{"report_id":"953b4ba2-f2ce-4056-afff-e16821bd0e15","version":6,"status":"done","tags":[],"date":"2026-03-12T13:06:03Z","url":{"schema":"http","addr":"u95f.xyz","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"title":"welcome-BET365","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"u95f.xyz","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":0,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-16T13:06:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"rcf-img-hk.gasdg646fs224cn.com","ip":{"addr":"104.21.20.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-09-06","domain_rank":0,"first_seen":"2025-12-21T10:04:01.269891Z","last_seen":"2026-03-09T00:41:39.313519Z","alert_count":0,"request_count":1,"received_data":222573,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"u95f.xyz","ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-03-06","domain_rank":0,"first_seen":"2026-03-11T22:32:39.34531Z","last_seen":"2026-03-11T22:32:39.34531Z","alert_count":400,"request_count":80,"received_data":6501793,"sent_data":40691,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rtt2-img-cn.hb-zpod.com","ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2025-07-02","domain_rank":0,"first_seen":"2026-01-22T17:50:36.341318Z","last_seen":"2026-03-08T10:30:20.254577Z","alert_count":0,"request_count":68,"received_data":1590169,"sent_data":33451,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"photo.365live88.com","ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2022-08-16","domain_rank":0,"first_seen":"2025-11-02T03:06:46.95373Z","last_seen":"2026-03-09T00:42:20.207105Z","alert_count":0,"request_count":60,"received_data":2456768,"sent_data":28680,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"cc082b0ab6ff81d400b562683a0bfe0e","sha1":"8f0f379b9d23cb03b67e6c1639957887b836dd75","sha256":"3cf06ed5d08ddf527c14004e765a03425b315c43679d2e10498ca7e5b3aa34ee","sha512":"0323db814be66229a2e38e29f1a3c538af88e2c8e93d622642d44ec7906590801da09d5434344e6e0c2285e5bf0ebc38103833d91356ea9a99aa966a0e6402b5","ssdeep":"","tlshash":"0d31e3296db298319423313a176bf3443535c21b314ddf003b1cc754af24daba532ac5","size":1552,"data":"","first_seen":"2025-11-05T12:10:48.372322Z","last_seen":"2026-04-26T06:01:10.146593Z","times_seen":1068,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/config/initGeetest4.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b773fe272ef2f3dc7c7e443cd8a0e98","sha1":"8f81f38f03c362533ba34d119215bf83b7574ed1","sha256":"9bb8b869af3ceacb9261dc2cb9165d2716b150bc35ba9da63dd23674fe0773b0","sha512":"e0539af0bc1ad92c1799b6f5c0c759a68537b8063730bd0577aec9f7cf620d34cd166bd5a15c25d89cad49d80f51938b6072c4aa27d07f010e6aaa83ce6e3c5d","ssdeep":"192:hN3ar8HuCDoNu5dq+ExNiqc4K25MB5VsaiQxta4SScQVy8QRHIqaawzjTki59r8Q:fJe61XHlii5aI2PG4lyUIVKQTwwPlB","tlshash":"2562200d68f750a35553b43c8b9f6014b5388a93041cde41be9ce394af9843d9bbabdc","size":14854,"data":"","first_seen":"2023-12-16T04:09:07Z","last_seen":"2026-05-23T23:33:57.437064Z","times_seen":2855,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/home.1766990974022.998896de.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8bacac497f9be52a02d18cf99149b05","sha1":"f8f89cffb680291adfd025ba978a443a787d3ce7","sha256":"df8dc59a9712f222386b9765f85997e542198fa52273a87aa4ecd7a39d5c21fe","sha512":"9875a290884d279373f4d56ce6ad35dca0f9fa892ce09e1ee5a186d3891156804e7b2b5bbb677eab9c968077b84d6a4a6cefe4562824383ea0f640808d420505","ssdeep":"3072:fjKkGySIMrCwiYJRuoCQuF7plGvQJLhxffj7TEOiGRA3:fjKkGySIMrCwiCYjFtzffjAGa3","tlshash":"2b141880b5f0e275976fc2b7d7375024b2271686d0ccac60e1f66b187e18796b236db8","size":190888,"data":"","first_seen":"2025-12-29T19:25:02.049392Z","last_seen":"2026-03-18T12:35:38.947058Z","times_seen":766,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/7653.1766990974022.5eafcc69.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d283135e5101d3f0042a27eb2374eb51","sha1":"f7b88d5f6416255b826d3919f8ff5843d156cec6","sha256":"15bfa2ce698074e989cc4f0b025005121ef3a2055fd1a771482f2c013be534ba","sha512":"613d7d37b74fc1f457581ee675657aa20d5638b511cd128d480d5af4101abf97c2396f459a0d708e18f836436806220176065aff82c97509c06cdb3014d5009f","ssdeep":"","tlshash":"e5311c58f69171b253af5abd873faa8be227849024ddb484d0a0e2e03cb47184833c1a","size":1523,"data":"","first_seen":"2025-12-29T19:25:02.024991Z","last_seen":"2026-03-18T12:35:38.975791Z","times_seen":750,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/35142.1766990974022.f3d30e50.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f2b45aebe46e87335a41a933bd6ada9","sha1":"52decab337e7945b551144884b42c36a8570a0c9","sha256":"7bc82b8b13e9449279a6e0928b8412fba3b9f7ff0fdd5007eb92d2dfbaff438b","sha512":"668bc6fe7df1ae1bb328a733a63427405f9c38ec6c553767e9075245a338dc49ef9202447e0e077fafcd3a78cf202533242c58dee2cf3b1a1a51ad27a0cc7045","ssdeep":"6144:fjhhkpltqniyveBHlBfb04ae7Ancbt8ZijKfILToSlthWe/futUDhrRtZYD5jMDq:fjhhkplwniyv0HlBfb04aaAncbt8Zija","tlshash":"c0644c84b690b17883af86fb721a9194d24d0e9460ccace4f37e6e40bf15746b8775ec","size":336752,"data":"","first_seen":"2025-12-29T19:25:01.951652Z","last_seen":"2026-03-18T12:35:38.955057Z","times_seen":762,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"5281f83487c386b7836c0a61310eee71","sha1":"b69aa5eb7750fa2d18540f7a8f28dab10d4b2631","sha256":"5c4f27503b020517fa4d8a831ce6ea7c9b425cbda5603e8e6ce9119aa406cea4","sha512":"4d7ca7094121bc51fd7e24de7f2b9218624f1c7c2b5949e25ad2be53f4b1babc0ac6265a9e20acd2d51fec4e844baebdd7d1aa300a7f52f3b360bf36a8979ca2","ssdeep":"","tlshash":"5c8004047d5d50540000503014740c0d5c133c57403f0314340dcc013fd5c401447441","size":36,"data":"","first_seen":"2025-03-03T20:54:16.013922Z","last_seen":"2026-06-06T14:57:21.048902Z","times_seen":2929,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/index-a3dad144.1766990974022.1a544bdd.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"efa54c860a536b60fdf5b638ba8b863f","sha1":"a188b32740e279665b35921035cb658f5cbed86c","sha256":"b7ce24396f8d32b57b152c615edb2f6d3e00220862bcc82830ec6f6b534957e6","sha512":"b4dbace499344c2b66bd47714666eed1d5adc156181364c0965a44503a633f0da071c8e16289d806856177a1f9efe7560f4ff595e6e450110ece10f5910d205e","ssdeep":"6144:Cy1d7gsbhFOuPhkiQBpryMzr4UG3inyH6oYlRly7mq904ewTl0sv:1zJeiQBpryMzr4H3inyH6+7p905Av","tlshash":"5d743c94f76ce1bd875e55fe793290a4902c1b41a0c89e58d29d2904ff6b385feb08bc","size":355899,"data":"","first_seen":"2025-12-29T19:25:02.066629Z","last_seen":"2026-03-18T12:35:38.998945Z","times_seen":753,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/configPage.js?v=12/29/2025,%2014:54:16","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","size":949,"data":"","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-06-06T14:57:21.016221Z","times_seen":1700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"49bea4e1330b9d3f17c1c143ce23cb3e","sha1":"3a8874032b5979ba1fadfe141c0ebf28baa32fc7","sha256":"07f2a8f457d336c5a0cb2267f53a4be2676d30140da225305675f4b3957eb68c","sha512":"9cf0ea9cec23fb496db40aae14fe1df1a305d4a847e23a724645052c742a5995250f9d7f3f0584d3226aa17c6af04201f72cf7fca01bf4c788df2ab4cf488ad0","ssdeep":"","tlshash":"b580040cdc5544570000501014500cc57c170417453f435f750c04451fd34700007c40","size":36,"data":"","first_seen":"2023-03-08T15:23:49Z","last_seen":"2026-06-06T14:57:21.049776Z","times_seen":2996,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/45540.1766990974022.6eafe8c7.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d1846c416bac16af02010672cc3585b1","sha1":"ebcd1fc73376c9dd9ec3100b2ea3e01bac63492e","sha256":"1c2fa739a4d6e6bae9784a1b6fd178ee9bdcbe634e8574831cf098f5c91f1903","sha512":"1148b8f2321e159334011fc7e18b96d3174be8237079a0afc666d41d1a3a8363dbc8919c6260bd2b6ff383f8b3d2cccce6f65f7af535186c3ddd33ee6e7cf5ec","ssdeep":"6144:3YD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:3YD4wFsYiSAKNH3TY5","tlshash":"fb24f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","size":229344,"data":"","first_seen":"2025-12-29T19:25:02.037855Z","last_seen":"2026-03-18T12:35:38.946169Z","times_seen":773,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"0ce02dcf11f1634908b4afc4e1bcc632","sha1":"f8911bd806c6ddd3daab7f3eba10081d7af38f74","sha256":"46c7be5f428c72dac25551dbcf74f494989a3cf773ff04f9e115e15ad7dc2893","sha512":"c4f56e0a143f096a106956d55a60f07405a2418d8eec9917a027d0ede74e7119884002051c598445519ff87ad5526d035c221bbcfc65ce817539e6162f157ac3","ssdeep":"","tlshash":"1901735d483748107b2225bd537f5045f1a2516f9e87cc103c1e5b00eff48a72591bd9","size":750,"data":"","first_seen":"2025-08-16T16:35:14.594808Z","last_seen":"2026-06-06T14:57:21.050638Z","times_seen":2521,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/chunk-svg.1766990974022.1e4dfc16.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"60ea8e82c4faa8daca2d833fb2853bf7","sha1":"526b96b2b45c8cc703e954cb89bb96025db0e7d3","sha256":"333f43aa9716e828751498d9a23a98931d609433d99f21790f93e9a797a0804a","sha512":"9f65be830d9cedcb63ae71c67467a827a3ad8006111236319758846e2d1700240e15905590503182b6348712dc50bdd20e7c21ff90503d80a53a7089a490973e","ssdeep":"3072:z8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:z8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"b6a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","size":464052,"data":"","first_seen":"2025-12-29T19:25:02.023641Z","last_seen":"2026-05-03T15:34:10.263068Z","times_seen":901,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/45734.1766990974022.46beea1c.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6675ff76d02bd84fb70a04efd95555bf","sha1":"86816f3beaa77375f912d0bc267d2cdefc2d06c8","sha256":"3836d5ea61c1cb9e246a44e6e3e44ca82072ae7739b2031e8d4ad4b63a8700f1","sha512":"9eb57d8cc6e916181077e400403f4a46648019c71673b148ee5ea1a0ef590a1f4f8f585edb2eeaa015bc58eb31062f7d6e5ccc12a898eeb94bb848e95af27276","ssdeep":"6144:J/EFTU8Ra90Jjytg7DiQPkcsz1h84faSDWidmVHrqZL:5y/jytgPJP484fa5VHryL","tlshash":"35441c84b291f0b4879b42f7922b4055a17f48a130ccacb4e2a5ed90be7555c927fbfc","size":277026,"data":"","first_seen":"2025-12-29T19:25:02.054222Z","last_seen":"2026-03-18T12:35:38.997066Z","times_seen":773,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/13575.1766990974022.cda1d494.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a7061bf893ceb7b8858369b1bdbbaaf","sha1":"b0d17fc8e788a44ae0761f0785854361d4d33cab","sha256":"bee1942210529f54e37a6eef13dccbded4b1df2608bac08038f5582d4c0228b8","sha512":"ca0e19eb2ad0a2ee4cb43253cacd0885db324cc9d5237b10bc32b02c4785a840efcb165322ec5b9bfbbb45c5edd861982e50b822b2b5618adbcab67dec33c75c","ssdeep":"1536:v17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:pjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"47141a84764170b8c396a165322f601ae22f789650dd9c24f3789ba47f7470df26fabc","size":194938,"data":"","first_seen":"2025-12-29T19:25:02.046163Z","last_seen":"2026-03-18T12:35:38.967617Z","times_seen":773,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"bc8a294899b949ca9677d96ab1c49745","sha1":"983c5ec164a83ee42e930da5b41946e6b0884dc6","sha256":"1f235d2a99775c3e5208abb2a05db1d9b6da61997a61ca5f7acb6ecb63caab29","sha512":"544b86acb0f595a5b12b887d5270444b63e23af877db68c8bce9ee5c66b37de75648eb9ea0757f899dba25f6376013beb278c9c8f801674f8886ae4368264e6f","ssdeep":"","tlshash":"4551b16d856684711db3346d2b5fb34835b340a36149de113d4d8f802f6895e82a6bea","size":2590,"data":"","first_seen":"2025-08-16T16:35:14.597318Z","last_seen":"2026-04-26T06:01:10.157524Z","times_seen":1785,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/chunk-init.1766990974022.833a06d6.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bfe603e28e5e2ba4c2ce2eb194ad9e1","sha1":"da473d072f47cf9ea34b6b98768edb31d9bb43a0","sha256":"db49da0b3c77eeaabf0f5b7d950521830d16460c3d9b54a242d75cffc679a96c","sha512":"38d2f08ea71d52b838495954f50f4e8abde57dcca9ff6078491a0ddc0bff2d49dd770f98e5db3bb8aaad7c46b35541e9f1b26fca853c152d5d3164e0a61c2af5","ssdeep":"3072:WtwqhOIKENB85doKa/x5wc0dB5/J+UUknCqd7ACifMur0g/C:fENm5ox2Br+2nCoAlfMu0T","tlshash":"c5441b98b3d171b847cb52e5622b1035f6ba1c933098e4f0d219ea947f3168dd52eeec","size":272725,"data":"","first_seen":"2025-12-29T19:25:01.962012Z","last_seen":"2026-04-27T23:33:27.866246Z","times_seen":897,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/chunk-common.1766990974022.b20784a2.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"657da8ba15087307d0d3c8f94f4392c5","sha1":"73912284b1ef5da9d41bf0ec9fbaabb80cf9ef0d","sha256":"399994a82be137a3b34fc0f3cc83467eebbbf17246f9d80ea2f2a3b13e439181","sha512":"26389c01730921e461d276ae09f9b75fccc8b2d10670b734ae5356dddbbe0e444abd440fb1f7409f8a9c16f24c4d52a9cd845ccce89de4eb31321aa1f98f48b7","ssdeep":"1536:KZVB2bnNcdWUa2UTo6oryXHuLmbErF/G7D1dMI59HLui7TAN/voVGAClVbGD3tFZ:KZVBM/To6yjFetHLui7T4/voVGAcgD3t","tlshash":"78f3e8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade6bf19704a436ca8","size":159814,"data":"","first_seen":"2025-12-29T19:25:01.969149Z","last_seen":"2026-03-18T12:35:38.951063Z","times_seen":773,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d053d2da6a5968d7b648d3f7360092a","sha1":"32ae5713edeb00288a3f8f3c02462a5d0ca9dbb3","sha256":"8896d194e4c39e87f52924073dd2d56b4aaab46fc9f7c56a57534545eef1d7f3","sha512":"01f9b63cd24ab6e0e097637341b78cda657192f98e37a39f0f75548f8fe0180418a86594df76858aee7d514282ac4dfb8263e1729ff325035897b841d09206a3","ssdeep":"","tlshash":"82f0a00e0ee548131963707a4c0f9201203b2513414eea08bffe9bb24f92a688a679cc","size":550,"data":"","first_seen":"2025-03-03T20:54:16.018132Z","last_seen":"2026-06-06T14:57:21.052203Z","times_seen":2993,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"25ba01da3f0b1b471747da4637862cd0","sha1":"0c5b0ce449b041467ab3bf825d2cb6c5dc9c8250","sha256":"5f9229d7d1276d1475836391ce453b7432244854be7368ae4c4c590f22789af0","sha512":"58d82418709bd36179a89dd6af167368c35512e8abc68ead43e9be0e5c5fd5027d83289b2ee30e6a211239b4d67790af51039cba61a54b4184e556741437c4a4","ssdeep":"192:K2wqx5Cvtib5XOQRzlaECoXZTAoV51nsPhwzvBa/id3+36a/E/97g6I52MdobsIc:K2VwiYwJvSoVXsp+pa/iZcVk97g6nMu6","tlshash":"8e323b69a5b71bba25673036277f301889b080630319fd947c0ff61e4fa5436629bbe3","size":11906,"data":"","first_seen":"2025-11-05T12:10:48.37972Z","last_seen":"2026-06-06T14:57:21.052845Z","times_seen":1803,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/theme.config.4936a15d.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3eefb150c31978ff96b9caed5bec52a3","sha1":"09f43bfd4ba73f3544ff6fe3503094bd693ac339","sha256":"26c02d7aaa9d1bed7e205e4985d3a055ac174ef8b47401bf0f442125fe605010","sha512":"c2409eaab8b4f9a8ac2cc3319ad8ea645b7941b78798f06a2f4a85b6d0fa53a9a2dcf56c7ad9da22b18fc5db50bfda7c92404cd6ac44bb76d7d216522617313d","ssdeep":"1536:D2JREobVmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qUtlGu1Jnz45Hl","tlshash":"92b3cb7ae20c963a6137acbfb46ce111d12e9c0c9b1d5fdef13e10a25b10669c931de9","size":108069,"data":"","first_seen":"2025-12-29T19:25:02.034551Z","last_seen":"2026-03-18T12:35:38.977551Z","times_seen":773,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/64369.1766990974022.27cb8135.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"97dcd81c38d4748ab3b01f347191580d","sha1":"95f855ee66f6414c305d8c9824a8f5eb472dbd07","sha256":"1be23c69198990730392d8a8a8a57f2edad77b2504c75a6fe3b80af9be19f9fb","sha512":"725ac54fdb2ce90e1a8e84d73546d876f9f6c95b41ca879cae30ab4c006fb433df4bbb1b8f5db75215b050c819c4e7bdc18f8b25b7901dd5f1dcca72e17c8955","ssdeep":"3072:mHW7tB4Vgj5tNlxyU5YegxYffj7TEOiG1Zl+DJVkzEcx1nKR:mHW7tBwgttXxyUtffjAG1T+DJVkzEcxE","tlshash":"abf31bd4f2c070f6475f45f2a22b1075b26f4d92318c98b0e15ba6597f21a48c7abeec","size":158194,"data":"","first_seen":"2025-12-29T19:25:01.948268Z","last_seen":"2026-03-18T12:35:39.035508Z","times_seen":755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/index-399e2569.1766990974022.efbcb61e.