ab93f14c0c6897b22ebc4025b3e6f6aa28a5edb","first_seen":"2025-06-30T08:20:50.267274Z","last_seen":"2025-12-21T08:54:05.957441Z","times_seen":4,"resource_available":false,"data":null}},"time_used":777,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":466,"receive":311,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/favicon.ico","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:18.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/favicon.ico HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:18 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Mon, 24 Mar 2025 08:47:42 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"67e11c2e-25be\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8vYTfm6AWxXnOp3Cvj8AB7as%2FrqJ%2FU8T06q2w7H3d%2BjmlOKFsjy4U%2BAqUpo9CT%2BmpFhC9bf7VV%2BhGxmN1mwe9gyu8uGuijCtj3mpRJLe0yrTcHE%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9a9530c6fb1456b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9662,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"3636f18490ec285dfb70d1dabd5ad169","sha1":"cd9b57c514fded67486460e624c8bfe1e731846c","sha256":"42328698dba2a00df52a2483fb67f39d02ac732a344d253f5f1b0dfabc2af0ab","sha512":"825482f894a53354e772bbec1742aff4e52fb605b6d46c9c7f04d93e3193ccb55c1d3627df32ffed5b5c3923b4a64ba97748d552f77398e61c6d2cb97046c8b1","ssdeep":"48:9ZBsGe9bKcijqi9N1ms0ZSsy4s+Dwqz9DSk2XLEbPbdFIWpqB5aIwbnd8ci7uyxD:9Z1h9HrH4V9zQs1FDpqB9wbnti3sEsM","tlshash":"d312e7d92175a0a6e448087ae81c8afc787d7ccf56088aa035113fd3db5e1dc82de793","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.977199Z","times_seen":5,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.yy447.cc/","fqdn":"www.yy447.cc","domain":"yy447.cc","tld":"cc"},"ip":{"addr":"172.67.220.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-05T17:16:15.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yy447.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Nov 2025 03:47:57 GMT","end":"Wed, 25 Feb 2026 04:46:23 GMT"},"fingerprint":{"sha1":"8C:FC:91:33:64:87:B9:64:3C:E1:FE:67:51:C1:B8:06:A6:F3:EA:79","sha256":"BA:22:70:4F:93:7E:9C:01:8E:04:97:3E:E3:40:AF:9B:D5:28:E8:B5:88:5F:D2:01:39:D4:54:FC:92:4C:AC:75"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.yy447.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Fri, 05 Dec 2025 17:16:15 GMT\r\ncontent-length: 0\r\nlocation: https://kYRpNWVE.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\ncache-control: no-store, no-cache, max-age=0\r\nexpires: 0\r\npragma: no-cache\r\ncdn-cache-control: no-store\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BIEM4MgECg23H0RrRk2UwHrYKv48VBmxq9%2BdyyNo619rm%2FcK5H9SajbpV%2FfUN5IQeycmAw4JgfXMiGsnURdlve1fby96X6mOIvc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9a9530b4996db512-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":182345,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":34,"dns":9,"connect":1,"send":0,"wait":52,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.siiuerz4.com/images/35/ASB-yc-200x200-14-09.gif","fqdn":"www.siiuerz4.com","domain":"siiuerz4.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.siiuerz4.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 15 Oct 2025 14:01:30 GMT","end":"Tue, 13 Jan 2026 15:01:25 GMT"},"fingerprint":{"sha1":"CC:8B:23:21:88:B6:48:DD:00:44:32:EC:C5:8D:20:E6:8F:AC:F9:53","sha256":"2A:E3:34:2B:CA:CF:89:33:ED:2D:8D:2E:F6:40:32:6F:FF:39:96:D2:56:26:E7:65:87:E8:25:9C:E9:C2:21:39"}}},"request":{"raw":"GET /images/35/ASB-yc-200x200-14-09.gif HTTP/1.1\r\nHost: www.siiuerz4.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 488281\r\ncache-control: max-age=86400\r\naccept-ranges: bytes\r\nlast-modified: Tue, 21 Oct 2025 06:13:34 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 176611\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CoOyHzthFjhN5NprwYumMPNUAM4Rk1gNpQFI%2FFBvo8AQ5xXC9ptMVxh21K42oAeQKMxDoaR8HU9WH%2Fskw0QaY9HjBA7yzqUIXqNhoiez\"}]}\r\nserver: cloudflare\r\ncf-ray: 9a9530c27adf0b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":488281,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"d6dda468c408ebc8770ce06200d0190c","sha1":"2bb1572b75123706b10a649332e5745ef354c5a4","sha256":"09e4636b1a26f219db640235d93b9ba5eda7310e20abae8713bdacd8e02c92f6","sha512":"89ff77f1e63ab301ba2b611b462c4871eb1fd040cf6fb8e8d50ef7eea07bcfc7a35634868d947f5d4eb3ae42b08f132727ec67d5551a0f837e77dd3c3d2d5247","ssdeep":"12288:VG4Fkr4+51IyY7KbN1mqvtma7kzUhfkfDRlsAubtWaRl:VpFm2PuTga7kckLRuj","tlshash":"c5a423b5f94f44e302bb1bb4015219cac9696d69f4bd4b75738bb82237f128d2603e93","first_seen":"2025-10-26T07:10:45.375757Z","last_seen":"2026-01-06T05:46:45.677541Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1596,"timings":{"blocked":765,"dns":779,"connect":1,"send":0,"wait":12,"receive":15,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"www.siiuerz4.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/196.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/196.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 19252\r\nlast-modified: Thu, 04 Dec 2025 03:31:05 GMT\r\netag: \"69310079-4b34\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lqZzN4i8HBqXteHdX3ZA2kbgvSyqD2G5r41JWH7Xizb%2BjUEy%2F4zmZvLUNsYjTOQ788T3hKhbefbvHfViXdJjHb3YEYlnfqPL2OKBAnpSYKlSiOw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd8aad56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19252,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 196 x 196","md5":"b954dc83b8bdbbb665afa25c61762902","sha1":"15054e29027a16ba03f1568e7aa07d08eeb1afb0","sha256":"06c3b83be09fa41212791244d4fa8460e52e8018d2d9979e18308114906db47a","sha512":"0fd3c954e6f2a3e8367fb0c63de245b3a1fe26fb7b777358fda805061e9503a242591a3d5fb5152978f8559bf32c2816da976b40c45d231b764e3428cebd2329","ssdeep":"384:riWiyDSX1kSSTcVXj2Bk7K+7ZweOS82esiApJBe3eTkenjAHHevW:mWLWqSSTcVXj2Bk7K2ZpOS82TTpJB2Vr","tlshash":"4d82c065c499d5f6f685f1f394f0a7cf02f56944093bba71529f3be59b5800320b8b48","first_seen":"2025-12-04T08:43:32.959705Z","last_seen":"2025-12-21T08:54:05.952836Z","times_seen":4,"resource_available":false,"data":null}},"time_used":627,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":471,"receive":156,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/5aecc660e8193e3e.