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"24bb67dbeb8d2afbd7d6fa856f9c2dca","sha1":"aabb3efa021fe460006a5e2fb6df217aca1292ef","sha256":"223fe6ba819c217c1a57822076d898bd29fb851ab57bab682cc1a7f9fafd2340","sha512":"2cd1ede6589c4f6824cb333651d18fa00b70feae9a7fb59ef954ebbeb152335a292ffbc75dbc95e4e09a22a381dc3f807da8e6f14f49a4ef0cc3de106eb90f46","ssdeep":"384:pZTANHLDaZYVPF3PTxoyBvg0hP+ajx3zg5/zKJ59ZhfomX0NZ5F3oWf0Af/nYMtx:zYDaZmPNL9BvPhPB3UBzKpZiH5FYxAfn","tlshash":"1bb2b5e63392bda4c28f9276f23a68ecc53f9245c34fc4f8d264bdd479a8604a552784","size":23694,"data":"","first_seen":"2025-12-29T19:25:01.984309Z","last_seen":"2026-03-18T12:35:39.021221Z","times_seen":757,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/21954.1766990974022.57c97863.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3625ce676273a0a70a815bac91290b96","sha1":"d6228513247625005a157d90f69c76d8bc7e6117","sha256":"896205d739c30b1f7db4cedb32cc6e2a5bd400b8110242413f9b3aa4a38bc2d8","sha512":"ddb917ba3f43d4c69a85f9577dfde3dd511e31fcf2e14d1e08ad4b13f98ed17d02891440f9e45c1e3932a65785071f6aa004b766d1336eae7f8326270bdc495a","ssdeep":"768:7PeaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:n81R6Ipyk6o","tlshash":"b5132088fac2b06dd3eb733085bf505ae66a1dc0668c5438e260d6917e7198dc1fb5f8","size":41968,"data":"","first_seen":"2025-12-29T19:25:02.029727Z","last_seen":"2026-06-06T14:34:41.590114Z","times_seen":811,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba4d957ec99a023d40fedffe8f2c9132","sha1":"32e9e162bad0ea93fde3f137877e95bbbb574327","sha256":"24e8b158f0130e4778f80107b4c038c9edda27db68dd815e66221cc1fb5837b0","sha512":"d0e45e79632f3ec13d043d91c87ef458d1ded7256a3aebe641b09e205ccd00b863424342238a41b73fd7173eaf8a260640fb3110c8a48422ef03050b691d5e2c","ssdeep":"","tlshash":"0311c05a59d18132665b303735bd43887724a013d184df413dcc99557f98da5cabf6c4","size":934,"data":"","first_seen":"2025-09-26T05:04:14.419402Z","last_seen":"2026-06-06T14:57:21.054195Z","times_seen":1948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-06-06T17:16:32.640018Z","times_seen":228138,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/52388.1766990974022.12c3264a.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e86948330db087b0ff8d8b2c10a1195c","sha1":"85551bbd62e0a837262528ff2434ce5a0911ab25","sha256":"e02b29bcffda61f8d48e3417f664995c6a25e753a1ab5135ff7e976f6dc5adab","sha512":"a5180b78dd2336b77403f3a7f80385d91a4319cf844b6506196179eb1f42d63fbb866903c79c4caa654016e181b2ff9abe5f58789675752f1d69a33e9187b4f7","ssdeep":"768:f9VlWudig6TJVdiDnLfGfduF5dJQpvbDAwmprq2xd7QjDv1gyT8CpYCVc5WsNiU:/LUx/AXq2TlW0","tlshash":"5bc20a80d6b4f9fd632ec8a79a3a8464602637c5b0c8ace095ed6e887d4475774788fc","size":27564,"data":"","first_seen":"2025-12-29T19:25:02.02676Z","last_seen":"2026-03-18T12:35:39.044323Z","times_seen":750,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/31098.1766990974022.4108b3dd.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a188785e7d3e547e5590b8fd050833f","sha1":"071fe5ad95b47333131735b4d9d1353012ef9413","sha256":"359c1600b44cb779ee6c420d1b0966acc4d9a092e91efd7c57ebb9c2d30c607e","sha512":"6803c9195bc5a40dc91b78e88d750faa89094c9f72992b67dc9bac6955c04acb6901cc2f00d5f9d0b0a66b259391b7b27429a005283096b780901000b1fc8c0d","ssdeep":"1536:d+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:AKK5sY4brG7O3SnLJNpL","tlshash":"df74b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec96c446aaf8865e91857245c4da","size":352738,"data":"","first_seen":"2025-12-28T13:10:26.266169Z","last_seen":"2026-05-03T15:34:10.27466Z","times_seen":756,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-06T18:08:29.705123Z","times_seen":686809,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/65246.1766990974022.c40b56f1.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f72169b9753bbfd046b32e8a9c4c9d8","sha1":"76310a9e002235a02b1842b0ff3985e2bd53ef46","sha256":"26b88e6905d829b63d80a3ce48041e1fd4fe98923072fb1d19b371d117e41045","sha512":"05d8f29fd1ac787d4f27a2d8ee901437e310e0ca663822c6270d05c1de8d33a024e312797a984083b277aa054cde3c5995340a26c25bac74fa6c11b339bcfc3a","ssdeep":"1536:j2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:q+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"de73a501f78272384fa7e290220f2026e16e191505ac5bd8f179ffb93ef0954aa7d7b4","size":73494,"data":"","first_seen":"2025-12-17T20:52:09.055572Z","last_seen":"2026-06-06T14:57:20.976288Z","times_seen":1181,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/home","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"572cb94037fffc2a0a53b465972e15f1","sha1":"0d679b041a7c1ca45cc99e2d229fc2b86762838d","sha256":"6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35","sha512":"f7c4db7986d362b58ff4b4646cdeb71992c0ce28949773c4471915f2cc8828329445777e228ef248f508f721a33dfea3d5694bc7ec18dc6c00134ee23155ff32","ssdeep":"","tlshash":"e3800455714110004f57115050171c444030007155407cc011c0d4710d51030110545c","size":34,"data":"","first_seen":"2023-04-11T21:16:40Z","last_seen":"2026-06-06T17:12:36.477409Z","times_seen":85321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"u95f.xyz/img/away-bg.00d4ba2a.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/away-bg.00d4ba2a.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 3883\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-f2b\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338387\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: CCDB51C9-BC41-4DC4-ABCD-CD81D51AC854\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3883,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 277 x 80, 8-bit colormap, non-interlaced","md5":"ce3e5a71ef5dcf15c030882243e12315","sha1":"d4fdd1329ecac30941a67bd5108bad525c791c12","sha256":"3c2aad01ce2fce6463d6ed3bde348515922dd019d8a670b07b53d66b39c68d3d","sha512":"f6a55d8c079529988760a1c22541c097af159a3653f5ffe89c5c31ee20371f2c879c64797319f4176be77c821294f0f72d83ad77f2a0141203c857c8f987966c","ssdeep":"","tlshash":"6f815cf693e66bd0d5675106a3a14c89624d69d925a325530923f45ec3bb1ac02fe381","first_seen":"2025-08-29T11:05:53.10673Z","last_seen":"2026-06-06T14:57:21.022228Z","times_seen":1510,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":39,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 15:07:05 GMT\r\netag: \"76d1f22a14240df440d611d67b4d223d\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XRtdFpT%2BqZdSUi0cMwrD424M6GdidA%2BLpuTu5s7hIkcnNFjLtZLm5YrHEnwcV4haOz3WJpLYD%2Fdku%2BCIDY3ChXFYAAvP4bOR0VBc8cx0fUB%2BG3KMOX%2FI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba9b19d3c2-FRA\r\ncontent-length: 10174\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 7630356200454723422\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/css/61540.1766990974022.3004bb5c.css","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /css/61540.1766990974022.3004bb5c.css HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:35 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-5a54b\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320735=t1T7fT66rZ+YDhI9i8qP2DvF5UIxVxl0Aw1JcilzJiPh0k+Zu02i5p98hRUuWF7m1qOUGB0OXG70qMDmFN26RR4pGNIKl++AlxemLPuJb4yF8aQIPOc+pofYlVRAdlm2pz6bL5z5R16vsbw7SYGeZY2KZVphxgDVkTXcWPDu1/QBQD9v1LjxtJUC87BmvCSZ\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 58D27F6B-E26D-4F46-BE7C-D231D74E9F23\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":369995,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b2e0bdfd8cc0fbb9a94102f7c5f043cd","sha1":"cbd073bc4cfd10187bece292e1432d74a6ce08c3","sha256":"ff06db71ddec6372ed5bcca9a110b7dac47f58d7de95a85c5905cbf6f674b2c6","sha512":"59df525ee789dc8ed111e8a8db4efea2160ac4e20a4c88e0f8f29484cce66e7ad8d8369ec88679ebc01258681f4ad58e8001ee7fedc1a4b7a20491463fc2ced4","ssdeep":"6144:z4+4r0H8Tu4+4r5cRlGuEQUQ929scKGnpTPIloD:z4+4ZTu4+4FKLloD","tlshash":"a674fa6caf10307e15a7cb27b6a0f5589c36a443f9bfde9af3a53d580789a510623c13","first_seen":"2025-12-06T05:02:16.140196Z","last_seen":"2026-04-17T19:28:42.549104Z","times_seen":831,"resource_available":false,"data":null}},"time_used":1122,"timings":{"blocked":231,"dns":0,"connect":0,"send":0,"wait":461,"receive":430,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/heying.d446c85d.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/heying.d446c85d.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: image/png\r\nContent-Length: 1425\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522599-591\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nAge: 338388\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 676DE518-F9F1-4524-8102-8D9FBC8D0630\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced","md5":"c0d0c516850381dd1ca39dd94b08f21b","sha1":"54522affec52debd9c0bd3784f0ce9bf692f5d6d","sha256":"301cbb9a8c3fae88d732c8b8fdfe40113e3257831d37150e95564cc0f9b8fbe7","sha512":"6d6b1263f2de2b35237c784fd0aa127c469f8b6ebf347ff1987d791611d5b36f0909f3a81f9db6b1571756ecae60454d854e776e5ed782acbdfcce4fda2b9c86","ssdeep":"","tlshash":"dd213b5023742cd0e8ae3457ef12e5fdb823417994f8dd0c99b9bc3e84908b1057a48e","first_seen":"2025-09-04T00:49:32.953523Z","last_seen":"2026-06-06T14:57:21.025161Z","times_seen":1563,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":398,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_c0a34e2a-97fa-40dc-8123-594806696886.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:15 GMT\r\netag: \"d1b47135db7364aa1935061940e89ae3\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZGDS1LePpnvkXcp%2F230ZINmwQr21zE3b9yxJGWNO6xo3tikWubLpx%2FmAjK0SEsXycbtiopq1uU5gdqwlQ7poBt%2FeJdszu89B1kQTSJF3pEQ3SalLDPC3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba596bc244-FRA\r\ncontent-length: 13338\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 16693266740645527134\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":234,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/538f0788dfc848da9cdcdba0a4ccbe55?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/538f0788dfc848da9cdcdba0a4ccbe55?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 46634\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 89428\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"538f0788dfc848da9cdcdba0a4ccbe55\"; filename*=utf-8''538f0788dfc848da9cdcdba0a4ccbe55\r\ncontent-md5: 0w3AIry+cpepHkvAu1qdFA==\r\ncontent-transfer-encoding: binary\r\netag: \"FmtmR8FK_nSRis2Ao2PDqSSWT-xa\"\r\nlast-modified: Thu, 05 Mar 2026 19:15:42 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: l0Kw9uLNf\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: wWsAAAAuDvp7yJsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46634,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 255, 8-bit/color RGBA, non-interlaced","md5":"d30dc022bcbe7297a91e4bc0bb5a9d14","sha1":"6b6647c14afe74918acd80a363c3a924964fec5a","sha256":"a784ddd99a5c459a31414d88c771e8fea5f20902cb428e03215f07a38d69392c","sha512":"d136ccc5e520ad5fad36987638a06ccf2d652684159f7d479244b436054997c1c8e53907b459b6354faec4cc7014bf514bb0e5d123ef62b012946fa8d3346927","ssdeep":"768:7QhBojgra3BPEUMGScJiz1gRensGb/RaN7F9kVkU2MOp3K31w/0vLgj+QP0:7QRaR8UMLW9q/UzakaOtKuMOdP0","tlshash":"2e2301fabff3ce9e754df726aae84a5024b5f9f464c9b001b3814c32442a429065cd7a","first_seen":"2023-06-26T19:48:37Z","last_seen":"2026-03-16T12:55:02.140109Z","times_seen":211,"resource_available":false,"data":null}},"time_used":2828,"timings":{"blocked":978,"dns":0,"connect":251,"send":0,"wait":274,"receive":441,"ssl":882},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/058df5c653d0409ea7c5ef9cc7f08c00?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/058df5c653d0409ea7c5ef9cc7f08c00?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 91215\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"058df5c653d0409ea7c5ef9cc7f08c00\"; filename*=utf-8''058df5c653d0409ea7c5ef9cc7f08c00\r\ncontent-md5: H+dfgm2rQObonL6WHH6RFg==\r\ncontent-transfer-encoding: binary\r\netag: \"FiFqOdvsBqrwQoiBsgOF2RE_L_sb\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:43 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: TOs4oenpx\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: bmIAAABVswje4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":91215,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"1fe75f826dab40e6e89cbe961c7e9116","sha1":"216a39dbec06aaf0428881b20385d9113f2ffb1b","sha256":"165b67b66351aca4867741ec50cde8783d333736eebd4a0d5de6693ebfb3d86d","sha512":"b2159ea2676f0687bb42603729cd24c37ab577374318d1cda5006522f1d383ffeeec72c542ff47a5ec22a0cd425e4f911a5bb1921233ec23afa1f58b171b89c7","ssdeep":"1536:H1TKCNUg1/gVsNa/d/gE0Eh5nyD56XRBZErHcjX0nfRQmek8z8UFmDuZRNR4deGC:VTYxgE065/rZqHSX0nZQtky8UUsRk/C","tlshash":"849302a84131ce858eb519fb23f835e85db043b3bfdebfb2158531826257e0999b111d","first_seen":"2024-08-19T15:01:26.112647Z","last_seen":"2026-04-30T19:39:49.784682Z","times_seen":61,"resource_available":false,"data":null}},"time_used":3291,"timings":{"blocked":758,"dns":0,"connect":0,"send":0,"wait":1254,"receive":1279,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/184d58c5b6cf4438b3ece7948d256fbe?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.936Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/184d58c5b6cf4438b3ece7948d256fbe?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 5985\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 50726\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"184d58c5b6cf4438b3ece7948d256fbe\"; filename*=utf-8''184d58c5b6cf4438b3ece7948d256fbe\r\ncontent-md5: 6fY4+W9LgTJ6MSCIGp9a8A==\r\ncontent-transfer-encoding: binary\r\netag: \"FqKFAafJNzUg4wrm-tosP4MWRUHA\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:04 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: zPCHS2QZI\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Aw8AAADEiCav65sY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5985,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 179 x 179, 8-bit/color RGBA, non-interlaced","md5":"e9f638f96f4b81327a3120881a9f5af0","sha1":"a28501a7c9373520e30ae6fada2c3f83164541c0","sha256":"987a3baa2fdfdc872f6b5ba040d9afbb48e0767ed62c3fff4f8d1a24ad3869fb","sha512":"c58665e068d2c82fb9e7ded516fff4244853035f814b7f7afdbafaa9417616c5c890cbaa7879ac95401c0fc1158aa7c984fa81ef66e7e436f1cf5be9ddf4febd","ssdeep":"96:ZeChTFtuNHFpKQ3+lMsIg9YK1aK4vulkZjwVRDjWXh/UJ6Pr7WPQVpl+M:ZeCxiFpKQU/haK7fRICZPQsM","tlshash":"13c19e374ae472226addc0b2115dd2b85eba97ed033a6ecc4d1dc525f7a33098ec60d0","first_seen":"2024-08-19T15:20:18.579068Z","last_seen":"2026-06-01T01:06:48.212171Z","times_seen":231,"resource_available":false,"data":null}},"time_used":2159,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":1551,"receive":418,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:32 GMT\r\netag: \"16aab0027c0128d815e6dc1bce622be1\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pvz11IGt5NkUUACF5WwhdL%2FWjaX8MWskXcKCmKkMgTMcx%2BMyhYIB3P0lJP9IZ8ckXbi7X%2BZ7JSzjc9R3jzw7KO6KPh7ZwUZVL0qWPSZ1wj7URY4iXwCF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8f143a4a-FRA\r\ncontent-length: 11602\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 2463171248897576784\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/21954.1766990974022.57c97863.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:37.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/21954.1766990974022.57c97863.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:37 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-a3f0\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320737=B1yfjwA6cJ6C1du+jzEVQBqVY9it0e349RQ+hx4MwGGhiOMkDy3XxWzdFfdMaPHXFBI0u9OrFieBd38uaOfLAUlNknum2GZEGRClo0vvU30FlhFkPI/B/HWCid42h4dsqccy/KLz/ZwZUu0NcML3l+98pn5t+/PCnPsIE9iSonqCB/gVbxaXbKB5UhD9y2bH\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 8BC1F655-5974-40FD-985B-92FBA597C857\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41968,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41968), with no line terminators","md5":"3625ce676273a0a70a815bac91290b96","sha1":"d6228513247625005a157d90f69c76d8bc7e6117","sha256":"896205d739c30b1f7db4cedb32cc6e2a5bd400b8110242413f9b3aa4a38bc2d8","sha512":"ddb917ba3f43d4c69a85f9577dfde3dd511e31fcf2e14d1e08ad4b13f98ed17d02891440f9e45c1e3932a65785071f6aa004b766d1336eae7f8326270bdc495a","ssdeep":"768:7PeaSfmzKrMdvf0eMQ/96loumY1PI1yBK9LudEz+yUy51y9y0yk6Dio+ILqpTeY:n81R6Ipyk6o","tlshash":"b5132088fac2b06dd3eb733085bf505ae66a1dc0668c5438e260d6917e7198dc1fb5f8","first_seen":"2025-12-29T19:25:02.029727Z","last_seen":"2026-06-06T14:34:41.590114Z","times_seen":811,"resource_available":true,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":255,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/assets/logo/favicon.ico","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:37.