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/5aecc660e8193e3e.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 24062\r\nlast-modified: Sun, 24 Aug 2025 00:23:47 GMT\r\netag: \"68aa5b93-5dfe\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Tz9H6DOx%2BPe7KxvSt3QAoEFoyb47lKy%2FkEj6esRyethUNEK%2FriESwT9UneDpEs1%2BqPdR3vY6QWRC1gUbiXohG%2Bu6wVGlgsykhlzLTPfNgAoUEvM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdaab056b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24062,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"cd8d31a35aecc660e8193e3e0b36436b","sha1":"94b4eedb16ab68ef428e9bb23a59610fc629dc2f","sha256":"5204b7c89ae5298381172b98c3a97ee671bea1f11bfbcd272b64b392f2c2690e","sha512":"02d9749afadbe5172856c4279e84c41e053caa4740808bee1b0d30366bfeb3e4b4745a7582acce7e0c9d25979d7cb8d93f6497f0c198d065a4459eb330fec6ed","ssdeep":"384:1dYI/2njPT+K7AmNqqrPxn2H2eNRQ70VyIHahOh53zEDYZryCGOr0d:LYI/OWXmAaPZ2H2eNRI0VLHahOh53IYM","tlshash":"ebb2e125f1bedb414f06cc54f4f06e6a4c177e8a2fbe5c270bf1e66e7448982060b615","first_seen":"2025-09-21T04:53:02.704859Z","last_seen":"2025-12-21T08:54:05.971964Z","times_seen":7,"resource_available":false,"data":null}},"time_used":649,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":177,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/260423df3c3a1.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/260423df3c3a1.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 33727\r\nlast-modified: Sat, 23 Nov 2024 06:31:23 GMT\r\netag: \"674176bb-83bf\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lnBruVYDk9hQpiyTvKVH59RaernXo8l7%2FKAKjm95EV9ob9xTer3uKaaLP8aGiV%2BMHCdOiEHjG1Vmz%2FMM0XLAqI3yLhebICUBNuE0gABXzZaDCgw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa756b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33727,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"7d7571de36f6f444a7092bb576d44004","sha1":"c1fa962152d54fd035dbb3d5cf9fc684928be87b","sha256":"0e19c52b8177f75e9d8235d310494fb11977f3c9e152c246bef349da3e52fb7d","sha512":"92f9030c19e87a610fc6d8c4a60fabd3b0a92f1513833c3b7e785c9af52b05e95d30a0a0ec257448d83156bdfd335649f671a9c6c2dedba692f3133b1ee3fc77","ssdeep":"768:CzbBiVChXJPzJi1gpYy3FyX5xJnko0IMYk2:wBi86gpr05Tnkop","tlshash":"2ae2f1495f1c8f05ccee58f55562ba6839f67dab901bdec8583198d25ca830b0d3f788","first_seen":"2024-08-19T20:49:53.497515Z","last_seen":"2025-12-21T08:54:05.95507Z","times_seen":15,"resource_available":false,"data":null}},"time_used":695,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":480,"receive":215,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/5aahxhz.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/5aahxhz.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 20594\r\nlast-modified: Wed, 15 Oct 2025 08:38:49 GMT\r\netag: \"68ef5d99-5072\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ABFlRJXZcUeOJW0q8GkKaxysgjlutqhLwSlHYDZVfZgvQ66PaEiJGagKpHe1cY4DcESfRBamJPQ29NjfREOQHe%2FTtYQuLInMmhdygW4PPp%2F0DAU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab156b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20594,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 178 x 155, 8-bit/color RGB, non-interlaced","md5":"4349647d36bad76025c1aa86fb1fd127","sha1":"f2130e4b26746a37aa9fed4a5e30bee26aa726b4","sha256":"2bd35aa3d7b6466bbbd663662da1fe404b2bab947b6cdaedca258962e4eea07a","sha512":"f1218dc1e46ae144707347407f9d5890a71cf80fb7b55925bf9d32e9dd1d2b026adaeea74ed979d97f575c8a4f01c9616e7bd74583448b416ca39db7f2536500","ssdeep":"384:PzCrz/9Kj9lOWx2zUmMiQQCK8rNQsezNDCDqn1TtNls6tzBIvUE/ZFFzRff:LC9KjTOWx8UmbURNQseRCDq1hNFzGvUS","tlshash":"ec92e12f69dce474d61c5db5ca1f878da7d8bd720d8dc1cae405a5623c4709c860ebb2","first_seen":"2025-12-05T13:32:50.277374Z","last_seen":"2026-03-15T22:09:34.342722Z","times_seen":5,"resource_available":false,"data":null}},"time_used":709,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":522,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/xiaohuangya.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/xiaohuangya.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 342922\r\nlast-modified: Wed, 04 Dec 2019 12:21:18 GMT\r\netag: \"5de7a4be-53b8a\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DLF%2B1gqWy7evUeeh7Bw8LcWVGp6LecZDvwOaxI4vDOzHDyoREZbKjQlLvY5aqihtSAf114jvsnhADyyzyY4AwCqwrzvUj61RyYL3sShemj%2FMXXM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdeacb56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":342922,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 120 x 120","md5":"ef581412e683246077d1ffce4707837f","sha1":"24e3d5033035bd8e1f09088f019975d67c3c1af3","sha256":"a009efc8ae7d8561d2447448e041a928699d2817d131c3f8d266f8da3b1f1864","sha512":"14131285cd32e00ac2b4a0b52a291204b613adc950dfff8bf9f2914b129d76614102bd021b84be0fa543cc6357ffafa5b50616eb44f3a2fba14fee4a183d889f","ssdeep":"6144:cenPpZsE7Roul3S6qiqOrmWaKaDnt3BVqZAuiikKhqyd2F0q:cOpZzKW3ufeatnt3BVVuuzONq","tlshash":"6c7412a8d2135c51ba26507e66be2e2d54b838b42350662b917037d41ce33bce859ffe","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.985427Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":481,"receive":718,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/hao.js.%E4%B8%8B%E8%BD%BD","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/hao.js.%E4%B8%8B%E8%BD%BD HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 114933\r\nlast-modified: Wed, 04 Dec 2019 12:18:12 GMT\r\netag: \"5de7a404-1c0f5\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yXgh8V37m%2Faymo%2FzNvBsFfARPOAX6TxT5gceDveIIM4LDEZJrIq%2Fw%2BaC0uM1CwuKOIthvucbEAmn%2F8kjdMYf%2F8yH7EpJdOrBgeqV%2F6%2B6Zo94ndA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9a9530bdeacc56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":114933,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T11:49:30.368697Z","times_seen":13330398,"resource_available":true,"data":null}},"time_used":1045,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":528,"receive":517,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"146.103.81.70:5002/siteadmin/upload/img/1996593198025408514.gif","fqdn":"146.103.81.70","domain":"146.103.81.70","tld":""},"ip":{"addr":"146.103.81.70","port":5002,"asn":0,"as":"","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/hengfuwenzi/guanggao.html","date":"2025-12-05T17:16:17.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"146.103.81.2","organization":"TXNetworks Beijing Co., Ltd."},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 06 May 2025 09:45:39 GMT","end":"Sun, 07 Jun 2026 09:45:38 GMT"},"fingerprint":{"sha1":"65:A5:18:F9:97:82:83:EF:77:91:53:86:FF:CF:B6:98:5B:EE:99:33","sha256":"5C:7E:37:8D:88:0F:E7:80:0C:D8:DB:DB:DB:68:11:E0:47:FC:6F:D4:EA:8F:9B:12:24:36:E6:C4:4C:11:47:07"}}},"request":{"raw":"GET /siteadmin/upload/img/1996593198025408514.gif HTTP/1.1\r\nHost: 146.103.81.70:5002\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:19 GMT\r\ncontent-type: image/gif\r\ncontent-length: 475689\r\nserver: AliyunOSS\r\nx-oss-request-id: 69331363E555C93237B14508\r\nvary: Accept-Encoding\r\naccept-ranges: bytes\r\netag: \"8CCF7FB3AB5A440E7C2ABCFD5974B73B\"\r\nlast-modified: Thu, 04 Dec 2025 14:51:30 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 252373431250008526\r\nx-oss-storage-class: Standard\r\ncache-control: immutable,stale-while-revalidate=86400,public,max-age=86400\r\ncontent-md5: jM9/s6taRA58Krz9WXS3Ow==\r\nx-oss-server-time: 2\r\nvia: 1.1 x176:4 (W), 1.1 PS-HND-01MdG15:16 (W)\r\nx-px: ms PS-HND-01MdG15HND, ms x176HKG(origin)\r\nx-ws-request-id: 69331363_PS-HND-01MdG15_35984-24334\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":475689,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 980 x 80","md5":"8ccf7fb3ab5a440e7c2abcfd5974b73b","sha1":"2fdca65aebf4ee63758c194f655aa17d04203c21","sha256":"a33dd5982926b556fa285aa3038988e31867feb21a6cb11e16a6846b3463c5b4","sha512":"93a771b1288e7560251bb504f6f96d4e422f4ddbc1ccfd90701aeed204ca03defd80224b553b18aefd2678bda0d900197fa39d03a913d59f266a7ef198aa6a7e","ssdeep":"12288:C93iroUHLpB3alHboEYV5HM6UR0xs9zahxpaZy:0BUrp9aKRV9xbHa8","tlshash":"bda423cf103a49a37a6a50f830f75e5b4e9f04d04499d2167b823b9c288f0efe5e5e55","first_seen":"2025-12-05T13:32:50.285196Z","last_seen":"2025-12-21T08:54:05.968643Z","times_seen":4,"resource_available":false,"data":null}},"time_used":4709,"timings":{"blocked":1344,"dns":0,"connect":273,"send":0,"wait":430,"receive":1588,"ssl":1071},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/mfchdk.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/mfchdk.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 21491\r\nlast-modified: Thu, 03 Apr 2025 01:18:55 GMT\r\netag: \"67ede1ff-53f3\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HvKiytXqd6RB8RrfhRFdukFAQy6HAk2FmVRmXqdT%2BlDrh5y%2B91JdKRicqd5f7aIrDgY40kcJ6cg0bpGMEbGAx2R736ROXFmxCeXY%2BG3LUSdy5nY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa656b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21491,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 75 x 75","md5":"4a123b52cf59411dd091d5d56f4f51ad","sha1":"00f47975baa5b3bff471d5cf1271e228036a0d55","sha256":"0ab4bfce63a62c545ea0d2a1a449c9b0da137f3db307c436b90ad9082495f454","sha512":"4b099c13c37c599bb9e7f25ff3040e1aeec8fbc18043388889acca48187e753485be39b92cc3e6f09dc21fe452478f759e99e45b31d2e902e4f0cd1d40022225","ssdeep":"384:o+ZkYgSKDuydxtyUk3MrqIT4r0LeqpJ0MrKWFe8BQ7g342B8Nc7VG56d8cyOr/GD:oALgSqdXyUuMrpT4OeUJKvcQ9BIE6fy3","tlshash":"e8a27da69a8ec152dc450a34fb9f5c5dd65df8ae0238bcdab35c37d4c85424e0a306e6","first_seen":"2025-06-06T09:32:53.768457Z","last_seen":"2026-03-15T22:09:34.352859Z","times_seen":22,"resource_available":false,"data":null}},"time_used":716,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":527,"receive":189,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"img.mresou.com/img/lj24081401.gif","fqdn":"img.mresou.com","domain":"mresou.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mresou.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 21:04:17 GMT","end":"Sun, 11 Jan 2026 22:02:01 GMT"},"fingerprint":{"sha1":"7C:F3:56:C5:C1:9A:58:6A:C0:45:A6:0A:3D:53:F7:57:91:B0:99:B5","sha256":"12:3E:7B:32:D0:2A:43:9F:EE:23:26:1C:F6:0D:86:13:2A:B3:22:6E:C9:B4:9A:7C:03:D4:5F:F5:6A:A0:73:03"}}},"request":{"raw":"GET /img/lj24081401.gif HTTP/1.1\r\nHost: img.mresou.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 23440\r\nserver: cloudflare\r\nlast-modified: Wed, 14 Aug 2024 12:28:11 GMT\r\nvary: accept-encoding\r\netag: \"66bca2db-5b90\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 2143355\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 9a9530be4afa8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23440,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"74cfa4db79423eaa0389d5e5c27ca368","sha1":"09acdc70037ce357e4dda1d3eaf6583dd71ba948","sha256":"dc772f5caa29546e5f6c1f024da14858f212688e6d763e92838cf41cbb26ba2c","sha512":"464acf3a5f7aaa21b042377105fc514e3588c62728071caded466d5816060ae7b439893a732c438d8c374f92b5bcd81b675f5cd51f61476a4eccc44d7ffe6850","ssdeep":"384:Ls09ob7DFMVJRC+VQYWMpEbf+fOc8K1gVeMblkRA9FSF4qi2oR1xXd/wQ1LY650k:w09ob7DkJRC+VMbwO0gV4fFXi2oR1sQV","tlshash":"6eb2e22f5ac7a45eb2ad38ecd5c0908f80aeddf2ecd4b589a6dd150ef640124e7854c1","first_seen":"2024-08-22T06:09:37Z","last_seen":"2026-03-10T09:40:27.99873Z","times_seen":876,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":76,"dns":54,"connect":7,"send":0,"wait":14,"receive":1,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/74d4.