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 58278\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nETag: \"68d7cb3f-e3a6\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nAccept-Ranges: bytes\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: AF745D4D-4EF6-44A5-94A4-B7D2312B4A92\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58278,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"7fb9203f2701deec1371d2fd0ddd079a","sha1":"a7d4ea5f1c3d103aaa3c078bf540b56404aec0e1","sha256":"2a342dd0f9977afb12227889cf13ff008d4cf1e9a4ca07fb4131d14af05978d0","sha512":"964cf7794a7b72bb9515927efe748563b6d46fe122b35baa4c7f57fafb09ea759e5e759a3000d385872218cdd08383a58a2b66feb9a712e6f3e9a06cc87e43b5","ssdeep":"1536:e7V6OVB39Hdm34GeF4KERayBlZ3WgaOlblY4+:e7V6OV7034GeFERd3WgaOlbGN","tlshash":"af43f10a258e86c73047c3921b2dc09b70d12c776b8daef9e6bc4a5816d54731bbd1ae","first_seen":"2025-08-29T11:05:53.165834Z","last_seen":"2026-03-18T12:35:38.966648Z","times_seen":1201,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":22,"dns":0,"connect":0,"send":0,"wait":375,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d15fa5bcd0e84f998664e3e5fe63f38e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d15fa5bcd0e84f998664e3e5fe63f38e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 48789\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 54335\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d15fa5bcd0e84f998664e3e5fe63f38e\"; filename*=utf-8''d15fa5bcd0e84f998664e3e5fe63f38e\r\ncontent-md5: ZKITy9OcCYV5AKbUQrVRfw==\r\ncontent-transfer-encoding: binary\r\netag: \"ForZ00o-ImrgIdjI8zt5FQBj-MaV\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:59 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 84vPWFsrG\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: P3EAAADUielm6JsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48789,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"64a213cbd39c09857900a6d442b5517f","sha1":"8ad9d34a3e226ae021d8c8f33b79150063f8c695","sha256":"858d08437c353a67626209c34f03973e6ea9dd169caf08dec8cae4ed129e933b","sha512":"53f15742a3329f65ed82a4b5a913d1ad7123c5586d3b36c131b77f9c1e9b161da7587f2ce1ce0ff19b857faae04290e5944f1b57fcb0cbb20d0151b1b80203ef","ssdeep":"768:UH3HeN8BdIVourFxHCqjOO0lGNthwI7VknvPrMUJvGk9uAw2NYOjbycQqzlhSt6P:UXraB7tjd0Eh7VcDOk9DwIHZQqeOKZBC","tlshash":"ee23f14dd332d4e1192318894f0eda53f81e374109bd9c709b1d2efa569acaadf608e7","first_seen":"2023-06-18T16:15:31Z","last_seen":"2026-06-01T01:06:48.337683Z","times_seen":109,"resource_available":false,"data":null}},"time_used":2813,"timings":{"blocked":336,"dns":0,"connect":0,"send":0,"wait":1252,"receive":1225,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/configPage.js?v=12/29/2025,%2014:54:16","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /configPage.js?v=12/29/2025,%2014:54:16 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:35 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 949\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:25 GMT\r\nETag: \"695225a1-3b5\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nAccept-Ranges: bytes\r\nServer: Nginx\r\nX-Safe: 1773320735=t1T7fT66rZ+YDhI9i8qP2DvF5UIxVxl0Aw1JcilzJiPh0k+Zu02i5p98hRUuWF7m1qOUGB0OXG70qMDmFN26RR4pGNIKl++AlxemLPuJb4yF8aQIPOc+pofYlVRAdlm2pz6bL5z5R16vsbw7SYGeZY2KZVphxgDVkTXcWPDu1/QBQD9v1LjxtJUC87BmvCSZ\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 06655A19-D7F2-4FF2-8210-037B57DD7FB3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":949,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (917), with no line terminators","md5":"e6aa74bb352ef198ba3e1c9a4b01b014","sha1":"2ea8bd6b5045475a36432f7665a129728e822d9e","sha256":"73828e873c0b6e847b37d78941ca436247471dfc90a12f743964f869f75abd5c","sha512":"2faaf24fdf1e4da637af8e9f82d1778bf061b00752dfca0c8f73432ba236a7b69410a7ad2a73727bc83e6cd631fd6555c3cc0d9d3a5d8a7f81818dd66566011f","ssdeep":"","tlshash":"be117aaf57444dffcf1d7e00a08b0a5ea8bc61d261889d4da8e9cf29e1c99002378978","first_seen":"2025-09-04T00:49:32.949926Z","last_seen":"2026-06-06T14:57:21.016221Z","times_seen":1700,"resource_available":true,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/css/52388.1766990974022.023ec95e.css","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /css/52388.1766990974022.023ec95e.css HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-10ce\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 8FC3072A-FB77-4BBD-9122-8DEA979AA227\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4302,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4302), with no line terminators","md5":"4efa3b550af4fa3ebee130f514631a7c","sha1":"52f29a161a644ebd6eb64fdc07b98e62115eec6e","sha256":"9b87a918545ad75490c79272f4c435c319793820eef518ca60893ba92fbbc8cf","sha512":"096e5f166461728d63ce720dec1310e40390420bfd76d5d13406ad6f2720a55ef6131fcc40f021c6029eec962a1315614a0c7cae55717e6d3466bbabd48dfa43","ssdeep":"96:k8WL6Lfl5F3fPFqNu9h0ShU1ulYUsH270RHeO5k0IWlLBUWl1dLIrEjWm//:k0Lfl5F3fPFqNu96ShU1ullsH270RHe4","tlshash":"2c91124bf89ca23f58bab7ac59c7a55da45644059b270aade31c35e0438b4e0c133eec","first_seen":"2025-08-05T06:40:24.237782Z","last_seen":"2026-04-26T06:01:09.995598Z","times_seen":1255,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":227,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f8306425eba6e0167bcdb25a31b67ec8f","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f8306425eba6e0167bcdb25a31b67ec8f HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: dRi9JZUhzCI0Pl50yBoxaPnl17mDnpeYP2l6KCo18MO1fgkceMxTOmGSAfBlA01FvIoat7f2BqIRzzJmFVNTYINSLptFwBmUO32lpXOmJ/drv037vJebrM5bxSLkEisr8Nwmfl5RWPSaoWEgL1XDqDoMRE920Tnd4FaX9dPyfvQ=\r\ntimestamp: 1773320738740\r\nsign: 4v2vgv4v3p511c1m\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:08:38 GMT\r\nCache-Control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: BB9E2956-C791-4819-9100-96A06F63241E\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3604,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"f11ab34cb2773073ebfcc533876b0655","sha1":"2e1539927f801ba655213943cdcc0fbd50698f6a","sha256":"f3cdd0417844d60e9875f0df0a5afe8e499b6e73687bf94875138ce853c3dc40","sha512":"5802add8254494af48e8e96249057ba362e570eb55bdb864c5f8dc4eca86382bb106123deadf638a45d5e3677f4dfdee08e7a7cf6d449168c91ee26e076408b6","ssdeep":"96:eOGS7hTEA2A78Igpy+xzD7RYFcraoihq7UHSMV3dYFpYVudeRTIdEJBFes0FGYPU:VP7SjA7Zcy+xzfC2raoihFdFV0eRUSdJ","tlshash":"8cb17c8fd3355730e2111bf9d841961649932f8ed29a6a66c675892b9770adf2cccc02","first_seen":"2026-03-11T22:32:23.011083Z","last_seen":"2026-03-12T13:06:12.636642Z","times_seen":5,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/EGAME.d289cd48.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/EGAME.d289cd48.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 59546\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-e89a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338387\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: CC2DF950-7C5B-448D-AE94-FDAB66ACC3A4\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"eb8991eb9e0db175522c914343f0a10a","sha1":"ce2d41b154df64421d46bceaeb9878da455592dd","sha256":"b837b4e9fc693e5c65eb049c56547caefe1cf73ea31ae59f95ae46d052fd36b2","sha512":"7d2a886e3ac412f6ea1b1ba290064373e1d07a0751bdd7f546af3116ad057d1f17bbe4847179cdf87297a967c0290280ec0c51ab9bfdeb1da0b881e366eb19a8","ssdeep":"1536:hvA9R/SReJczzaRBd6s3DhCDnQcvyFVWGDnmhKYNa67:hIPVczevUIhCDnQc21C7Na67","tlshash":"dd430276882a8fcd499304944bf9afe164eaf19097b3cf91f24c5fe0423d184d881b6b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.993119Z","times_seen":1495,"resource_available":false,"data":null}},"time_used":1287,"timings":{"blocked":868,"dns":0,"connect":0,"send":0,"wait":209,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_3340babe-d86d-4379-84e5-92efe2221568.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:31:50 GMT\r\netag: \"1e418083b3908fab83f51851eb4f3ad8\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=auj73nRUTmdMXet39aEeb%2FvqX5Czt1qFplTpITk7SRwdsTlK38MNahDZyFf5fDWIs7fADXwVlaXPFAnVAqbINRRrQX2g9wvyJ%2FWCyAzGDlkYHT4GaA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9eeca0230-WAW\r\ncontent-length: 69604\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 14286943476866197943\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":533,"timings":{"blocked":117,"dns":1,"connect":21,"send":0,"wait":245,"receive":30,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x422_936e6f39-c72d-42ec-ab51-2bd5a806c902.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:11:53 GMT\r\netag: \"00d37ab14a218ee3e9159457928d8d9b\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dzJ6qpTYYR%2FraB27waWAJ1iGXsU9xG3jlyTkkM%2Fc3QMXZ3W3DQEhTHTcGh6Yd9cc6ViawbReSB69k8%2Fv%2BKFjx%2FNx3WAKNpQKnvRH3RWYzlQmrgZgoO2v\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d040a437c3c923e-FRA\r\ncontent-length: 15760\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1797246\r\neo-log-uuid: 5349273843507040862\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_188684fd-5a0b-43f3-8a6e-b9c558e44ec4.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:20:08 GMT\r\netag: \"b45eecf92cbb685037d1e16bc4c092d4\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tAt9Vb0N1MUGiF3ExgnjR9Gm%2Bsdr5O%2B2EGsOVredHc7pwnWA8flOqGY5YZr9zBgwm1DRlvhn9ZL4RxbZossRfoI23bJfT5XsXANcJt4vCCu4NmYpZbWq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c5f0cdeebba9bfb-FRA\r\ncontent-length: 79930\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 9580130057583125884\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":515,"timings":{"blocked":106,"dns":1,"connect":21,"send":0,"wait":226,"receive":45,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202506/_enc_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202506/_enc_size1164x872_0e80d399-2c93-4f64-89db-61a96d3b05e4.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:28:29 GMT\r\netag: \"5e35bb3a3c455c8180a22aec2a512d23\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cJSZVoOzbW5RE127iLF11FOdvNP2cuMIcJ56U2AVRGgZVk4D5CEF0Or0FxqZieH750lAL1iaJDLNDc0vltJIiYdbukiXWWTuxdbTad2EdGlno3tVMh%2F5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9ea0b714a-WAW\r\ncontent-length: 112700\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 14743890491570844488\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":514,"timings":{"blocked":96,"dns":4,"connect":20,"send":0,"wait":273,"receive":25,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_ad0ed5ff-8fa0-4231-a619-ce0616ad2a8d.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:16 GMT\r\netag: \"398b754c93a3ed87a1b0eae0ff2bbaeb\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RWLfc1mrUc6pMENLJ9IxXEfQJhU5KkeyqtHjVSu3UwvVBpoJ%2FoYZ5xhHeqiG%2F41E0NtXPJhJCdguZcESivB9vfQPMQ4EIpLdrSUtXDtAGKlxd9dG5rlH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8e6fde10-WAW\r\ncontent-length: 43980\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 12897236251780059310\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":285,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_2cf32c0e-cd2d-4274-8e00-d67d14e5086e.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 09 Nov 2025 14:10:40 GMT\r\netag: \"2fc946187f7f1461045c70405bbac0d5\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8IL1npGptxHQRLL8t2cD3mGGiPlqIP8oCYHy81fdnUkAvCrdDuR3A5%2BhfjHlRPhYM28nvYdaGfUkttH816cZ%2BOmC%2BmS2k2aemDWrdGurdVGjCWmMJWfD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebad8eba0cf-WAW\r\ncontent-length: 7390\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 6084795740784837873\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/672ef5f6e824424281925f8e956422bc?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/672ef5f6e824424281925f8e956422bc?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 76093\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"672ef5f6e824424281925f8e956422bc\"; filename*=utf-8''672ef5f6e824424281925f8e956422bc\r\ncontent-md5: QjltGERBVuZAw3R2wrQbkw==\r\ncontent-transfer-encoding: binary\r\netag: \"FuDsNwVtqxeELOZYeMcIrIGPKUyd\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:48 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: LamuPctLm\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: e1sAAAAwUxPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76093,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"42396d18444156e640c37476c2b41b93","sha1":"e0ec37056dab17842ce65878c708ac818f294c9d","sha256":"b09876ef72fd33779fbc608a24faeafc15b7d244ed1e418f09049a65dfa2bc3a","sha512":"a5f7c936a451a81096fb16bb1840950793a02be5a35becfbcc5f07165a53a750c30075124803e5dc7485b841da1ff06912e880afcaf8cbe4a68e642559c9583b","ssdeep":"1536:nmRm767zGkUprhf2XchTp5uF5/ytZmVIMiKk1rcwGNOCB2+TMOAen:KhzApr0cpp5S6+VYrNCB2+TMxo","tlshash":"15730280b612be2ec0055ff6c7121a2f53f4f4da0b55d1304e78a48799cba878d788ab","first_seen":"2024-12-26T20:26:09.901909Z","last_seen":"2026-06-05T22:09:33.515809Z","times_seen":394,"resource_available":false,"data":null}},"time_used":2929,"timings":{"blocked":355,"dns":0,"connect":0,"send":0,"wait":1254,"receive":1320,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/index-a3dad144.1766990974022.1a544bdd.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/index-a3dad144.1766990974022.1a544bdd.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-56e3b\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 6D245AEC-CB71-405C-959C-1B0C82308B97\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355899,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64504), with no line terminators","md5":"efa54c860a536b60fdf5b638ba8b863f","sha1":"a188b32740e279665b35921035cb658f5cbed86c","sha256":"b7ce24396f8d32b57b152c615edb2f6d3e00220862bcc82830ec6f6b534957e6","sha512":"b4dbace499344c2b66bd47714666eed1d5adc156181364c0965a44503a633f0da071c8e16289d806856177a1f9efe7560f4ff595e6e450110ece10f5910d205e","ssdeep":"6144:Cy1d7gsbhFOuPhkiQBpryMzr4UG3inyH6oYlRly7mq904ewTl0sv:1zJeiQBpryMzr4H3inyH6+7p905Av","tlshash":"5d743c94f76ce1bd875e55fe793290a4902c1b41a0c89e58d29d2904ff6b385feb08bc","first_seen":"2025-12-29T19:25:02.066629Z","last_seen":"2026-03-18T12:35:38.998945Z","times_seen":753,"resource_available":true,"data":null}},"time_used":2155,"timings":{"blocked":1700,"dns":0,"connect":0,"send":0,"wait":452,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/index-399e2569.1766990974022.efbcb61e.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/index-399e2569.1766990974022.efbcb61e.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-5c8e\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: CBFAA53A-58B3-4B00-ABC2-01985FA935A9\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23694,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23694), with no line terminators","md5":"24bb67dbeb8d2afbd7d6fa856f9c2dca","sha1":"aabb3efa021fe460006a5e2fb6df217aca1292ef","sha256":"223fe6ba819c217c1a57822076d898bd29fb851ab57bab682cc1a7f9fafd2340","sha512":"2cd1ede6589c4f6824cb333651d18fa00b70feae9a7fb59ef954ebbeb152335a292ffbc75dbc95e4e09a22a381dc3f807da8e6f14f49a4ef0cc3de106eb90f46","ssdeep":"384:pZTANHLDaZYVPF3PTxoyBvg0hP+ajx3zg5/zKJ59ZhfomX0NZ5F3oWf0Af/nYMtx:zYDaZmPNL9BvPhPB3UBzKpZiH5FYxAfn","tlshash":"1bb2b5e63392bda4c28f9276f23a68ecc53f9245c34fc4f8d264bdd479a8604a552784","first_seen":"2025-12-29T19:25:01.984309Z","last_seen":"2026-03-18T12:35:39.021221Z","times_seen":757,"resource_available":true,"data":null}},"time_used":1986,"timings":{"blocked":1763,"dns":0,"connect":0,"send":0,"wait":222,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1280x294_3ce652c0-55c8-48f5-a72d-a300accd6573.jpg HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nOrigin: https://u95f.