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/74d4.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 9423\r\nlast-modified: Mon, 14 Nov 2022 14:49:12 GMT\r\netag: \"63725568-24cf\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6JcmG01dcC8U%2Fat5%2FDaoQ449OnNcnFW%2BFvsba%2BDFb8RKZmPqCT5nQzodJNGiwRbkKxEV8B3ruJPznmpzYXsc5hxvcdJ47ktYJ6lAqJ750U9%2F3O0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa456b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9423,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced","md5":"f7a2b75e94276ff8422eddbd58e4be3c","sha1":"101588f662fbe5564f0caccf2198f3526ca9d562","sha256":"2518a5335b7941f40c4e3e4a7fd46bb93f8ea1dd85cd3fa810d3dc059add74cd","sha512":"d7ea7351341288c700e3199b9005a401a2d18620da20e4a6dd141110312964cc05692ceeb9ba6ba579ebe3180b074ce906c3a9fa114d1dd1981fb03b4d56048f","ssdeep":"192:wZHYbvSeQNZ/+51AsY69bhZgoxdkXSiKEyq0ibOWSZnRvdH5M6Gpc:wZ4bC2++1Z/1Eyqbi/RAZ2","tlshash":"e812c091a80cdea7b3355188ca0949b299a01bf253f4cddf4c34e6bb15a4be413a42f5","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.983126Z","times_seen":22,"resource_available":false,"data":null}},"time_used":497,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":474,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/91yule.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/91yule.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 8964\r\nlast-modified: Tue, 23 Mar 2021 08:59:59 GMT\r\netag: \"6059ae0f-2304\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VeqprquyDIx4BOYvc321fdE1o%2BTXZly7Hnzh0lfggWaplWapqvx7YqFi%2B4UCo6DMet2eA9q9PR4C%2BrA50nrgDCdAgmMWZPnJKMqngFB5o5j0d70%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa556b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8964,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 88 x 88","md5":"a702a85dae2cee4c33d6233b96bd08f1","sha1":"20c14de5a377e25e6489f736f98a22a018b97a36","sha256":"fff8a1718f2104200fa03e1ed813b0cdaddff86800d9651e799679aad214b500","sha512":"81ad003b36dcb8213f751970a9ce86a3ff083c76f004666ec2057c356d260be83015e7fa2183c3dcc068a4c9bdae37a8cd4db308f6f96e489bf80dcf12509aed","ssdeep":"192:koltXnPhJpAipMrukPRcdG+5Vo+KFep4AQ78yoXd++0va:k6pMrTydhVoDep46yoN+Ta","tlshash":"a502cffa45cd3d5024c4a1233fb7f050e9c36bd4d1b6a8a29cac9c421d29ab7359f4e2","first_seen":"2023-06-14T17:51:27Z","last_seen":"2026-03-15T22:09:34.350906Z","times_seen":17,"resource_available":false,"data":null}},"time_used":500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":478,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.wixstatic.com/media/c0f302_f31955823a8e4294af9a2612c84df4ea~mv2.gif","fqdn":"static.wixstatic.com","domain":"wixstatic.com","tld":"com"},"ip":{"addr":"3.167.2.39","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.wixstatic.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 11:04:57 GMT","end":"Sat, 14 Feb 2026 11:04:56 GMT"},"fingerprint":{"sha1":"40:C5:E7:5E:0B:B8:E2:36:E1:E7:C0:0E:5F:1D:6F:56:FE:DB:40:5F","sha256":"F4:47:A2:BF:33:71:DC:FB:52:B6:86:43:41:FF:0E:21:4D:5C:04:51:05:7C:74:54:9A:02:62:FB:0A:16:C9:EB"}}},"request":{"raw":"GET /media/c0f302_f31955823a8e4294af9a2612c84df4ea~mv2.gif HTTP/1.1\r\nHost: static.wixstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 160234\r\nserver: openresty/1.27.1.2\r\ndate: Mon, 29 Sep 2025 16:26:54 GMT\r\nexpires: Mon, 29 Sep 2025 17:26:54 GMT\r\ncache-control: public, max-age=15552000, immutable\r\nlast-modified: Tue, 26 Aug 2025 13:52:51 GMT\r\netag: \"b25b96f460a75139525a2f5cc1273eab\"\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length\r\ntiming-allow-origin: *\r\nx-seen-by: gcp.us-central-1.media-router-7c597bbcf9-9bh2h\r\nvia: 1.1 google, 1.1 50c588fd3255d023d9b9021263f5fa0a.cloudfront.net (CloudFront)\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: OSL50-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: K7zbKTA07POBHK1rgU34Eil00VqwPl1GYFNtnLIMLvQjKRtZqmBEOg==\r\nage: 5791763\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.27.1.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":160234,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 300 x 300","md5":"b25b96f460a75139525a2f5cc1273eab","sha1":"4478666762894380a434f3dabf4f7111b6086be5","sha256":"aba92df3bbe364d8ef68bd5cfe46b9198829ee926214c1eaf90e416ca467ab32","sha512":"c4209c51b3741c5e21fc001fc3cb48484b501f850dcd90bda4f775abaee939783ac2806f354a8e6af75b3e5762fc6cf281a86a9c6b0e001ea88a304b385fbf43","ssdeep":"3072:OYUemjqEPWELHzmEco/xwulUfGCDOjAu/ATcjo4itgtah8QoeMox53:OhjWEOElxwuOftDm/ATcmuWVxR","tlshash":"27f3120d2c4d81e121a7afdb73512fe146f61acee49d5185ce254ade3126bff232a390","first_seen":"2025-05-12T10:49:05.31121Z","last_seen":"2026-04-04T11:23:25.304263Z","times_seen":250,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":92,"connect":1,"send":0,"wait":3,"receive":6,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/jipinghhhj.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/jipinghhhj.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 55212\r\nlast-modified: Thu, 15 Aug 2024 23:58:09 GMT\r\netag: \"66be9611-d7ac\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nWpv7HG6MLPOLeZjdpnhTbD%2BGLWnNdEFQ6QepAQxaBXqrJ7Qf61pkb6oZrmWgQlUNEwX3QW2tuMohsnTMJL7xpWjVuJml%2BKbGIjc3OJS39be49k%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac656b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":55212,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 88 x 88","md5":"986d1ef0cc9fe4d425b9c878fcb9f4d8","sha1":"ae356404611083fff6d6619ab7c0a97a9053e3e8","sha256":"e00263d597d750b6d7fbbf19ee56d9a5d144b200cb84a126b5a91d6adf7d5f6a","sha512":"1d7dbf02ff38df2f21916b355b412b77dfe321bdbdc2ad7cb4afdbf749d51cc620e15bea0a7e934f1a7acb982ee4ece01690f0d688400a1296f061381544ca17","ssdeep":"1536:D7ItfZRixpirj7J5tfZRixpirj7J5tfZRixpirj7JS:XItfZ2in3tfZ2in3tfZ2inc","tlshash":"bd43d024973632f678b1951ba6bf8c95236e1fb6a8d1442f9dfc56a30c84d3d280c877","first_seen":"2024-12-14T05:48:44.788274Z","last_seen":"2025-12-21T08:54:05.964406Z","times_seen":5,"resource_available":false,"data":null}},"time_used":863,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":520,"receive":343,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/stylee.css","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/stylee.css HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 18 Sep 2023 08:35:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65080bbd-306d\"\r\nexpires: Sat, 06 Dec 2025 05:16:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TSyVdZZFfuP1DdTFDXzmvm%2Bql5FCPoyf3BTvGIexNi4AAFeKByywUc%2BOGuIfH6H3ZvFGnEKzWsyhQRRUfdbHinGMw%2BHuNhOC71Cc98EFS2lbDWc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a9530bd6aa056b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12397,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (441)","md5":"5d4cffe536ab7ebba2f0186e7cca095f","sha1":"8c154948a22d9a29d7cd984cf2b301d49a1f2a39","sha256":"cb6f151253bdbb481ceca32d61fdd61d453d9cd20d7e929b370c12923c222b0e","sha512":"1cfeba4947107706d3e5e89d4fbd9fc881b83e55605738aa666a6e8905852e0d45164efeec8f3dc9579bd625da42536635cca4fcd4b1cca550d1915588cf4f07","ssdeep":"192:mitCItIwIOvhJo0eMwEgPD2E94+fx+gdzTHQOxhti:BOLRCC08zTwOxhti","tlshash":"0b42523165b0606fb07fd220f8125bdd32a4c04be7531badef69b97ad6190e91932b84","first_seen":"2023-03-08T20:11:10Z","last_seen":"2025-12-21T08:54:05.97772Z","times_seen":6,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":476,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/guazi88u88.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/guazi88u88.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 230774\r\nlast-modified: Sun, 16 Mar 2025 08:46:06 GMT\r\netag: \"67d68fce-38576\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S32Jffw6XstmZIWlsKWjfCBccJUe8iaWcb60AVzMAbnqEEZWR6s8NeemRBmblIUHYF%2FGaniKk6%2BwYR17ZDwrOYbVBX3DVdZxSfBUKw8x5eKxvoA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa856b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":230774,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 88 x 88","md5":"06e26665f67b248ebfbf5ecb16dd3474","sha1":"608c08610c0ce8dae0ff4aa4d02148cdef9baf46","sha256":"de38f26aa392dfb1bc0ef287f9beb2a9639e0b08e0fdc6b1ace9a01d24922341","sha512":"ea0e6350b53dfb980a2f4169513c0b00ff29cf883ded5cdffa693e3c5adba66eb68d960a8f07204c23318d6cf389357650c95a53e1e33134e43367bc9d2baaa0","ssdeep":"6144:1IVWwUb2XaUeH519yxgUfYY6XYClDnCrWcrnfTEr8Jz:1IVWwlOH57ygUfYYcDC6Iwcz","tlshash":"973422bcc5b4634de2a310b8fa7defa50f539a6445bc80a0bde759b4f408150e68f1e9","first_seen":"2025-06-30T08:20:50.271523Z","last_seen":"2025-12-21T08:54:05.956298Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":526,"receive":681,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/dongtai.js","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/dongtai.js HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 01 Dec 2025 05:44:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"692d2b57-a75\"\r\nexpires: Sat, 06 Dec 2025 05:16:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PhTCTy%2BKHdM%2BtnQk68wLiWyUr1CVTMq%2FvXY6vr4hzixL%2B7hhB8b6A0BPJ1nbF%2FonuA5%2F%2Baj85gzBanUtD5hCD%2FE%2BL7DGGtv8P7YfmPDh0ed9%2F70%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a9530bd6aa156b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2677,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"85d32478823de8493b0274ff440bfe9a","sha1":"659c387aed9276c3e3eddfa7006c3007309edcf7","sha256":"c1f2baad8d4e464dcbdc7250c297000e0986a84fa401e6f798799fa3c9287a4b","sha512":"7e6a0018896b5d8c5b3f81cbbd9f2be193a194b2e08e6da12b8f171438ad033a7381016c8477aaf5297e40613a7dff60e5f3a3d825138edda0c1ed52fcc376ee","ssdeep":"","tlshash":"bb511f2871a4107546b657ba9bc35404f466b0b73913c89cfe0c95109fb2f54faeafc6","first_seen":"2025-12-05T17:16:50.659275Z","last_seen":"2025-12-21T08:54:05.969702Z","times_seen":2,"resource_available":true,"data":null}},"time_used":529,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":529,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/dhjdjdjal.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.958Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/dhjdjdjal.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 48666\r\nlast-modified: Sun, 07 Apr 2024 02:50:41 GMT\r\netag: \"66120a01-be1a\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B44A2FgCYcjEDUOB5xtkU45X6JzsxcRuF2xBnAr%2FaTrQJ1H9Pt8qsZtcx8zPX9LFN0lsoLLR1h5Dbd54Z%2BUZd%2B6DO6Sgtu2d%2FnwwA%2FlJoW%2Blk9Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bdcab756b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48666,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x640, components 3","md5":"21a336c8314c222a2d7653d67c7b5b90","sha1":"839746cfd07107c623346c9c60317be6418caaa6","sha256":"be30437f51a8de63a1018657a34b560280c7ddc5140363a0d63ef861b0115241","sha512":"55101c192e1b5d25e635eb686f6b8a12086ad98468dccbdf21f35274e417c400c5a4c7bd14fafbfe3ecaab822b91e00d762e78abbb91f3cc4d9ed17335d23b44","ssdeep":"768:xWGCtuXVP6qd6LQKYw2qqGb4mdo3hcLELGi1t579V0fuCqoFAYWtYAX7sT67c:HV9dNw2PwG1GiDl0fuCqoFWB7c","tlshash":"ca2301e0b65096abe6346e35e1d1a879cb94ba01ba4e704433e84271fff50c12a7d5ce","first_seen":"2024-12-14T05:48:44.792981Z","last_seen":"2025-12-21T08:54:05.954322Z","times_seen":6,"resource_available":false,"data":null}},"time_used":730,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":468,"receive":262,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript\r\nexpires: Fri, 05 Dec 2025 18:04:16 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iulwkqa%2BrJ3KwuwfLmFpRh03Q0K7w4%2F7WaDOZHMNdnZCylpzePUKzcvyKMceJBu%2BQ7Vi7WaoPHLhFI4uQ7kmApaNSEEJyPMrv9e4TslAz8JpMBs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:16 GMT\r\ncf-ray: 9a9530bdeaca56b5-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-04T11:47:50.904159Z","times_seen":292023,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/template/pipixia/images/0060lm7Tly1fucsaleidzj30uk0kd76h.