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:25:01 GMT\r\netag: \"3355a86fc0f4b383a45510e1270a1fd7\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0iiwzKE4oKMRWw0wVAFBe%2Bkr8FjGxqrym3X%2Bln2dXcDuaW3TgHokrc0U2WOY%2FFYsUrDbJpbrGaZ86qIaIEsDuhFjPsloUAp6mXMhCef2zdgVaZuC24dG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcf3c59ca9b5b-FRA\r\ncontent-length: 73462\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 8571416556957066905\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73462,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"3355a86fc0f4b383a45510e1270a1fd7","sha1":"dde3c8d2b82553cc1eccfc7b70e86a18a308a2fe","sha256":"75c93e454fc814e8aec32eb80b089d68c524fcbfd2aaa2ba9e8f706e16f55451","sha512":"3df1bc0718c0bcdc0b7b2ff62843712fda939cbe986a44e3dd57ad5c687ea9c8748445b7ad990b911c5662d0cfe63da3cb3e7d43a28c9fc5989a2303c82a22bc","ssdeep":"1536:dNU9iSoOFwtZ7MTOwbD5vjre3CDYP9B7/+wbU5yMNg7Rlbpecj:bU9vm77MTOwP57mCDY1cwQslocj","tlshash":"3e73028a87e1f2c32e756ce211792dad416066763f7ef6262ceaacb187604d54a04327","first_seen":"2025-12-29T19:25:02.003586Z","last_seen":"2026-04-22T19:07:08.754817Z","times_seen":846,"resource_available":false,"data":null}},"time_used":636,"timings":{"blocked":339,"dns":0,"connect":19,"send":0,"wait":39,"receive":2,"ssl":232},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/25dc11b2e46e4cce9510548b44cc7021?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/25dc11b2e46e4cce9510548b44cc7021?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 23341\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 53431\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"25dc11b2e46e4cce9510548b44cc7021\"; filename*=utf-8''25dc11b2e46e4cce9510548b44cc7021\r\ncontent-md5: BtSQjHBD/HqkumQzWLjXWg==\r\ncontent-transfer-encoding: binary\r\netag: \"FnPt0-sJWLGb-fkmSqAS80obM0HB\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:02 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 9J4hB9I3g\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: i_0AAADO7jI56ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23341,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"06d4908c7043fc7aa4ba643358b8d75a","sha1":"73edd3eb0958b19bf9f9264aa012f34a1b3341c1","sha256":"d3d78ff1c0363dfca6e8c484391b01c7e4b1af2bd7de82fe9824213d2c1b8553","sha512":"46db28eb4f3620e57a45fb784f70e9cccb66cd75032c68744b0aa796ee4b6cce1a0ef7f1862d51ecd63a8d42051e85a41c0a4beb59f5a73c5432b8b13b9fe736","ssdeep":"384:6Sn4Y4WNxtxEVsjiqdBGEh4Xf5eTROorVxgdWuYAPxTfCvBtByiHzAUZ2T8u1IT:6UxUajiqWEh4Xx88P9fCvVfH0UZ2hy","tlshash":"89a2e191f8374f77925446d283274b5f4c0ae1dd8707fc38eeaba4186aa054e8e13d6c","first_seen":"2023-06-26T19:48:38Z","last_seen":"2026-05-30T20:26:18.404598Z","times_seen":262,"resource_available":false,"data":null}},"time_used":2119,"timings":{"blocked":183,"dns":0,"connect":0,"send":0,"wait":1250,"receive":686,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/45734.1766990974022.46beea1c.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/45734.1766990974022.46beea1c.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-43a22\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 10EED955-409B-4C20-B82D-A6B15EC1373B\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":277026,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6675ff76d02bd84fb70a04efd95555bf","sha1":"86816f3beaa77375f912d0bc267d2cdefc2d06c8","sha256":"3836d5ea61c1cb9e246a44e6e3e44ca82072ae7739b2031e8d4ad4b63a8700f1","sha512":"9eb57d8cc6e916181077e400403f4a46648019c71673b148ee5ea1a0ef590a1f4f8f585edb2eeaa015bc58eb31062f7d6e5ccc12a898eeb94bb848e95af27276","ssdeep":"6144:J/EFTU8Ra90Jjytg7DiQPkcsz1h84faSDWidmVHrqZL:5y/jytgPJP484fa5VHryL","tlshash":"35441c84b291f0b4879b42f7922b4055a17f48a130ccacb4e2a5ed90be7555c927fbfc","first_seen":"2025-12-29T19:25:02.054222Z","last_seen":"2026-03-18T12:35:38.997066Z","times_seen":773,"resource_available":true,"data":null}},"time_used":2083,"timings":{"blocked":1358,"dns":0,"connect":0,"send":0,"wait":346,"receive":379,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor_nav_web_3.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_3.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 7412\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-1cf4\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 56A6DF92-682C-4B32-8501-11B9A5586990\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7412,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"eb94a297c215863d5d2232eaa67f4779","sha1":"d006f382f63ada4e4ef65d124a75eac2e4e72dd0","sha256":"6bd46b617bf27cb28fb798d50b2d6daa2aaed1a278ed50e9aa549b6e4fac48c3","sha512":"dc7759393acb5e7d1a635b4d91d73e84abc41fe6afde99a85a8e4ed6f4f8b1b5819bbcaa80b1c213c00c89df8b81db512a7bff142b24c50565ff1e6289f1a30c","ssdeep":"192:Sfq39wgHGYB1fcUWobKUUR6IHaDmzDxfbTow:uQ9gCEUWoWUe6DeJQw","tlshash":"94e1ad76a7f6d695a6b7908cfece94050fbba2722c6352762b7b8c02170c339525b411","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.971089Z","times_seen":1560,"resource_available":false,"data":null}},"time_used":3140,"timings":{"blocked":2919,"dns":0,"connect":0,"send":0,"wait":220,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: TNgqyLeM169nRC88+jZYqMIgEc9xPrCpr8wtRB1yDiRChMsXJ8LpiA9MK4Vg0GOu5S4YCYE3oY+4dNDKDFWHoHSo4OF2k6MnBswto3AKmN3IRX5wYU7Qz/2CSoReFFhNnOMoARYxvpl3A34jBcY1GrOS2//s2RdIPCMDyYQNNIE=\r\ntimestamp: 1773320738740\r\nsign: 7c7d577e18292a5b\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:15:38 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: ECE70280-C72F-4AD8-A098-25C5E9CDC585\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7007,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"e5e9152841623a71ce014748a66258b4","sha1":"3618eebcf4f89dbeca87662e1ac1da330797e24a","sha256":"020b977ee8bb7012d2087c5115e228b25a5a067dc03cf59a1e61bc1a9a9a6a50","sha512":"041ce54c3a63ef935e42d787f68108c4e2e24b46652735b8137fabdf46be121e8072283f675aec5a2355b28d556d3a225bda7695bd54af7e16dca00df3ab0b47","ssdeep":"192:VVeAB64LW4Ui/Nhb1BEd/3AgbBOUDq5H1ZvA/173aOlC:njBa4Ui//xy377Dq5D4973aKC","tlshash":"6922ae6b7341a7afcac003f7552683f87a09adcde37939b5e7b4c15136ce10a989c851","first_seen":"2025-12-29T19:25:01.977743Z","last_seen":"2026-03-18T12:35:38.961183Z","times_seen":764,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nx-request-source: https://u95f.xyz\r\nXign: kM7kftuLDNfd1lYfu5SttSHblSEtta5JpHt//AXcSagqQoztrjsz01X5skvX1N54Zzs3ULynxDI6f2vBUFhijez2dwPORt9bMYqGB9rSZchxaU7X6tap9V5Zl+rZU9fhzKyRWjuGz4VJoELOyqoRJocl7sR0r27nUxkjsYNx7Yw=\r\ntimestamp: 1773320738736\r\nsign: 4u1n184b2etj4v4e\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: E5C767E6-D5A2-4D5C-9B12-89CC8BFABEE9\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16795,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (16099), with no line terminators","md5":"6bbf7bf8e12798187c96e7af5e4b16ff","sha1":"ee7763f2d23727a28f45c0c94b556948283819ea","sha256":"9b558a550d0fc5816b7adfc4db81911be3952488d09ac8b2052f1db355a924e3","sha512":"ec545a334ea5a714555626be28fcd76d1b6934b400415751916dbb1a83162edfe12b859df55fd86fd33c91aa2308d6cca01a59d446e9a138e8e116639e80b345","ssdeep":"384:eAuwS1KpZFIQhfaWk91Pz5YqaSSyjDE00dhhNMuGwZWoqzyLMNcq8rcidrpgUnm8:eAuwS1K/FIQhfaW+Pz5laSPjDE00dhhp","tlshash":"5372bf9a81dd18991b8c61d16e5e3f4c847eb95b0a9eb5daee4ecf0820f83f75240c15","first_seen":"2026-03-12T13:06:12.648485Z","last_seen":"2026-03-12T13:06:12.648485Z","times_seen":1,"resource_available":false,"data":null}},"time_used":864,"timings":{"blocked":424,"dns":0,"connect":0,"send":0,"wait":439,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/ESPORT.4f4b51d4.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/ESPORT.4f4b51d4.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 65968\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-101b0\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338387\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: AC6D88E8-F125-4A69-9690-62D4A1040DEC\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65968,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"29610094acb703084f79c42c17547a7c","sha1":"3c824ba387e36bcce1a5f1d0d14b513fb278db9d","sha256":"8c3dc9ee49224eff4a37ec488ff0a413f3150ec7a62640a466a802750a573146","sha512":"db986acc62bb0d35583a1c298b468e1fa7869269c738eadc82b944b1a8f9b2c0723087db8a065d60495938e834337e72e3c438089d1d02ff90f4983e0d6461fb","ssdeep":"1536:ObUUUNbT8bJcHe4DyC8KLT/KKeRfm4AH7XAlzS7M2Z:rbgNcHwE/eshbE/2Z","tlshash":"b25302e1df60cb022efe65ca89acf12ae204a0a61476453f7a231d6f3744016af973c4","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.979021Z","times_seen":1497,"resource_available":false,"data":null}},"time_used":1176,"timings":{"blocked":727,"dns":0,"connect":0,"send":0,"wait":223,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/api/tenant/domain/list","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /api/tenant/domain/list HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nx-request-source: https://u95f.xyz\r\nXign: f1VET21IfPg3du7qTcJP9eoAWKXQUFKySCkKsPpmJ5gkFDkxLkpQDF8rMHiSpiIXpi9Hw4ZXnR4RcHyxdkwyVo0HaJlIQ65WtcTmI++ORMyJzKQSzv+8/z9PDOLTfuHglCHR0miyKkyhDAifcyfGqhkT64T0pborGlkUO0dKWHw=\r\ntimestamp: 1773320739530\r\nsign: il701k5u14102354\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nExpires: Thu, 12 Mar 2026 13:15:39 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nVary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nX-Content-Type-Options: nosniff\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 86994D8A-A2E1-4109-B544-F0140AB54EF5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1108,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5d9e96bd132a2c24281ae50f2b09efe4","sha1":"503ea18100d0f1573baa195933355a1372e93841","sha256":"7f205b18b5deaae96622989dbc8ad73999a9616e96ef26d909f19525deadb328","sha512":"ab5a589dc81944d2fe05d656777e9e490d42a2fd68c7e577387cfdd47c9b0c5276ca2f91a3868407c373e500d00bb5360a5ae035c7c0cb1addf47f20755a268b","ssdeep":"","tlshash":"fb11c6101c6f12c8d6e8d29263503345388d8b76056db91b69d6b74fae0583a32120a4","first_seen":"2025-08-29T11:05:53.144028Z","last_seen":"2026-06-06T14:57:21.015179Z","times_seen":1589,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1884x434_f0f83841-a720-4f18-8acd-c726f4c1e685.jpg HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nOrigin: https://u95f.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:55 GMT\r\netag: \"f775bc29d118dfd0ace54fb7bd6c5430\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EsOZ80IfTxrlJb%2FC9UJlG3r2hxg1ooE4R%2BTgzkgLKDulUycE2XKWFpW2zsGxXlb4puaoAENZm0Q7cTOQjetaW9mHjP%2BcoYI3XwImafQUYM9niHG%2FyAgK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9d137f200f108f34-FRA\r\ncontent-length: 363024\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1672637\r\neo-log-uuid: 16312129047685152739\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":363024,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"f775bc29d118dfd0ace54fb7bd6c5430","sha1":"cb0cc4b837631474e3aa230ae056fbf0b35a385e","sha256":"835a8c6ac62cb8f7d904344f78ad3d2619c969a8375479269b054c9cb0561eca","sha512":"c97c3af46ca941dd06b6e518279835d910b69248a39fe069671dcbf2fb7d09b1b515da16f95b32bfbce6f42edc839b953f844626794f4c47f9442a38d1f2137d","ssdeep":"6144:iQgiqnqSjhCWWT0HqPrWJehmhH6rFITZWJEkA0DmfsskR7s+kQXpNhd3:iYiqSFMT/jWJehyaJLEFssE7O+3","tlshash":"b8742392ce8f8c8257bf9f7114027d4e9048dbc6b9d107a05338de998efe518d6ac68d","first_seen":"2025-12-29T19:25:02.008858Z","last_seen":"2026-04-22T19:07:08.776992Z","times_seen":846,"resource_available":false,"data":null}},"time_used":496,"timings":{"blocked":245,"dns":0,"connect":19,"send":0,"wait":24,"receive":65,"ssl":140},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/noData/cms_noimg.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/noData/cms_noimg.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 9882\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-269a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nAge: 346767\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: 75CA5CAA-2FAD-412F-AA86-136C1588A277\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9882,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 700, 8-bit/color RGBA, non-interlaced","md5":"85e60fd8767b18839ffb552a5d543f8a","sha1":"341cfd68a5b39cb246af6ade1e3171c857d2df5a","sha256":"4b7ad68306ffac25830d1016ba86154890deef8bd77a03257b767b37de1c8338","sha512":"785f028aab80d3f96794431f84025483f490d7d642022404a7b14ccb4785aa52fe4a21048d44acda3bd160eedeaccfb4959a677986dfe47ef038d80724f2acb2","ssdeep":"96:74iGykVWI7TGvGJUgTFSebsBzYofEC16+TqBK7R7LWKaR8a8D7uZNgAMXFL73:74iyHunEFSebsvP1nTP7IF2uAAMX5","tlshash":"141259118573d43cd82ce57926df6fb93b709f996890476e8328e7342f2a2f78d60848","first_seen":"2023-05-01T09:33:58Z","last_seen":"2026-06-06T14:57:20.964107Z","times_seen":2380,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":405,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:24 GMT\r\netag: \"f12551e7b90b8236bafa6e35814fbff6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nxr5Raogy584AkimjFu0nMoff314yHbHFvutKroY5bnX%2BLxMRxe%2B78%2FiQVJZld4so3e8BfNwJOUaq3tfZvnKDYRpUVZ8fMCl3dqhuJ8GDIh3IF2OaMW1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebacd1feeb6-WAW\r\ncontent-length: 11070\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 16822840846033049589\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":15,"dns":0,"connect":0,"send":0,"wait":235,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_b0506ddf-52e0-4b2d-8f59-16f795505312.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:23 GMT\r\netag: \"3d254bdd326f3c65bf95165fc295cbfe\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wb3pLZ3CXE60PTCkagm1Dki4tL17OByf6rG17THn6GaczIR87jGbQovPDM12kWFxZA6XUlEZB0bZpa%2Bw3AF0IZRMb8LFAdFSj4j0ZNrNUqYjzuz7yEki\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebacab70985-WAW\r\ncontent-length: 47302\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 17258927706909866714\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":235,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size750x590_1103f977-5f3c-414d-8305-ab6884e8769c.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 09 Nov 2025 14:30:09 GMT\r\netag: \"ffd4057be0b5aef9d949a861330d93fa\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IrD0Py%2Fi338iGtYBBwDlczDxAie3lgiABGM9Mx9Eo86bCuWeRdvSSqAGHdCTDTHZBku3G2KiIf0queNTzlmYC15f8P7AId3whCyyNfEkyzahZ%2FeRvA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c9628f48c62c012-WAW\r\ncontent-length: 43614\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 14471946156653354260\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/27a31f5bdce246e48ef7ab2615c0ecc6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.124Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/27a31f5bdce246e48ef7ab2615c0ecc6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 12486\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3564\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"27a31f5bdce246e48ef7ab2615c0ecc6\"; filename*=utf-8''27a31f5bdce246e48ef7ab2615c0ecc6\r\ncontent-md5: 4+8TaFdaWb6rOIqr+qbekQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FheEdeWk4Fqjo7SO9zLXnXx8nrSW\"\r\nlast-modified: Thu, 05 Mar 2026 19:15:40 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: sAZbffTOP\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 1wsAAACYXsWTFpwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":12486,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"e3ef1368575a59beab388aabfaa6de91","sha1":"178475e5a4e05aa3a3b48ef732d79d7c7c9eb496","sha256":"caf35850562862e5f6937770093b0957dfc125b5e2b80a3f8d3efe9d1b9acca9","sha512":"ec40f49cd8e4067232bf49643d31e096963768266e0e195a3e488676c5a0eeb11207867dfde91b760a67498b1ba68e65be7832bd95b41e3459cfeb9928f64050","ssdeep":"192:O6YyKtkSy9jCfPLt98cfhSWZtOtRw4ZbucegmMRN9hVUEfQnoHcjvjYFetE+3RUJ:7Yyn9jCQOsRtbuFMn9fQnJvsQVuJ","tlshash":"8742c06b7d9bab6de14f5423a8799349a0158335d1f03fcc2b09e7098bc3a502f031e4","first_seen":"2025-02-04T17:13:01.115303Z","last_seen":"2026-03-18T12:35:38.96207Z","times_seen":13,"resource_available":false,"data":null}},"time_used":4213,"timings":{"blocked":1007,"dns":1,"connect":257,"send":0,"wait":1548,"receive":485,"ssl":894},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/268cdf57dc974c54ad8e8055fe6de048?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/268cdf57dc974c54ad8e8055fe6de048?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 76149\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"268cdf57dc974c54ad8e8055fe6de048\"; filename*=utf-8''268cdf57dc974c54ad8e8055fe6de048\r\ncontent-md5: mY20eL98BtWBe/hGmHoNCg==\r\ncontent-transfer-encoding: binary\r\netag: \"Fv-T-BsvEWKE6mOkV4_X65CI91lt\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:21 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: bXWeS4TrY\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 1pwAAAA33Ax92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76149,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"998db478bf7c06d5817bf846987a0d0a","sha1":"ff93f81b2f116284ea63a4578fd7eb9088f7596d","sha256":"6eac80487650ddf5c49c38e962b1783d3538f3c270806d52535d803d54b1f85d","sha512":"572ac2d5f74eace66a49de57f06a1e550ef937f21964583a605fd9c2a5109fe32a7f6500255279ed925ca2571b653a6e03cc9c1f18e570e6953a7643f360ae0a","ssdeep":"1536:l8uQ0a7X+4ZJ4S6Rd5BLVfSi0OdBEDTguVpDkf:l/JYX+2JkRd/L5b7da3DU","tlshash":"507302879815b03d7f8318e96f292b0c2d554164923533a92e5fe578b8be7e8333453e","first_seen":"2025-09-21T04:12:33.981441Z","last_seen":"2026-05-17T16:34:28.64353Z","times_seen":188,"resource_available":false,"data":null}},"time_used":3440,"timings":{"blocked":923,"dns":0,"connect":0,"send":0,"wait":1208,"receive":1309,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/87826b159fe8426c9aee23367952ecf9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/87826b159fe8426c9aee23367952ecf9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 11850\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 53432\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"87826b159fe8426c9aee23367952ecf9\"; filename*=utf-8''87826b159fe8426c9aee23367952ecf9\r\ncontent-md5: iv7xIXl4LLDGzvgzQ4WwTA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fq-FsubZkRgcOebgEQFHYpMaEULN\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:02 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: x9pYiXuge\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 14IAAAA3DhY56ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11850,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"8afef12179782cb0c6cef8334385b04c","sha1":"af85b2e6d991181c39e6e011014762931a1142cd","sha256":"791ecbd5e00886bd13f2c5791a9ac084ac8ffb8a2b34d1c22b63bfadd34684b4","sha512":"1178b6be97ffca9170ae274725b6bcd29b815d2f056251c0ee2a4a02d291dc2330e1a4f7bb876225653b840d5bf50a98f825ba8fc9eb1bfc7b2041c2bd6c24e7","ssdeep":"192:n3q2Ew7GiE5h37No3p8MvAPiN30Sg1z6baXFeeK3RCumgHLxWxGvLMdLF960:n3f3yPL28Mvnj3+XFeeK0MxWxGwdn60","tlshash":"f132d02f76a7ff70210e714dd487eb33da601cb587c64c4c9685b1a3d989e9e28145ce","first_seen":"2025-10-05T19:35:14.490579Z","last_seen":"2026-05-05T02:06:34.481836Z","times_seen":128,"resource_available":false,"data":null}},"time_used":2091,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":1251,"receive":656,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:20:22 GMT\r\netag: \"e394e5209a888f9ceeb17f8fb9ce91e9\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ok2EcuNcNpL4hBqjWyvhexZ0IfYAKjc6dh1PkNr%2Bq2i9F7RYkq0IS6hpV3LMkLrKTkqEQSnbxEes40pR%2FgOnzNOzbMniUQ6erVK56ZYZbObnlS66kBnw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9dfcf705f-FRA\r\ncontent-length: 77072\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 13812538492326659596\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:17 GMT\r\netag: \"63bd8645bedf3dc30cadb2aff861013f\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IgjiTpZ6K3vIJBQ8%2F%2BToX7B4xJ9zVFBVaiVRDzyoTMQWx9ggaX%2F1OjL6f9evNVpBGUL8G5syVPPsMqQvqBcuEbaQzjotzczYMxvKOsnMTkpnYAg%2BGrMp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8feed2f2-FRA\r\ncontent-length: 117319\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 12560550393979737231\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/45540.1766990974022.6eafe8c7.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/45540.1766990974022.6eafe8c7.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-37fe0\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 11557D8E-E78A-4B75-AF92-4B2FB679C3B5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":229344,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d1846c416bac16af02010672cc3585b1","sha1":"ebcd1fc73376c9dd9ec3100b2ea3e01bac63492e","sha256":"1c2fa739a4d6e6bae9784a1b6fd178ee9bdcbe634e8574831cf098f5c91f1903","sha512":"1148b8f2321e159334011fc7e18b96d3174be8237079a0afc666d41d1a3a8363dbc8919c6260bd2b6ff383f8b3d2cccce6f65f7af535186c3ddd33ee6e7cf5ec","ssdeep":"6144:3YD4wFsYiSGfKnCKPP6Xm9sm3MCln1OSgpozfEe5a:3YD4wFsYiSAKNH3TY5","tlshash":"fb24f894f294f1be075fc1f1d23b501af35b5e6120cc9ca0d296e6942e20b49da77eac","first_seen":"2025-12-29T19:25:02.037855Z","last_seen":"2026-03-18T12:35:38.946169Z","times_seen":773,"resource_available":true,"data":null}},"time_used":1406,"timings":{"blocked":1115,"dns":0,"connect":0,"send":0,"wait":274,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/css/7653.1766990974022.0ab0fca2.css","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /css/7653.1766990974022.0ab0fca2.css HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-1439\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 4D16E3FC-B5C2-4CC1-A5C8-33FF737EC6AC\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5177,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5177), with no line terminators","md5":"a0ef4268641ef0b005737ce8cc0c4b44","sha1":"9bb50b9000a419e7a701392b0d7d6c992cf585bb","sha256":"f64c7a7e6ecd620d1c7f8cc67e1eda83a0a115a8d86f3954efdaba3c09d62e66","sha512":"07605ebd7e16aef28f0ad5ed406f29ea9b77e8ba6b2079c810aacf8faf0b4a8d18d4f7775c62860cbf6d4379729a60076103a4daa833c860ddebeee3793ccbe2","ssdeep":"48:ZSPkOO2s2L5Pukasq+nArLkrL4QuQKhUjUkM5P6CdRDRWURcWaTHR/:iOvyP2r4rEDFP61LR/","tlshash":"d1b1412f01703349641bad6807dc67098325d8b399eb37da259d2a0dcbc3f861eb718b","first_seen":"2025-06-26T16:31:28.933081Z","last_seen":"2026-06-06T14:57:21.028573Z","times_seen":2536,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1884x434_8fe89870-1081-42db-97b7-f8272ac29ae0.jpg HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nOrigin: https://u95f.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:46 GMT\r\netag: \"bcaba77e3934314a1f3a7142b7e1dae0\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TvCA3tdOt4XCdSaoorqYiiQD7yljCMBJYha5OQ5Ok8nUtzViZiaXSlgrFVrYeT3nt17SEKstm5MbpZGOJoL%2FMYa3mc5YXrHum4MEL3stHJd9fbL81A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcf3c5c513bd2-WAW\r\ncontent-length: 344312\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 18018624377833294719\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":344312,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"bcaba77e3934314a1f3a7142b7e1dae0","sha1":"1e27f881b48b79b3c5f1be3f494ad4b662b72112","sha256":"d1775eee1bd769f62bc7d07d05901605b3169c1268d4ab67df0ef35470575b94","sha512":"d7437defd57a3330d674cc6d61f98b69b5ac8e0268c5f3f474a2ca94505b8d3ff951f0ea871b918cecb279c5ceeaa2742aecf81d8f3af1c3002c165780338008","ssdeep":"6144:GLznFRjZ8DkK4VAJw9ZFDPGVuiuRpBK9ZnAEpTLpzuJt1wfb1iaPH2kUM:y3Wo3PYuz3q/zqwzdHdb","tlshash":"2a7422e87513ca884b2f8f7b14c42a4d6a8d2e10dceeb5e9b479bd471ec380c867d494","first_seen":"2025-12-29T19:25:02.06394Z","last_seen":"2026-04-22T19:07:08.85063Z","times_seen":846,"resource_available":false,"data":null}},"time_used":668,"timings":{"blocked":296,"dns":85,"connect":21,"send":0,"wait":55,"receive":25,"ssl":179},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:16:54 GMT\r\netag: \"ddc46e1f9525ce46ef8c7a472890a566\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HCwG0cXTVd%2FLXgmLW3hecKgl5hxqCvwRscM3F%2BAu3xYdqc1CTbEFlW11wrUwR5RooL9RgzTKnKbG8btwNm%2F3nYFy7JHRjfyWjeI6uzyYwRrB0hJH7pUN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8d8bb905-FRA\r\ncontent-length: 15228\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 5829883067327105633\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":235,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_2a74177b-d024-4ea3-8b58-fce53f91051b.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:23:07 GMT\r\netag: \"50b573b71c42d898b8557c1c5acc73ee\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iHaRMdh6JzsJ5hGz%2FbwJzaEF59XID4%2BcgM3RjzR%2BTpu8NpCBc1ovt1VWPmtfRYvp2%2Fe87cciKhZxiSBYq%2BHHu7IE0O%2BhmFv5twJfJE8ueV8kbItZFeRp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8978afea-FRA\r\ncontent-length: 65510\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 6314224368161385587\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":284,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:11:44 GMT\r\netag: \"63edab0158abb20aedace0961c66c5f8\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H1gUEoodSQa9NCZwdajiqa0PseltPcOmvwpBWaArGt%2FcRjwxdlQlRqk82pG%2BSZKSDeIvjTrnjBx0Cop5bV96sRi04bW80ud%2Bx%2BNaPAs2wb7aa0uGQDYO\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebb38d568a5-FRA\r\ncontent-length: 15914\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 5636810067474411822\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9d0ddc0023154dc7b2fe3ad01466d3aa?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9d0ddc0023154dc7b2fe3ad01466d3aa?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 46945\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"9d0ddc0023154dc7b2fe3ad01466d3aa\"; filename*=utf-8''9d0ddc0023154dc7b2fe3ad01466d3aa\r\ncontent-md5: 9EFZqSVDuQPdMMcw0LGqDg==\r\ncontent-transfer-encoding: binary\r\netag: \"FiADs4ZHR-6LY09Fwa6Cuv0N-wOk\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:16 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: rfQL1FF07\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: wiMAAADKwwx92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46945,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f44159a92543b903dd30c730d0b1aa0e","sha1":"2003b3864747ee8b634f45c1ae82bafd0dfb03a4","sha256":"cb9bb0108aeef8d252d9df1839bd18ad202d1c911d349617bf2309274043b4f0","sha512":"94fc14787ef85a93ae4c05ae116cd88145adeb165c447568109cde99f5da7257f3a3d25481eb53bbb5ef9718c8af94434f1a5a99647248a0f77682bb24443437","ssdeep":"768:7l7LN+rpt0j1OGJa71door96KDMguzYkZCtuAS33qlChYC6fbluBhHZku:B70rpa017Z4gu8kMuLqlCV48Bhn","tlshash":"b423f1449218b1fbc54acb8f3eaa540c4ab156fe01b6b17f9965e4a5e23c0c848bdde4","first_seen":"2025-01-29T13:39:14.803522Z","last_seen":"2026-05-17T16:34:28.590415Z","times_seen":297,"resource_available":false,"data":null}},"time_used":3204,"timings":{"blocked":968,"dns":0,"connect":0,"send":0,"wait":1207,"receive":1029,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/47248f4df6204ff4a1129dab77884624?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/47248f4df6204ff4a1129dab77884624?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 30034\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"47248f4df6204ff4a1129dab77884624\"; filename*=utf-8''47248f4df6204ff4a1129dab77884624\r\ncontent-md5: +wHD1DXCuXvqQgexp8fOig==\r\ncontent-transfer-encoding: binary\r\netag: \"Fr_z8jzxWKa5BM49UJSleZqqxSSk\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: gPzUWKjeX\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: FhYAAAA9iP182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":30034,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"fb01c3d435c2b97bea4207b1a7c7ce8a","sha1":"bff3f23cf158a6b904ce3d5094a5799aaac524a4","sha256":"3db0feefc11a26f581f0fa0c04c61df6214799a3cdc48e413367d4bd9a07e41a","sha512":"4528bf7062ed22e6974628d54c2164747ccd459fbe986ec24623b4df1fa3eda860a4c0737a257bd183652891766918dfc1ee2d57ddeb874809245c1e924afb4a","ssdeep":"768:zRU9EXfCxUhMKI8DZYohgbfGFK1nnZvUXyQ0FO:zCEqxKRXxhohZvUj","tlshash":"a6d2e1718f78183d55c04a55348d15a844efca3c939c92b662e2cf89c93e2ec9f1a9fd","first_seen":"2025-01-29T13:39:14.809113Z","last_seen":"2026-05-24T05:41:01.498075Z","times_seen":270,"resource_available":false,"data":null}},"time_used":2456,"timings":{"blocked":829,"dns":0,"connect":0,"send":0,"wait":1208,"receive":419,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/64369.1766990974022.27cb8135.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/64369.1766990974022.27cb8135.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-269f2\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 931A8BD1-6B73-42CB-B914-CFEB6F5A620F\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":158194,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"97dcd81c38d4748ab3b01f347191580d","sha1":"95f855ee66f6414c305d8c9824a8f5eb472dbd07","sha256":"1be23c69198990730392d8a8a8a57f2edad77b2504c75a6fe3b80af9be19f9fb","sha512":"725ac54fdb2ce90e1a8e84d73546d876f9f6c95b41ca879cae30ab4c006fb433df4bbb1b8f5db75215b050c819c4e7bdc18f8b25b7901dd5f1dcca72e17c8955","ssdeep":"3072:mHW7tB4Vgj5tNlxyU5YegxYffj7TEOiG1Zl+DJVkzEcx1nKR:mHW7tBwgttXxyUtffjAG1T+DJVkzEcxE","tlshash":"abf31bd4f2c070f6475f45f2a22b1075b26f4d92318c98b0e15ba6597f21a48c7abeec","first_seen":"2025-12-29T19:25:01.948268Z","last_seen":"2026-03-18T12:35:39.035508Z","times_seen":755,"resource_available":true,"data":null}},"time_used":1701,"timings":{"blocked":1430,"dns":0,"connect":0,"send":0,"wait":261,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/7653.1766990974022.5eafcc69.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/7653.1766990974022.5eafcc69.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-5f3\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 65B57890-2B25-4ED9-B169-C0311DC99259\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1523,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1523), with no line terminators","md5":"d283135e5101d3f0042a27eb2374eb51","sha1":"f7b88d5f6416255b826d3919f8ff5843d156cec6","sha256":"15bfa2ce698074e989cc4f0b025005121ef3a2055fd1a771482f2c013be534ba","sha512":"613d7d37b74fc1f457581ee675657aa20d5638b511cd128d480d5af4101abf97c2396f459a0d708e18f836436806220176065aff82c97509c06cdb3014d5009f","ssdeep":"","tlshash":"e5311c58f69171b253af5abd873faa8be227849024ddb484d0a0e2e03cb47184833c1a","first_seen":"2025-12-29T19:25:02.024991Z","last_seen":"2026-03-18T12:35:38.975791Z","times_seen":750,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/noData/cms_game_noimg.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/noData/cms_game_noimg.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 4977\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-1371\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nAge: 338386\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: C052828B-0792-4440-9145-DD4E7C49417B\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4977,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 590, 8-bit/color RGBA, non-interlaced","md5":"84170735ffce6fe0e70a3136a36b8ef6","sha1":"5b2dcf1d5d92d786f1e58dc65de3dab1f35d7278","sha256":"581435520cde2b0026b4e7244a85b6eef0be740cb18c43690c420d1ec326d0b4","sha512":"bb0fc1b267c99db65ff3b9414576d3f4c0c9016e5309f2806a9f4d51c8c63383e9279c3a04daa5feda5489eb231a846b60040c71e5fa2798ca141b36ae0241f6","ssdeep":"96:nKdKn+AFdoSfrmrMDpdXd8nbZDH3mC+b2A:KYn+QK+pdXd8nbZ73mC1A","tlshash":"99a14be32b5d4badfe1e9a76a5549760ea632aff482c8c0e6887c955048b2144f640d2","first_seen":"2023-05-01T02:34:20Z","last_seen":"2026-06-05T18:33:28.288014Z","times_seen":2027,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:01 GMT\r\netag: \"209a79dd2654ebd211d71e0b0a604a0f\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q44HduIC9bLPG%2F5tD%2FVB2iaoH68HP%2FAMqV1WZdNBGmHV5oVyRmI6PD1ERs%2FhM8d8Rro0qdesgn9wvVcf2SpBbbBORrAAZtrswpd9IWXZZI7xRM612RKc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba9f33d2ee-FRA\r\ncontent-length: 15438\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 16837262607456914463\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/fd915403c1d84dbe9f8c95d99ec5dc27?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/fd915403c1d84dbe9f8c95d99ec5dc27?