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:17.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /template/pipixia/images/0060lm7Tly1fucsaleidzj30uk0kd76h.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/stylee.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T9jOkKWa7hddj2H4kdv27buSWY8fzezuysK9ftRyCilIrBqpPERSBi%2FrmqgOsnskxRPB0E6E2uiRHXgGF9Qrz4nGMwdNtySu26P08mK7ka2MeZs%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530c0dae756b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-04T11:48:46.084608Z","times_seen":478047,"resource_available":true,"data":null}},"time_used":528,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":528,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-05T17:16:15.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:16 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Dec 2025 05:28:31 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A0SgSFsmbEoS2FO4WqhEUS%2FYb%2B4GJ9GSTkWbk26tmqdjLLg2i3F6MFzv%2FbV6xmVfC8PpH7jnh%2BEgxhlTEhcbqOoSQCk29kKlEhmqgOIHVsdqooL3LQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a9530b7582a2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182345,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2292)","md5":"98a583da4d33774be97c990387ffe564","sha1":"d6a65888a9f0e225cfd9bf5c2278afbe6f9f7a59","sha256":"c1a9125e26c4dea7fa188134bf7d225e24be192c495cae011c4ba934893e914f","sha512":"a6c231e7eeae315e235407384206880609bd55dbceaebb4da046f5509d1e08ad4c421ee3a34c94323a83eef9f408d380e178638cffeb3b4e315cdbb5f8920c27","ssdeep":"768:qR0nJ9I64zF3Kq87SiVghWWZ3mmb4HAipiwCDnyVtqCag4OIag4B:3LI6Q3J8miVbWZnbVipiFCag4OIag4B","tlshash":"b1046831c0a6635783b384a469616f9adb91e54bdc3b4743b3f40ec766e2c97d82728c","first_seen":"2025-12-05T17:16:50.664172Z","last_seen":"2025-12-05T17:16:50.664172Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1430,"timings":{"blocked":364,"dns":344,"connect":1,"send":0,"wait":703,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m1.cffpng.com/20250604_201652153_nKb.gif","fqdn":"m1.cffpng.com","domain":"cffpng.com","tld":"com"},"ip":{"addr":"172.67.149.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.916Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f9742aa1.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 14:34:35 GMT","end":"Mon, 16 Feb 2026 15:34:20 GMT"},"fingerprint":{"sha1":"DB:1A:63:A0:2A:CB:33:B5:23:76:99:54:2D:47:3C:62:23:EC:44:B9","sha256":"BB:38:C6:37:62:EA:B0:8D:BA:2F:B0:EB:AE:A2:C8:CC:F6:86:0B:C0:BD:1F:FA:D1:9E:41:75:E0:AC:D0:92:FE"}}},"request":{"raw":"GET /20250604_201652153_nKb.gif HTTP/1.1\r\nHost: m1.cffpng.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 47226\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FAxp8SOWj9ipnCjEEXRuj1kzulb7qc9AzkpC30bJc6e%2BLDb4FywvMJBMdMWd0KeCjM%2FXfELf1oN7j8oEHrtHEcIhHQTyPjFOLs6wm9o%3D\"}]}\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\netag: \"0f3c584b5778f43c0161da461040d07c\"\r\nlast-modified: Wed, 04 Jun 2025 12:16:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-ray: 9a9530be2876c759-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":47226,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"0f3c584b5778f43c0161da461040d07c","sha1":"687e8605d756ff1e501f72f490f2445ec827a505","sha256":"e7153994ad88fbb226a2cd8ee0df6cacfc1491b82fa6f47e386a0c37eaf018e3","sha512":"9c6e0acead98e866f45d7b62baa7dc058cb84e118f6112151e5abdd5f4cb08d49affa05a9d3131d124e9422f4e3718ff0b797c740fbcd0eae19cb06225bf8970","ssdeep":"768:PXeoRtu7tTABzLLPnP9yj9w0Rydoce9gx75fpq1nB/whyxO713V7Kr9qoIc728sM:P87ZAlLLP1yjAOcqm+1nBpwhF2ADeIHs","tlshash":"f723f2c4a6e5f01d1fc02d90de609e7f72676fa0b3fcf44ee44ea8474a506e84058b6a","first_seen":"2025-06-30T08:20:50.294897Z","last_seen":"2025-12-21T08:54:05.978333Z","times_seen":9,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":69,"dns":19,"connect":8,"send":0,"wait":271,"receive":1,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/tu3.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/tu3.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 10787\r\nlast-modified: Mon, 03 Nov 2025 06:53:09 GMT\r\netag: \"69085155-2a23\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2jlXYJFpLV9BolSQRCL8%2FNY9uNSGLIP0%2BXDojjQS%2Fd%2BfStjav5F4GlHqtD8xvsb8OrX1gzaX50S8UiM6lG0om4a5kgCAVLp6q4vWjmKQbgludzY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd8aae56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10787,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"978810e12237db7c2706bab5627e6215","sha1":"737307e9cbaf01a0c12e43e617bff8b83a20d6a7","sha256":"37197dda29dbb96e40af80ed8e8edd245d560188702b563dfd1139522dfa4f04","sha512":"1fc4fe3429dc66d404e9acd963b9df1f6072293dcc461e9bff1c5d811b317a33ce549f07dd939b7f429cbbb0ba466cfcce86f46346258ea93262fe104595419e","ssdeep":"192:0N5L2NO1JnWnvU/PEcAX2XizepbrGpRaUX30ZWpwjA5F+Ps0Gg9skevyJ:aP1wnvwscRXeRtXaktw9te6J","tlshash":"2e22af0deb7cb510c29ab5fcc7dc3e80d23e39910a7d593c6c18b157813f624299aa78","first_seen":"2025-11-08T11:20:06.370275Z","last_seen":"2026-02-01T05:30:31.11681Z","times_seen":17,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/logo.