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 27301\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"fd915403c1d84dbe9f8c95d99ec5dc27\"; filename*=utf-8''fd915403c1d84dbe9f8c95d99ec5dc27\r\ncontent-md5: AY4mCtaL2tdBxh4xccTGCA==\r\ncontent-transfer-encoding: binary\r\netag: \"FtF9A69Odz3nO3O8msxUAkTdHjxa\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: evmYkCPkX\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: wioAAAD_h_182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":27301,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"018e260ad68bdad741c61e3171c4c608","sha1":"d17d03af4e773de73b73bc9acc540244dd1e3c5a","sha256":"46e1a29780c61d9ebc407ea0d3b24b3276809b5ab555e313a333b42788bfdd47","sha512":"a4cf715f204a1548429be849a4bf783bd087ff8e7f398cd61d69358fab447cd34d703021f4c09ec6066b43a77e39ff5a9603fb638d0b63a9dd68676ce07a690b","ssdeep":"768:0peJplYZerchtpqS8UL7NFdlDR07xTJM+:0peJsIcpZ8UOxTJP","tlshash":"cac2e03a62d9be8141c979e34e596e1af383e340982b5dce7fb1b877d4088513517f40","first_seen":"2025-03-30T16:35:48.746869Z","last_seen":"2026-05-17T16:34:28.479846Z","times_seen":266,"resource_available":false,"data":null}},"time_used":2429,"timings":{"blocked":955,"dns":0,"connect":0,"send":0,"wait":1208,"receive":266,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a57fe56a489243fbb646c403f8a2ec43?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a57fe56a489243fbb646c403f8a2ec43?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 4176\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"a57fe56a489243fbb646c403f8a2ec43\"; filename*=utf-8''a57fe56a489243fbb646c403f8a2ec43\r\ncontent-md5: cM2T7rVT9ddcHbMhzzktjQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FrweNb_q9asnwTtIosuBw0EGaRNp\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:41 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: BLyFpflET\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Mc0AAADuafTd4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4176,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 254 x 254, 8-bit colormap, non-interlaced","md5":"70cd93eeb553f5d75c1db321cf392d8d","sha1":"bc1e35bfeaf5ab27c13b48a2cb81c34106691369","sha256":"9cd49b3200e2de99530457040b3a3e7cc26da107659aa46c4812a6cc2f767170","sha512":"ce335828438cd129cc4944824e0e60d9329522e08e1afc26d2a8d881bc5d455bbeb45ffb07c37c1802ecc1adcbe636a45fe12088f9dce11bd6e5b190b3d8af8b","ssdeep":"96:8hBO55tuEOrmEKfIIG7mi8BkM7YnhJrqrC:8hBK5tuEOa/Il7G7YhD","tlshash":"59815e62ea43c5cc1118d4723e749e0d47a2d7d0361e8926cbb7da5cd47bac18f61f06","first_seen":"2025-02-04T17:13:01.173696Z","last_seen":"2026-05-26T22:11:22.741941Z","times_seen":107,"resource_available":false,"data":null}},"time_used":2495,"timings":{"blocked":826,"dns":0,"connect":0,"send":0,"wait":1253,"receive":416,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/3b7ceff70fc746ae9ef2b359cdbc63ac?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/3b7ceff70fc746ae9ef2b359cdbc63ac?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 10740\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 53432\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"3b7ceff70fc746ae9ef2b359cdbc63ac\"; filename*=utf-8''3b7ceff70fc746ae9ef2b359cdbc63ac\r\ncontent-md5: uHDhZkWg70lKd3BJ2TFJow==\r\ncontent-transfer-encoding: binary\r\netag: \"FiIRZQPKhQBvbXZHKpryQf3-Ekuf\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:01 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: V6kBmVjGP\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: y1IAAAAcBxY56ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10740,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"b870e16645a0ef494a777049d93149a3","sha1":"22116503ca85006f6d76472a9af241fdfe124b9f","sha256":"706faf0c9c857766bb2c5857a8027970be90d731a0a0f092491139ff6f1284d3","sha512":"dd4b220ab27a485f591e3bcc84e160fb61051c54606aebfa92174ec738a6295eb5193ec25df7d01e56454347243598486aad3e40bfcfdf67671366f48ebc40a4","ssdeep":"192:DUilqtz4nZCfePklj2hOdaSicW+HgJjGr5Y02ukKYBsoihzjvgHEFFznAyfvAa4:DUiVslj/ESicWLJssukpsngyNf4a4","tlshash":"d522cf81b0456716fae099360b19a7c28efbd1528a03bc9176332d1c4cef16af781b29","first_seen":"2025-01-29T13:39:14.630847Z","last_seen":"2026-05-05T02:06:34.438067Z","times_seen":221,"resource_available":false,"data":null}},"time_used":2080,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":1251,"receive":643,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_ce6f5a12-ce60-4931-b7a7-3cfa94c956bf.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:24 GMT\r\netag: \"f12551e7b90b8236bafa6e35814fbff6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nxr5Raogy584AkimjFu0nMoff314yHbHFvutKroY5bnX%2BLxMRxe%2B78%2FiQVJZld4so3e8BfNwJOUaq3tfZvnKDYRpUVZ8fMCl3dqhuJ8GDIh3IF2OaMW1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebacd1feeb6-WAW\r\ncontent-length: 11070\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 14099544074685594239\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/13575.1766990974022.cda1d494.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/13575.1766990974022.cda1d494.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-2f97a\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 05936C6A-E1A7-4ED8-A2C3-A54F6C556DDE\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194938,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"3a7061bf893ceb7b8858369b1bdbbaaf","sha1":"b0d17fc8e788a44ae0761f0785854361d4d33cab","sha256":"bee1942210529f54e37a6eef13dccbded4b1df2608bac08038f5582d4c0228b8","sha512":"ca0e19eb2ad0a2ee4cb43253cacd0885db324cc9d5237b10bc32b02c4785a840efcb165322ec5b9bfbbb45c5edd861982e50b822b2b5618adbcab67dec33c75c","ssdeep":"1536:v17BBHFeKRKp+3ELSPtj6x2DgJoG7PIDmj9VA+s69JAFdE6WIzl+Ik1+eXMa7a4H:pjHoKRKphCnDgJoec+IDWIzls+7Xr0X7","tlshash":"47141a84764170b8c396a165322f601ae22f789650dd9c24f3789ba47f7470df26fabc","first_seen":"2025-12-29T19:25:02.046163Z","last_seen":"2026-03-18T12:35:38.967617Z","times_seen":773,"resource_available":true,"data":null}},"time_used":2101,"timings":{"blocked":1167,"dns":0,"connect":0,"send":0,"wait":489,"receive":445,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/52388.1766990974022.12c3264a.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/52388.1766990974022.12c3264a.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-6bac\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: C94A95E3-0252-4A56-A44B-0F8366EE13FA\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/LOTTERY.4e81790a.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/LOTTERY.4e81790a.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 59689\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-e929\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 346768\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: 6D37A32D-B554-43BC-A1B6-BF41EBD900BB\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59689,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"f86c9671c7aed55212fe0eb5219a664d","sha1":"6e765dfb0ce3c646d8c808940071554e78e7d409","sha256":"4ba3fff550a17eff9585d6acbc4a96bd515149510f6a8bb7638985fb4b41a181","sha512":"706aa66f138a3459eaf34f5b7a8ffed3dfacecec6adf14a2e83f1149143cfbb059f97aaaac2032587a80c0e30c62e5b46b07b4dc6f3cf5925e6e1db2a8ed45d6","ssdeep":"1536:Cyp1EBaRnsFt9ZXZj0wEYsRvqm1waPbZsY:CLB+sFtzXN0w2ym1fFsY","tlshash":"914302f36beb0bc5b07adbcf4ed354f0067a71496b42dcd44f4120e61ea6199bac420a","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.021798Z","times_seen":1495,"resource_available":false,"data":null}},"time_used":1189,"timings":{"blocked":748,"dns":0,"connect":0,"send":0,"wait":440,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/34e1a68678c24c75bc24915d2e474caa?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/34e1a68678c24c75bc24915d2e474caa?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 38503\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 3564\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"34e1a68678c24c75bc24915d2e474caa\"; filename*=utf-8''34e1a68678c24c75bc24915d2e474caa\r\ncontent-md5: xTubZ7p2lcYCtw47hWEAHw==\r\ncontent-transfer-encoding: binary\r\netag: \"FmA4AKLyB4X_d7eOn5rP8wqCjcfJ\"\r\nlast-modified: Thu, 05 Mar 2026 19:15:39 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: l1VxoqTGM\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: G08AAAAySsWTFpwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38503,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 196 x 177, 8-bit/color RGBA, non-interlaced","md5":"c53b9b67ba7695c602b70e3b8561001f","sha1":"603800a2f20785ff77b78e9f9acff30a828dc7c9","sha256":"df20244185fca7d956ec7c3893796d8574295c46c474588068797945d72abfc6","sha512":"778b6e65827c588e9e380cf55dfe183c141134156763920a2b3dcb63c8eaa1bae2e08202c99e8b102ec4c8d2b1efb77cd29e23d21143b9e3c989930bfd2b9842","ssdeep":"768:lDk0Iir/lVMfU8tQ5OXSy9WK+r5P01zGJmF4f5vIC/dAjQMMNvRkrrKA+XDT:ljIyt4UjzqWVr5PpJs4RgC/dwQJzT","tlshash":"9c03e2c353e32d5c15db0b5cc439bccf5c8a3a6b18bc55304b09776536e18b28a9aaf9","first_seen":"2025-03-13T03:35:29.032326Z","last_seen":"2026-03-18T12:35:38.947975Z","times_seen":18,"resource_available":false,"data":null}},"time_used":4645,"timings":{"blocked":1095,"dns":23,"connect":255,"send":0,"wait":1548,"receive":798,"ssl":902},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/3a8bb74527db4f1aa7337fec4e58e61c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/3a8bb74527db4f1aa7337fec4e58e61c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 7482\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"3a8bb74527db4f1aa7337fec4e58e61c\"; filename*=utf-8''3a8bb74527db4f1aa7337fec4e58e61c\r\ncontent-md5: WBguMFVOYJCfv0qbqel2GQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fhm6HAoQTNg-zi00IVGEGkiM_o7Q\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: PABmEoMYI\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ye8AAACheP182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":7482,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced","md5":"58182e30554e60909fbf4a9ba9e97619","sha1":"19ba1c0a104cd83ece2d342151841a488cfe8ed0","sha256":"46e50d07dc654df96268b65dfe36047bf13e733ce2f3f279278d9e8d37b1743d","sha512":"dd98b1de883e57d278ba08476941e5b210ff64a76ad8df918d2f2c4003f25f02e8117be506fb38c4115a61576580e1c22ee5e7ea87beff30b0e0a2a15fb966b5","ssdeep":"192:Sd4mrSTKBMpaxy7JQ0q9auHX3VVgTpyS/0pga:SdUTK3x8Jwk0ay00ua","tlshash":"2af19ef1a6bb824b778ee7f434f6401dcd0e2517c83fa8918a41e75a1a40895cda9f74","first_seen":"2023-08-24T20:41:52Z","last_seen":"2026-05-17T16:34:28.406031Z","times_seen":198,"resource_available":false,"data":null}},"time_used":2399,"timings":{"blocked":830,"dns":0,"connect":0,"send":0,"wait":1208,"receive":361,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e4cf83ddff5f475a8d4470d73a07cceb?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e4cf83ddff5f475a8d4470d73a07cceb?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 38254\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e4cf83ddff5f475a8d4470d73a07cceb\"; filename*=utf-8''e4cf83ddff5f475a8d4470d73a07cceb\r\ncontent-md5: kkf7ctPx8aYZmnCZwCmvog==\r\ncontent-transfer-encoding: binary\r\netag: \"Fmi-m51Nffg8mCQhwWMF-c5Cwptb\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:48 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: XCTCEEUqK\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 88EAAAC8VRPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":38254,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"9247fb72d3f1f1a6199a7099c029afa2","sha1":"68be9b9d4d7df83c982421c16305f9ce42c29b5b","sha256":"fd8d97ff7e033c81407f8d15636985b4d97bc9165aa75201a79c2cdd71baafa2","sha512":"61cd8f3a75a4fc9f1bb9acd754cedd56deb9b9f5e19641ba8e9eda71eae23a9acb95148a40ab023ee656e193a5cc6086bd017f412d4aeda3f56d7fc845dbaa8b","ssdeep":"768:/UNJW/fqaUm5KpW1wnWsl8Uq3hItt5g8U3o10e:+JWXD54IMhl8Uq3O5g8gi","tlshash":"bb03f1ba00df7d2669557d84cdf294e3c313f8cb668a9d897838912f0153dae529cac2","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-03-12T13:06:12.678328Z","times_seen":68,"resource_available":false,"data":null}},"time_used":2674,"timings":{"blocked":357,"dns":0,"connect":0,"send":0,"wait":1252,"receive":1065,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d5bb3ede7b4b4897882198337b453d49?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d5bb3ede7b4b4897882198337b453d49?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 31179\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 52528\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d5bb3ede7b4b4897882198337b453d49\"; filename*=utf-8''d5bb3ede7b4b4897882198337b453d49\r\ncontent-md5: fxFFvfg7UdesS29wAe8zLg==\r\ncontent-transfer-encoding: binary\r\netag: \"FmSsuhwXZLuo90GvXYcqCuHPs50B\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:03 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: FJVHus9dA\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: zXUAAAAFR3ML6psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31179,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"7f1145bdf83b51d7ac4b6f7001ef332e","sha1":"64acba1c1764bba8f741af5d872a0ae1cfb39d01","sha256":"4ab00e1ec22d9a98e4a8d9fb26e934bba511e3bc97f04eb42246e3e0786d355d","sha512":"ea6fa5a20f9250830d72624ae21da27a18d20fa4f486584856279deb3ce70f547b8ca5df2ff9ae864ab877ca81e1e7021ec5e472b608eb630e0af5263edcf722","ssdeep":"768:PE/K4qz81+ePoP6e8hrReaemFCUW3ermuj7E0L3:PEEI1BC8hr8KCUVFl3","tlshash":"0fe2f1af98c87cb5b809267e9258107068c42593a8b8bf7b64e12ddc87d3249c5b3d75","first_seen":"2023-07-08T08:51:56Z","last_seen":"2026-05-31T15:09:55.527102Z","times_seen":241,"resource_available":false,"data":null}},"time_used":2159,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":1241,"receive":727,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/5edd19be1c054cca95b91489acfdcba2?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/5edd19be1c054cca95b91489acfdcba2?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 37110\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 18316\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"5edd19be1c054cca95b91489acfdcba2\"; filename*=utf-8''5edd19be1c054cca95b91489acfdcba2\r\ncontent-md5: 5UYkAqgYYIpwBXydC7o3gQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FoLP48O4SjGWEYm7kCR0CeD3M-jI\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:54 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 7VLt5D5Es\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: wBAAAACGGhMpCZwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37110,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"e5462402a818608a70057c9d0bba3781","sha1":"82cfe3c3b84a31961189bb90247409e0f733e8c8","sha256":"f097e6cba1276409e44c0a9954bd18adeb5176908452edde3a0024f669f37383","sha512":"22f37d7ee642ef659941df95564d148238e306c17c2e97ba7499dc9bf3312b1ff7787cd66d30b6a06e74d59f8f6f14bfa5fbf5502275b7cb9bf926e865b621ec","ssdeep":"768:UGfxCCPhvxuLcONQKUMG7SDM++BZbfxMgSud1pm2ppeTD4uZlxne57:UGfUClxjONQJ7Sri3g2qTsYbne9","tlshash":"fff2f19add4272281a109e63234faf46380850f77daa9c9510f98fa76d0134b637fcd7","first_seen":"2023-10-21T16:28:24Z","last_seen":"2026-04-24T23:10:16.782976Z","times_seen":134,"resource_available":false,"data":null}},"time_used":2516,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":1549,"receive":780,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor.json?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nContent-Length: 646\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nETag: \"68d7cb3f-286\"\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nAccept-Ranges: bytes\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 8BAE6D5E-C933-4A88-AE14-16EB12BF7778\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-06-06T14:57:20.956662Z","times_seen":1751,"resource_available":false,"data":null}},"time_used":1245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/undefined","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /undefined HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nCache-Control: public, s-maxage=600, max-age=0\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: DE483310-8299-48CA-9FDA-173799EDEB18\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24147,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"2cef0acbefda60f4c25755a79d627d71","sha1":"1e4b8d568c4a55304a4c8f0e42b405fcf1facff4","sha256":"dbacbd6fea7eccd549b1e7ca09f50ea374a67c1e0f1d228ebea55d767aa44243","sha512":"964d3180e03b83287f6c71497e705add4d5f4b55c4feb8eefce022cebb7e8c5ff91e06ffa90afae8e51225e1d98a88f3971f991768b382401ca2124b356c6ec7","ssdeep":"384:+RrxqNB3JK2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:+RVq7JKiNYiKop/E6wkpcu2llz","tlshash":"73b22a1a9df345762523303a2b7fb20879b1c0134309ed407e4de7588fd5aaa46e3be6","first_seen":"2025-12-29T19:25:01.945236Z","last_seen":"2026-03-18T12:35:38.937627Z","times_seen":761,"resource_available":true,"data":null}},"time_used":780,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":779,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_ebfde7c7-fdc6-4b58-9f46-2e709f79d7d7.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:31:01 GMT\r\netag: \"df95364e41340c5e75d357279bd12cbf\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=upo3%2BO1d4%2FyFNcs3w6DuOxmz9ONbl8R6%2BZMExy2DsXC9YhISiecTWZbUHyD2F%2FZ2ml2eN8ZU4kCCo1lxbl3oW4HfombhHOrEiynLUZrxwKfVxMaGWKhI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9c5bafd24aa2dbc9-FRA\r\ncontent-length: 52382\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1062141\r\neo-log-uuid: 2674885033382966013\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":235,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d4998c45b9844adcad05c538b22b110e?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d4998c45b9844adcad05c538b22b110e?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 105926\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d4998c45b9844adcad05c538b22b110e\"; filename*=utf-8''d4998c45b9844adcad05c538b22b110e\r\ncontent-md5: EkZZY3ZejhFmkl/ocHwy6w==\r\ncontent-transfer-encoding: binary\r\netag: \"FlDUSQjb-2ztld6KqcoQuPthi3dU\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:16 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: kMBDQX9js\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: CLIAAABuxgx92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105926,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 439 x 569, 8-bit/color RGBA, non-interlaced","md5":"12465963765e8e1166925fe8707c32eb","sha1":"50d44908dbfb6ced95de8aa9ca10b8fb618b7754","sha256":"950407e36bdedfdf1930d0cfeb96491f6a7a089d28c66a19c6f54692aec0ecab","sha512":"24818ffbe5bd18423becf2b8cb88e14042c2842b5e07782fd5d0364bcde17c26ea1e41a476e69d6060b06588cf0f6ee0e15a1ff7fa7d17ffa74f07b661a11853","ssdeep":"3072:RDwooeiMCMLRkI7qkUY+AjpG8miKyyZXNbmpbkJ6L11Bw:RfmDM37qHY+AtQiKTZQpmO1I","tlshash":"13a3121deb6f069360087af2f43d8e8aad29303b11327705e2e4d5f5ba5d5774e1062b","first_seen":"2023-12-07T06:18:11Z","last_seen":"2026-05-24T17:56:38.792273Z","times_seen":248,"resource_available":false,"data":null}},"time_used":3373,"timings":{"blocked":966,"dns":0,"connect":0,"send":0,"wait":1207,"receive":1200,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/cff518b0ae1a426f8278e041f6474417?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/cff518b0ae1a426f8278e041f6474417?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 57866\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"cff518b0ae1a426f8278e041f6474417\"; filename*=utf-8''cff518b0ae1a426f8278e041f6474417\r\ncontent-md5: qnpXePuVNGqOKBhtHsOIzw==\r\ncontent-transfer-encoding: binary\r\netag: \"FqhpS1Z60DRtbK-GvdvVsLp9zS45\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 8SUWBaqtu\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: JToAAABhdv182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57866,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 316 x 316, 8-bit/color RGBA, non-interlaced","md5":"aa7a5778fb95346a8e28186d1ec388cf","sha1":"a8694b567ad0346d6caf86bddbd5b0ba7dcd2e39","sha256":"8f9ab2e2e3e8e3af4a2eede5c47b300329ed9f4e54b9bd0a1104594dfbef9a4e","sha512":"afc32611f528c0c1ee213a6792a5a6706984165bc97338c7f40636cd7abd7e1897249874077145807a99bb0a46f0f395db68a1b659f9e44bb3652ebbabc6851d","ssdeep":"1536:KnvQGIWh+bZ4qHQHrL7VJ/xKi4GoFTvifDHPNcx:Kno0+bZ4pLVHKi4fxvifzNc","tlshash":"b44301592bc81e581d43c2dab6a2dbe93f03e934c45e6c6404834fea28db5b91d50cfb","first_seen":"2023-07-06T07:05:29Z","last_seen":"2026-05-10T16:58:50.044081Z","times_seen":52,"resource_available":false,"data":null}},"time_used":3387,"timings":{"blocked":957,"dns":0,"connect":0,"send":0,"wait":1207,"receive":1223,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/33a5bab563074474856a23fb04b27a29?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/33a5bab563074474856a23fb04b27a29?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 80547\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"33a5bab563074474856a23fb04b27a29\"; filename*=utf-8''33a5bab563074474856a23fb04b27a29\r\ncontent-md5: yF5ib5Z2rV5NzIzcP71oUg==\r\ncontent-transfer-encoding: binary\r\netag: \"Firoj7_tgP6JGiY9U5TkCnErSPEU\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:49 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 0SYhAD8fZ\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: gpUAAAAliRPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80547,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"c85e626f9676ad5e4dcc8cdc3fbd6852","sha1":"2ae88fbfed80fe891a263d5394e40a712b48f114","sha256":"4ead2277d27e89501a23f87d78486b7ace7c7d646d6483189e48ec8326758d21","sha512":"887eda986d805c3a24e796a02961b4cca749a2c065eaddbd5664b1e97c8cf11a40eb26549f3eba8e0ab5172ccc9a204b01c89a44cafcd293259d5dc3a8f726b7","ssdeep":"1536:bJSSPY57TKBBA8ij3iEgVel6xg4N0RsXgKE+eO6x6WpYPX:bJTY57TQ5DPN0RDNO6XpC","tlshash":"74731236e386fc67b0b9354a2d3ee074bd7928b04f0dfbc531b661a0a46641b476e174","first_seen":"2023-07-17T19:56:39Z","last_seen":"2026-04-12T14:07:56.900311Z","times_seen":82,"resource_available":false,"data":null}},"time_used":2986,"timings":{"blocked":356,"dns":0,"connect":0,"send":0,"wait":1254,"receive":1376,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/css/chunk-common.1766990974022.fcaa3bb6.css","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.048Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /css/chunk-common.1766990974022.fcaa3bb6.css HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:35 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-340e\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320735=t1T7fT66rZ+YDhI9i8qP2DvF5UIxVxl0Aw1JcilzJiPh0k+Zu02i5p98hRUuWF7m1qOUGB0OXG70qMDmFN26RR4pGNIKl++AlxemLPuJb4yF8aQIPOc+pofYlVRAdlm2pz6bL5z5R16vsbw7SYGeZY2KZVphxgDVkTXcWPDu1/QBQD9v1LjxtJUC87BmvCSZ\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 7D6B03BE-9FFD-47D8-8A18-4BCAE9A24F52\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13326,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13326), with no line terminators","md5":"826c687e5a03ee71f95d5348db199e55","sha1":"46d95f05e1da96866b57353cd147ecfe9f20f2dc","sha256":"daf2bc8bfaa2d7608bfcd21eb0a6aeda1d3452dc26f2b8577a7c69e599bb8d3e","sha512":"47a2d7bf1b9905ec12876df1008c5b7cd9da2ef5d6f72026fea2ef705e6b63bf2f88941c5b57b112aa663a612327e48e1e85da444a119e7187b615b4089da7df","ssdeep":"192:4dQK/X4cBY4mZGX1lsUTLA7gY3bz/i//LN4hHSQZA2VxM2XwKjv0:M8oTG3bz/i//LihHBrxP0","tlshash":"7852b831d635b53ce57be226f9d09adc6024d417e2730baeea653b3ac5ca4d215332c8","first_seen":"2025-08-29T11:05:53.265444Z","last_seen":"2026-04-27T23:33:28.249766Z","times_seen":1343,"resource_available":false,"data":null}},"time_used":1067,"timings":{"blocked":418,"dns":1,"connect":207,"send":0,"wait":220,"receive":0,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/css/index-399e2569.1766990974022.29c710d5.css","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /css/index-399e2569.1766990974022.29c710d5.css HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:35 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-e0da\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320735=t1T7fT66rZ+YDhI9i8qP2DvF5UIxVxl0Aw1JcilzJiPh0k+Zu02i5p98hRUuWF7m1qOUGB0OXG70qMDmFN26RR4pGNIKl++AlxemLPuJb4yF8aQIPOc+pofYlVRAdlm2pz6bL5z5R16vsbw7SYGeZY2KZVphxgDVkTXcWPDu1/QBQD9v1LjxtJUC87BmvCSZ\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 08F5D080-27D9-4081-909C-0094844B5685\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57562,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (57562), with no line terminators","md5":"2f3591d05710c17263654bdbd1c61439","sha1":"7e01bb81325a8f1467f06af8e350f454ef9642fc","sha256":"ae1408888e932166709c231d29811eeebbf66cfbb275c659453e330ea4d7b638","sha512":"49a9ec1ce9e407bb956dea4bc923ec39582d45a5d4f20a1ff4cdd4fe516d58014ee5bbc269ed1e732fd2a852b217a3ead4e9c9fe94730b5186484a8eef5bd7d3","ssdeep":"768:E0ou27X8vtr9UL5srs7hAqpLe20TCKiNkZICSA2ohGyHukQ9aaV+TJtU+WQZLq:Hoq9isrQAqVe6KekWRlkQ9hf+Pe","tlshash":"36436c2526e435ade27ba716ec91ea49312b8701f127725afb03312bc1c32f5ca77b41","first_seen":"2025-12-29T19:25:02.039644Z","last_seen":"2026-05-10T23:46:54.466257Z","times_seen":760,"resource_available":false,"data":null}},"time_used":1671,"timings":{"blocked":480,"dns":1,"connect":260,"send":0,"wait":467,"receive":228,"ssl":232},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/left.34013cd8.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/left.34013cd8.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 237\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nETag: \"69522598-ed\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 19279B13-7B28-4E6C-9E92-F2A141DD61A6\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 14 x 44, 8-bit colormap, non-interlaced","md5":"5ecca260da6fc5e2843405c20ac69817","sha1":"3918cfad7493b6860ded9e259ba90bc6a853f1b1","sha256":"078a4aac39c49a33cbabf23cda7579fa7b76e875e6b6d24d16cfcbf9f8b250df","sha512":"b76a870a79a87a450e5d30a218d75093b57415c563e64a8ffd6839a31b36379dbc08398698b9c1368ecda671d65045d5cfebe3363b98d746d89dcaad15bcd8ce","ssdeep":"","tlshash":"6dd0a99be2076faed1c70bb3732e0ca18a8124e892944b088042c622ca663a1dd82042","first_seen":"2025-08-29T11:05:53.221032Z","last_seen":"2026-06-06T14:57:20.957152Z","times_seen":1572,"resource_available":false,"data":null}},"time_used":2352,"timings":{"blocked":2144,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f8306425cb6740e78b2802ff5047afa96a8ae096bee393c421cac4924db741c4a080b3f3ed2f2822673f3118bd3bae081df46a59bfce8 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: zapK/9ZoOUNGuV7UvjFMR3TcXM7IT2VrkJeSTKqr1OnhmpTtAlN9E5PCec29Kwxzo1gJUilFeub4nnByZMA/kJe73y8gCXGvHu7LoYmoDRBI18KuQCoiDsjNPy5zRTvnEl9pvTGxXqAKZsNIIyqHpMGPPD7EJOtj91TH405WK5Y=\r\ntimestamp: 1773320738741\r\nsign: 7bn5h1t46h7a213b\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:08:39 GMT\r\nCache-Control: public, max-age=180, s-maxage=180, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 6400336B-9E0E-4EC5-BA37-5B0F8EAC12E5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"aa1fe36cc499baa3fbdc7ab9bda7432f","sha1":"201b0fc1c4c699f3538c8e3992ec08ecd2f3acb3","sha256":"d509d9e26b3c3a371856286d14bcdd4f17125a10d8ee40e119fdecaf964fb478","sha512":"2dff3b34740cc9d3690f596673675516493472f5ad4bbd3536b5b1b18922543771be73e01051874bc7039aef9461cedb841f0cbe4945118bdea5773a4b3f7a55","ssdeep":"","tlshash":"03b012a2d5a309ed9644713104305c414be022ccc9bcf858c7bc4d2b45650210494105","first_seen":"2025-08-09T20:01:46.169117Z","last_seen":"2026-06-05T18:33:28.40271Z","times_seen":1531,"resource_available":false,"data":null}},"time_used":1179,"timings":{"blocked":945,"dns":0,"connect":0,"send":0,"wait":233,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:10 GMT\r\netag: \"df68f353c4e753dc68726f8cf495ecc0\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LWY7edlEINrgWnV2D1DRcHc7koKOljznRRDMgLSvz3YSM%2FkRp%2BQdP2yP5HVK8ZKPwXDnKetMXALiFLYgI%2BWFxJNaA9UTEIMBt5ArONyFgiPSkr8qYiAK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba9977199e-FRA\r\ncontent-length: 87818\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 5545248665542318632\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size704x442_73525908-fb7b-43df-ab6b-ee9a1274a74c.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 09 Nov 2025 14:20:33 GMT\r\netag: \"c863f2d8c28c65694eeb613eee895fca\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=srxVRMCeKBpGDmnMDT0Db8byAxNGDQbp40VZ1aL%2Bf5OBRZQ9cI0UT4JLW9eqIeh4RHuIJHuCwTkVY2WzOpIqy%2FyinRcXzbtdAZU3plJZ%2FS0n3RngqI7h\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebadb92780b-WAW\r\ncontent-length: 26068\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 3818637955929455387\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/4e27520d598f4a9c96f12a0449c10df4?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/4e27520d598f4a9c96f12a0449c10df4?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 9480\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 45314\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"4e27520d598f4a9c96f12a0449c10df4\"; filename*=utf-8''4e27520d598f4a9c96f12a0449c10df4\r\ncontent-md5: Tzcw8XYHy8tBOcK1vec+LQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FpAgd2x0va4FAZD4JNoO_1hxAjHH\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:11 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: CQ5ul9GAi\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: TQwAAACUdEWb8JsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9480,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"4f3730f17607cbcb4139c2b5bde73e2d","sha1":"9020776c74bdae050190f824da0eff58710231c7","sha256":"836fbbcef77508cfcb22fa1da8739e3fa125bb6c48b484192f4aff0268c40dfc","sha512":"431eb518aae55b37c6148b64fccd5b28e823c3f1b5f87000b7b50fc0da95dc2bef1d15c6fffb84e0ac8b66bf45115ae6cf8589104564fc30ab8045e29b2af6a5","ssdeep":"192:zFzZ+jty1IGmi+7DohuLn6YEyLwnyTBQUwKVc+UczDuEG:JZ+41IPPnbLzLKQQUwrYzDlG","tlshash":"f012aeeac4861eedbb0f64990726450ca55fe3b91b92857c0fb7514a38146b90cce3a7","first_seen":"2024-10-24T22:52:54.788172Z","last_seen":"2026-05-03T01:53:47.802294Z","times_seen":121,"resource_available":false,"data":null}},"time_used":2192,"timings":{"blocked":189,"dns":0,"connect":0,"send":0,"wait":1549,"receive":454,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rcf-img-hk.gasdg646fs224cn.com/202508/a7e49dbc-140a-4c02-81cf-e55cd0108e5d.jpg","fqdn":"rcf-img-hk.gasdg646fs224cn.com","domain":"gasdg646fs224cn.com","tld":"com"},"ip":{"addr":"104.21.20.12","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:41.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"e61ca915.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Feb 2026 16:02:27 GMT","end":"Wed, 06 May 2026 17:02:25 GMT"},"fingerprint":{"sha1":"FB:9E:BA:06:AE:35:AC:32:4F:7A:8E:02:04:A0:89:20:79:58:F5:29","sha256":"CF:B9:7D:D8:0A:F9:2F:50:F4:52:CC:60:2A:2F:41:94:16:9B:21:C6:AE:8A:6A:E1:E8:C7:2E:6F:D6:18:7E:C9"}}},"request":{"raw":"GET /202508/a7e49dbc-140a-4c02-81cf-e55cd0108e5d.jpg HTTP/1.1\r\nHost: rcf-img-hk.gasdg646fs224cn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 221858\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=waYaFegV1oYukCf7PLkd5yO3vtVc1txPVPC1iIiDXS4osRgeGuZYeEGvbfBtpgbMJzoV%2Fb%2FXPbFchsZ9vsAyY5O5GnAm7s3l8QqtZf8L3Xf%2Fxe8FXSUqPClUh%2Fc69w%3D%3D\"}]}\r\ncf-cache-status: HIT\r\nserver: cloudflare\r\naccept-ranges: bytes\r\netag: \"f42e0fcaaf4b3dd132c5b52a7fa29773\"\r\nlast-modified: Mon, 25 Aug 2025 10:01:09 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nage: 51254\r\ncache-control: public, max-age=2592000, immutable\r\ncf-ray: 9db30308cdb78a18-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":221858,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 540x650, components 3","md5":"f42e0fcaaf4b3dd132c5b52a7fa29773","sha1":"23412150020e5af9888e58038f823dba9073027d","sha256":"1f0221df43cc57f4baa91484c6d4d1eb8374623bb21dafd74c526f95942153f5","sha512":"716a4b79708b5efc807da4f3f4554531c044db894cab68e14b5854fdf342d363fa588fa4fbb045b3b729b06e7f8df9a1619183277f6f90228c2419ab7f48c9a8","ssdeep":"6144:DtRn09SU2N018YMl2/LwukXqlZU06QX3H0x:D09SXN01XN+ql+0pUx","tlshash":"8a24129423536cd1fcaedae079d87a0b3a5626fc90fff44386144a81635ebbc618171e","first_seen":"2025-08-29T11:05:53.340749Z","last_seen":"2026-03-18T12:35:39.054225Z","times_seen":1134,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":53,"dns":21,"connect":9,"send":0,"wait":17,"receive":25,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/css/home.1766990974022.971c3723.css","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:37.