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/logo.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 76471\r\nlast-modified: Wed, 26 Apr 2023 03:29:04 GMT\r\netag: \"64489a80-12ab7\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=POkx9XGWzIMbqnqsrtBNuBTQYFTAAhEhlIVpC1CYGoPB2iHwYGBR5OD%2FBoPbSwDMjbTqIg%2Ba5ye94KnLv53WNAP9VQiv%2F%2BA0igAcF3jxP4QouY4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd7aa256b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":76471,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 576x328, components 3","md5":"628d674a053bbffbc70e3e0954400c2e","sha1":"a28ad276502f9dad28f1a5d400aa96f290e0fa0f","sha256":"af4e05cd36385f21df84bbfaf118f5788c67ea5a1dbb0a7a5135f2647132712c","sha512":"e6199911af3749de1f10f26a379a698a75fb50a9626086dff8e9d4d53e0d55517dd887e26edd767d403a6cae16dc0df86005b6473e973ce557ff8e6478dc54c7","ssdeep":"1536:s2dwr+4bbnDiXXvvxiNsFkCYDH+D0AJOIoMNrHxhpkW:Tdwr7nDioMeAJj/5HxEW","tlshash":"7a7302bb9884d373e94e6ff069110546364f02e4705d6fad3b526d08becd8680ccc6ac","first_seen":"2023-06-14T17:51:27Z","last_seen":"2025-12-21T08:54:05.981756Z","times_seen":6,"resource_available":false,"data":null}},"time_used":841,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":475,"receive":366,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/ppzhanaa.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/ppzhanaa.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 4810\r\nlast-modified: Sun, 27 Oct 2024 01:27:28 GMT\r\netag: \"671d9700-12ca\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1ZCAmcO729CKXjE662jbvdtHD3XsHNfuy9Z3KI3NRkDqvbWk7xb6tqZJI%2BOrG%2F574NB17HPPT2gAWZYFyVbKnXAqA4QiWe8lHTvgC9H2PeA%2FhFk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd8aab56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4810,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 150x150, components 3","md5":"3b4714c3320986bc479d32bd3bfb0e33","sha1":"7a1c21db98d788cbeea050135977ec405148fa9d","sha256":"10eafa81a1ff186787783c625564b1b842fc8cd11f75f7cf67a497e4c3e60d00","sha512":"dc4d13fae5445082c05cc462d4aaca6e88fa0b213566240164064be8c0843afe16c50cf0e56cde66900c4d91f0d646ca9ecb668ed372d04537c040c9aafef9ee","ssdeep":"96:VHkBo31D9czYe2HMHYW3mcHY5asGbQx1BvFfWbAurnZtNqC:eClD9czOHcH23IEBdfWb3nZmC","tlshash":"fca14c48d7059621fdbd0771649676b4120e9e1efb426e9bc81435e80abe0c79c219d9","first_seen":"2024-12-13T22:22:13.245305Z","last_seen":"2025-12-21T08:54:05.979508Z","times_seen":21,"resource_available":false,"data":null}},"time_used":523,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":523,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/2hao.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/2hao.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 109112\r\nlast-modified: Wed, 02 Jul 2025 13:09:46 GMT\r\netag: \"68652f9a-1aa38\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4a%2F62%2F4SmX%2FieH3EWI2Agg1vV0bQO1uRZ%2BxtGUXXEDqnD5U4i3X7IFB0iUcrQOnAPJIMIebNdVv5R3b%2F0PWdLXBPiTYoQVCpIzsFORmrYgu9rbo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd9aaf56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":109112,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 120 x 120","md5":"24aea42f1c09505ecfc893fc34790a5d","sha1":"fdd1b42089055f653547fdf3b10a7f672d757167","sha256":"322885a9ea9d8ea0837c6b89af6a5561f83c2eb4963f70fb4c2d13453a1ca493","sha512":"143295a83b2d9fccc03fa3a35224e5d8ff11a91c11572c5b4fdaa6db30052f05588eb5382a95eb546cc93e73f49d80123780718fac05d157f68e483d9311611a","ssdeep":"3072:/wMSx2rwhSx2rwhSx2rwhSx2rwhSx2rwF:/wMe4whe4whe4whe4whe4wF","tlshash":"86b3d145c0ef7847a2b12d33655ef0faa6e24d852ce8c77b48a1434b618e27438b5d75","first_seen":"2025-08-23T09:29:56.236309Z","last_seen":"2025-12-21T08:54:05.980595Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1041,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":537,"receive":504,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/100chigua.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/100chigua.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 124441\r\nlast-modified: Sat, 08 Jun 2024 10:01:29 GMT\r\netag: \"66642bf9-1e619\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qHwyP1l65%2Bsml4eVIOKzw3qUwB%2BNLLxR4WwGBY9PLqoOq3mLag7EfmASqlIG0kQtrByeZofBsS%2BjNc%2BkCp5enautjyaqGYYMg2xhLLy83wX5bQI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac356b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":124441,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"9170ce00464f6ff4b835919f87f781d3","sha1":"0fc026e258ac1680b041ef0678772e44173317f0","sha256":"61298888d72038a3f366b4fcf27a2e00d2af742f5e1ce113b59b85bd824f4397","sha512":"cdd22876d60bc3c2f614656b45faaca3b804e1425630cdd87e6f2e403decdcc1bc8155f5d6064565bd9689e6c127197a0d4f80072aaf1617ef64885f815283bc","ssdeep":"3072:f1JCaBMDDqDfLvGuBvj1J1RHIzlSriVn02SQuNKxa:9JvBMHsfLJlpdIzlSGnL5k","tlshash":"d2c31237ab3ed88b2cab53914e699a1ff5acd3640c34d8f51ec4b58930702f9d122e91","first_seen":"2024-06-22T14:30:08Z","last_seen":"2025-12-21T08:54:05.976148Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1051,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":520,"receive":531,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/pqvtzn.jpg","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/pqvtzn.jpg HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 27783\r\nlast-modified: Fri, 15 Sep 2023 04:28:47 GMT\r\netag: \"6503dd7f-6c87\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L5EOYfDjv5vi2mBmH8yis4I4byWqOPghZ%2FVmeftuBNH8HSgD6VIk3R0v%2BakswjLTRroVGDeV7T1NoacGkg1kHT3WjeLkWHkZGkuMmcO4qMGX5Cc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac256b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27783,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 512x512, components 3","md5":"959b8da4d0e57855651602b568dc571e","sha1":"3a88114d5043f71a7fac107b7cabe9b124a18df2","sha256":"974ed5e565d164bc98e4e3a149b980000006bbb4b73d1981846af40653bde2f8","sha512":"a6bf4afab6090c2e0f32604f07f6e05cc28e1ca669a69e0f5fe128e29565e69b2a885dedf627d4e1eb7acbdb8affd5bbc441745ed6c26da841add1e9e9e15eef","ssdeep":"768:NwIXLu1+0bpKkXzzp0xw/5U1C7s2Cvz9i:NwIXLG+0NN0G/21CVMY","tlshash":"cac2d005bf9aeb82f7e7d33905ec2e4347e57911ee6f0a970ae92cb034065e50d111d8","first_seen":"2023-09-17T08:31:26Z","last_seen":"2025-12-21T08:54:05.98481Z","times_seen":6,"resource_available":false,"data":null}},"time_used":663,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":191,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/y9suc-ya2la.gif","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/y9suc-ya2la.gif HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 2571539\r\nlast-modified: Tue, 26 Dec 2023 04:19:42 GMT\r\netag: \"658a545e-273d13\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1nR%2FJbCxmBdRIwDxg%2FJJDRkrvdVa2iTJJhWOD23cCFXawFsZ2hC%2FMr3muah2kDV9G7KMaTDp5XFzhnElaVQsDH1ZQGEPTviZF581jB7gpSmVaX8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bddac856b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2571539,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 152 x 152","md5":"75823c9c0c8fd1ea4335b0d0e4aebfd0","sha1":"1eadc99e45b40e6477291c3a5a7d1058e0469147","sha256":"41557a7022c07bb4d5a727fedba3d2054e4c8f7a4ac775b8bd5d7d91a802eaeb","sha512":"8c2c4c4312e678bd42c0b49c8e9191ccedf678a1d8205523b64ca568f7241a6412b68212db397abd35088557eaae38c1ff219b1b3171d10d902d1c6ece3f4c7c","ssdeep":"12288:Of15pPZ3cs55Avj+jKMUNVLEt14OfD+XhPR9ArIhxIbPKY32Ne8Lgp6eqorTWDLl:U15pPZMsQvjyKMUNVchOhsJ0gHqMid","tlshash":"722523b3400a294de637b13a5c98d974276fbd993105814f8cce85d1eaf723de9a0d1b","first_seen":"2025-09-21T04:53:02.726463Z","last_seen":"2025-12-21T08:54:05.970509Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1874,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":533,"receive":1341,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/stylee.css","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/stylee.css HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 18 Sep 2023 08:35:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65080bbd-306d\"\r\nexpires: Sat, 06 Dec 2025 05:16:17 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 0\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GM2BcbWzT30HxHNKoTjhJvzyYj7ChfmyEFfMu3XD9t7IUyz8HEYtRglSkmTFLiukxwRTxHR6t6%2BfBF9ObeZd5F543SBNYZkAGesBA86%2Fq3w9bbI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a9530bdeacd56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12397,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (441)","md5":"5d4cffe536ab7ebba2f0186e7cca095f","sha1":"8c154948a22d9a29d7cd984cf2b301d49a1f2a39","sha256":"cb6f151253bdbb481ceca32d61fdd61d453d9cd20d7e929b370c12923c222b0e","sha512":"1cfeba4947107706d3e5e89d4fbd9fc881b83e55605738aa666a6e8905852e0d45164efeec8f3dc9579bd625da42536635cca4fcd4b1cca550d1915588cf4f07","ssdeep":"192:mitCItIwIOvhJo0eMwEgPD2E94+fx+gdzTHQOxhti:BOLRCC08zTwOxhti","tlshash":"0b42523165b0606fb07fd220f8125bdd32a4c04be7531badef69b97ad6190e91932b84","first_seen":"2023-03-08T20:11:10Z","last_seen":"2025-12-21T08:54:05.97772Z","times_seen":6,"resource_available":false,"data":null}},"time_used":395,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/mimei.png","fqdn":"kyrpnwve.xhydh204.top","domain":"xhydh204.top","tld":"top"},"ip":{"addr":"172.67.163.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl","date":"2025-12-05T17:16:16.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xhydh204.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 25 Nov 2025 01:56:32 GMT","end":"Mon, 23 Feb 2026 02:54:12 GMT"},"fingerprint":{"sha1":"A1:3F:74:74:C9:70:85:89:B0:D8:93:38:91:A9:10:9E:CC:7A:63:13","sha256":"57:88:F3:31:52:6D:89:70:86:A8:3F:F5:F7:F4:D0:16:ED:0D:8F:EA:7B:BB:09:26:A5:AB:73:AF:AB:1C:5E:02"}}},"request":{"raw":"GET /%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/template/lan/new/img/mimei.png HTTP/1.1\r\nHost: kyrpnwve.xhydh204.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kyrpnwve.xhydh204.top/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%90%A7/index.html?v=17649549755076pe1fbojsvl\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 05 Dec 2025 17:16:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 86697\r\nlast-modified: Fri, 11 Sep 2020 09:22:33 GMT\r\netag: \"5f5b41d9-152a9\"\r\nexpires: Sun, 04 Jan 2026 17:16:17 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H2wY5mtGDYE%2BXpd4KiZnbmCPZ%2BEJ9uXxjpUDJ9n0m4MrZknpV0fK2Hueh0aPLFvDXWO%2BudUzocKajXA9MNYb0sSbY0m%2BhLO0mrOkr7wia56oHOI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9a9530bd8aa956b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86697,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 501, 8-bit/color RGBA, non-interlaced","md5":"bdfb9f93bfe12541b33f75ffb1470cbb","sha1":"42fe97e5d942ee71757e406a03a3849e2cc2c9ed","sha256":"359dcacaf824836a2f064182617a4e7b7285cdef40b6fce6d3fe58117b74ccae","sha512":"e761937f9d151a245be580f643ed54632690121cedfa29acdfb82f6cdfe2957fdf520ce473365975931f03eae38f78a2c0a8b0f9556205eda0d4ab34fca82971","ssdeep":"1536:jOtdVqw+PZS0V9TFA6lW4R5AI6sgJTF5y3gA+teTqKBRlM77oULpRkFAUvRT0h/D:jOsw+bV5exNZAxzWwULpa6UZE/iA3","tlshash":"e5830218f94222f08590afb31f9931c2b49057d661e983e28eb4dbc2d1ed2b32dd1d95","first_seen":"2023-05-04T09:35:00Z","last_seen":"2025-12-21T08:59:15.923464Z","times_seen":19,"resource_available":false,"data":null}},"time_used":875,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":481,"receive":394,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-05","alert":"Sinkholed","trigger":"kyrpnwve.xhydh204.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}