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /css/home.1766990974022.971c3723.css HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:37 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-13f22\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320737=B1yfjwA6cJ6C1du+jzEVQBqVY9it0e349RQ+hx4MwGGhiOMkDy3XxWzdFfdMaPHXFBI0u9OrFieBd38uaOfLAUlNknum2GZEGRClo0vvU30FlhFkPI/B/HWCid42h4dsqccy/KLz/ZwZUu0NcML3l+98pn5t+/PCnPsIE9iSonqCB/gVbxaXbKB5UhD9y2bH\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: 46CE8E18-621D-48E9-AA42-0E17D10326F8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81698,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65528), with no line terminators","md5":"716d4e2a4c4b429c74390994f19e4fee","sha1":"98088bf2980651e9b7f7de23998a26429019310e","sha256":"c0d9bfccbde905ac21daea4499434d358c1a6ca28302157f8a6f490f904ead74","sha512":"8a6d1df7027bef774fd5852d7ab6eec988daabba124eb52b9c6ce7a41625166b76e30f8c381c8543334afa4e85a063d2d7ac93767a0d2f08c4fe9326e4a75398","ssdeep":"1536:yzOcRM7jufawS2d3a8WiLKbzGhba9gpXdNCR9khb+8J/:PtuSJwLUKo9gER9khb+y/","tlshash":"4e832a7aa610253db437da72b9f05bd8b524c846d7634a3df2537a25cbc72e213323a4","first_seen":"2025-12-29T19:25:02.014331Z","last_seen":"2026-03-18T12:35:38.996389Z","times_seen":767,"resource_available":false,"data":null}},"time_used":436,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":434,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/bj2.a8fabbac.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/bj2.a8fabbac.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 360604\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-5809c\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 501AD376-6734-4252-8D98-234DCB5271DC\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":360604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 641, 8-bit/color RGBA, non-interlaced","md5":"e0fe8ffeed1841f74df53c3b0c1f2db0","sha1":"77bf6dfe664cdc936776654af151f49368479ec3","sha256":"db4d87e8a403e388c54dd5d114b738c82e1d2dbe65b95630fd5782179f0d7d54","sha512":"825bf73262c2b613b6a8a8397f869db6b2cd4118e554689d228503e7a04c4e674d49c5649e4ac8e2423a7b526c0f6621c259566d0e9bb6ebfa0712a7352968fa","ssdeep":"6144:iAHwIFRCiRIygxWS9v34xfZzuwbIYGzl8BPp0eIiOk3Fg7la6RUIs4pU2:rwy0IgxDEfQwbjw8dpmiOiFgpLHFU2","tlshash":"2874238d711d48cc9c9b45003dd82d9e1c55aa2f7aab20b58264fed24d17ddeec0ea3b","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.035921Z","times_seen":1505,"resource_available":false,"data":null}},"time_used":2690,"timings":{"blocked":2254,"dns":0,"connect":0,"send":0,"wait":212,"receive":224,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_b82399e1-d771-428f-9811-f7e15cda0f21.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:26:29 GMT\r\netag: \"60ed27370158b53f419324c524a4be0c\"\r\ncontent-type: image/webp\r\nvary: Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=dc8rcg%2FoBCNVODwASFGZqp%2FGMS6cPIEmg%2B%2BgvarOD0JUTk88mGnZPCncf6%2FtUdAxrVLXeUqibvSa%2BGEzCuirrIOOMXDSDX8cBvISuB81hNTOPSOHToaqWBf11uP%2BmvuPZags1teNEHqhhg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9ca7464a3f2cdcb4-FRA\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 103194\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 12728225814322189470\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/05bb481fa3e243328483e1790ee1b751?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.133Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/05bb481fa3e243328483e1790ee1b751?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 7802\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 80\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"05bb481fa3e243328483e1790ee1b751\"; filename*=utf-8''05bb481fa3e243328483e1790ee1b751\r\ncontent-md5: nQdctOGyD6vxRaAotaChoQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FqWjoRGKvvAI9hA-U1OubFjgCOTr\"\r\nlast-modified: Thu, 05 Mar 2026 19:15:44 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 4zJ7hh862\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 4JsAAAAWcR-_GZwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7802,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 151 x 151, 8-bit colormap, non-interlaced","md5":"9d075cb4e1b20fabf145a028b5a0a1a1","sha1":"a5a3a1118abef008f6103e5353ae6c58e008e4eb","sha256":"a126ae7459b6e41d6d44d0fe74c99ec617ab91646bc9b7a6ba3ec6db03c55428","sha512":"368cfd2ea34e99cfeca70b5ac2afdbf00ec2bbfcfb772d7a6b7a46553e8673e47c39ad7fa59dadd68d1670e17e18373cc7a841bc3589310948090d9494e7adff","ssdeep":"192:ps+YglmygEN8e8zsunHfXJ0g4LTAX1TeISeez:+lgz8WU/XJRZlCIJM","tlshash":"53f19f10c4eb8f403b8e65205149d32370bd821d6b651da8b7aeff691c853d93a9873b","first_seen":"2025-10-26T14:27:50.311155Z","last_seen":"2026-05-24T17:56:38.713787Z","times_seen":14,"resource_available":false,"data":null}},"time_used":4195,"timings":{"blocked":998,"dns":0,"connect":265,"send":0,"wait":1548,"receive":485,"ssl":890},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/assets/logo/favicon.ico","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:37.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /assets/logo/favicon.ico HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 58278\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nETag: \"68d7cb3f-e3a6\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nAccept-Ranges: bytes\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: D617CE82-2957-48FF-816D-04647000AB20\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58278,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"7fb9203f2701deec1371d2fd0ddd079a","sha1":"a7d4ea5f1c3d103aaa3c078bf540b56404aec0e1","sha256":"2a342dd0f9977afb12227889cf13ff008d4cf1e9a4ca07fb4131d14af05978d0","sha512":"964cf7794a7b72bb9515927efe748563b6d46fe122b35baa4c7f57fafb09ea759e5e759a3000d385872218cdd08383a58a2b66feb9a712e6f3e9a06cc87e43b5","ssdeep":"1536:e7V6OVB39Hdm34GeF4KERayBlZ3WgaOlblY4+:e7V6OV7034GeFERd3WgaOlbGN","tlshash":"af43f10a258e86c73047c3921b2dc09b70d12c776b8daef9e6bc4a5816d54731bbd1ae","first_seen":"2025-08-29T11:05:53.165834Z","last_seen":"2026-03-18T12:35:38.966648Z","times_seen":1201,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":23,"dns":0,"connect":0,"send":0,"wait":234,"receive":215,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1884x434_f0600e57-43d6-4af4-8f1c-08ad10ecab8d.jpg HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nOrigin: https://u95f.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:41 GMT\r\netag: \"57e2ced1fc2b99a4589753213a6f10b0\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aFXeZOPy9oNUUIFAjP8JFpxFDTyqLlnTAkkKuwMABXWTQfCfEtxMXCgG7zMJycO5ml78qm0EzgGFweuq8qiocABRcOIO%2B%2Fa1y1OFyicIPpjZrN96Wq7z\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcf3c0b50d2f2-FRA\r\ncontent-length: 396057\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 11660305818201153736\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":396057,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"57e2ced1fc2b99a4589753213a6f10b0","sha1":"1f5f15d4dd130c38a42ca7fe3eeede26b521cf46","sha256":"df38cb64331a2e43581a2cfd5fa1fbf00f8e0ed821ce05eeb2440f17dfa9aacf","sha512":"d06552ba67916544e1d6053eb43c9300a010edf694d2c43c5a6a080cddb280a22a62def320124f293ba1d3a1af6121a5d5be4bddb6c724077e4963ebfa6996ce","ssdeep":"6144:nnkD2g7Xp2j6ic0qwwyN3TV9rOxsiitOVWkjtA8xsf5eCnqLhAi5iZS8fVSA:nQ7p2j6rxwwyNniM+WkjtAgErq18k8fV","tlshash":"658423b2c8f6c90a736bf975649d99469124fc4f36ef5cf9e1249c2f3602a32690813c","first_seen":"2025-12-29T19:25:02.006856Z","last_seen":"2026-04-22T19:07:08.849943Z","times_seen":846,"resource_available":false,"data":null}},"time_used":616,"timings":{"blocked":261,"dns":83,"connect":21,"send":0,"wait":81,"receive":22,"ssl":143},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_bbac9ff6-d09b-48f7-9e60-77639d6ba1ec.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:07:48 GMT\r\netag: \"e2d00e57be570c53a1c3fabdfa16c6d0\"\r\ncontent-type: image/webp\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=48IrNWYyR2PxEkvWFeGHeP4EeI9ieWKVhH9Of7uBx9VjvXbuh6CMGVnyZVjWI0Ea%2BR8ybYgAWNvi%2BddJ2snNxWXvML6iCX%2BoOY9tgydwiix4wEZo8ALn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9cd42d23af2ddb0e-FRA\r\ncontent-length: 10174\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 1134119269899080967\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":235,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202502/_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202502/_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:17:05 GMT\r\netag: \"6e183b8d89a538d686c746516823bbab\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cSo187XymNOhU5Ne%2FqNyA2DcH4%2FQ82BAD%2FiNmmBu0LmeSBn7Jw7CbvvzSc8OPDS7e7YRwxk87kANXAOQl7vOkb%2BCAdwnJ%2BEciPYrIqv%2BiHJwUGlwitcM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebabf2e49bb-FRA\r\ncontent-length: 22168\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 8291059832574347268\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":235,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:06 GMT\r\netag: \"4e3dd8d15b3ee692a0dbc6fd5f6701bb\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=exXzWIVkeISnn2Rb%2BRBCVDGK2Nvg%2BT38qnm%2FUOUjnr3V3zqqaV1NANoS6zehTD64ssbCY9hdx%2FadCrF28O36m1ubnQyYRtwaDp1KStDj34fADNb9PIpK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8a309143-FRA\r\ncontent-length: 10758\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 16446829899084193393\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":31,"dns":0,"connect":0,"send":0,"wait":233,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_aa2a4724-288d-4252-82c6-453d0458d8c1.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:17 GMT\r\netag: \"63bd8645bedf3dc30cadb2aff861013f\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IgjiTpZ6K3vIJBQ8%2F%2BToX7B4xJ9zVFBVaiVRDzyoTMQWx9ggaX%2F1OjL6f9evNVpBGUL8G5syVPPsMqQvqBcuEbaQzjotzczYMxvKOsnMTkpnYAg%2BGrMp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8feed2f2-FRA\r\ncontent-length: 117319\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 12954058197346532248\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":64,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/616a307c48ad45758df6f78cf889dc7c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/616a307c48ad45758df6f78cf889dc7c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 7999\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"616a307c48ad45758df6f78cf889dc7c\"; filename*=utf-8''616a307c48ad45758df6f78cf889dc7c\r\ncontent-md5: ciewsEiuEHWMc4nKANm1iQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fs7O26c2kU2t5U-RZdntC79K79_i\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:42 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: UM1A3JUe7\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: VLIAAADam-Xd4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7999,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"7227b0b048ae10758c7389ca00d9b589","sha1":"cecedba736914dade54f9165d9ed0bbf4aefdfe2","sha256":"93eedeb04a32485f62e54e834b9d7366ebebef7fc60768667c10f1719f486a81","sha512":"3fd262e80ffa2e2d9a0202b9aadcb42da194960c11e86e7aa71c5a5689a391e99bf08c026d9206c8fc38c69d3fc715b419b9298958e03488bc996379fcc3f108","ssdeep":"192:8VMp7xAH3+agBlJGT/daomf1IwunGLgCIu5Bng/:GMpNy3+agGT/d5Y1f1UDqng/","tlshash":"4df18d04b1de05598ecbdb663ca460e58dbb5c8a6582059c2e47e7f0cb0757d3833b89","first_seen":"2023-06-18T16:15:32Z","last_seen":"2026-05-04T20:16:57.924768Z","times_seen":100,"resource_available":false,"data":null}},"time_used":2496,"timings":{"blocked":827,"dns":0,"connect":0,"send":0,"wait":1253,"receive":416,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/f4d31b7a05724053b156981507bae26b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/f4d31b7a05724053b156981507bae26b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 8771\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"f4d31b7a05724053b156981507bae26b\"; filename*=utf-8''f4d31b7a05724053b156981507bae26b\r\ncontent-md5: c/1n8e5ni/e+S71xI0C5FQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FofVw-Kdvo9gqFKinwWGERmQRIjR\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:47 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: zpLHM3Yea\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: hvkAAACbjP7d4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8771,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"73fd67f1ee678bf7be4bbd712340b915","sha1":"87d5c3e29dbe8f60a852a29f05861119904488d1","sha256":"5432b0d05a596054b3b577706a58884f705d5af88b8104b66c87d112866810ab","sha512":"e919d2216bbc5d0e0833bad11dc4173cf84720e4bfa5bc0cebccdb2123cea1072398c5d9eef384ee7241fafb9d4d8b50df5457d9d74daf67a1dd3e1ede628d55","ssdeep":"192:qXYaI7gAOJGqNSipwZxjqsLXrCmZOV6w59jdowVoKxJ9ac:qXnAOcOSrzeuOV6w9pojKFac","tlshash":"42029e22ca22f598a644356be746ca28e1d3016c6e40daa257b3d9f45ca44e2c4fc4f6","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-05-17T16:34:28.592665Z","times_seen":49,"resource_available":false,"data":null}},"time_used":2477,"timings":{"blocked":771,"dns":0,"connect":0,"send":0,"wait":1253,"receive":453,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/65246.1766990974022.c40b56f1.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/65246.1766990974022.c40b56f1.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-11f16\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: BD4BDBBD-43A3-4A19-8A95-2C7DA5CE4644\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":73494,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (48666)","md5":"4f72169b9753bbfd046b32e8a9c4c9d8","sha1":"76310a9e002235a02b1842b0ff3985e2bd53ef46","sha256":"26b88e6905d829b63d80a3ce48041e1fd4fe98923072fb1d19b371d117e41045","sha512":"05d8f29fd1ac787d4f27a2d8ee901437e310e0ca663822c6270d05c1de8d33a024e312797a984083b277aa054cde3c5995340a26c25bac74fa6c11b339bcfc3a","ssdeep":"1536:j2+iDvYvNjx4Uyao0L8oDNzAuMMsTAQ0mqt2pXYzA4dANVQ:q+iDYvPo0L8oZzAuMMsTA7mqt9zA4dAQ","tlshash":"de73a501f78272384fa7e290220f2026e16e191505ac5bd8f179ffb93ef0954aa7d7b4","first_seen":"2025-12-17T20:52:09.055572Z","last_seen":"2026-06-06T14:57:20.976288Z","times_seen":1181,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_04beb05f-bdcc-4bf4-a35f-b560e45e45b0.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:24 GMT\r\netag: \"8871a786bfdc45ba7ab938f0f567d814\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0Bv6MYCLsTOx96hL7h5Zov24ViUZmgDsz1sehnlUX0mWqM77douujlprd%2F9hcJw3GMT7s%2F8mbOwCKJkgpW6C97mBFvUmkBIgjRnZ7fRBebruS6MWIynN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9c5f0cdedeeb4d64-FRA\r\ncontent-length: 108004\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 8477738741343194203\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/5b6cadf853144f9ab34d0e0f9346a08d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/5b6cadf853144f9ab34d0e0f9346a08d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 16765\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 54335\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"5b6cadf853144f9ab34d0e0f9346a08d\"; filename*=utf-8''5b6cadf853144f9ab34d0e0f9346a08d\r\ncontent-md5: IeEVyPCuH9W/84cmPUugjA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fs7YtZkJeaJuQTTGfWxWmRVLVaQH\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:00 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: Ypfjjy4HB\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: ls0AAACufOlm6JsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16765,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"21e115c8f0ae1fd5bff387263d4ba08c","sha1":"ced8b5990979a26e4134c67d6c5699154b55a407","sha256":"a935327ee707b3689c3fc90037bff01d181dc6f0088db095329b48897f8ca4ef","sha512":"3ddb250278092ea2559da5012d26c74ec997d340df8722288cb84e5d3f163359f5f2a1943465c13dd871b944f8578dc9807c73b4c940d994f19d3266bd2f059d","ssdeep":"384:cv2fOX7d2KxImfW/Ka7MA0i3idjLPw0htSavPvf04iMEfWbFM:cv22LdLxIme/DN/A/3SOvf04infWbm","tlshash":"4672d070d4310aaba8b97bb3f9c508e7c946c1bdb33b95937679a003814a450ed963a9","first_seen":"2024-08-19T15:01:26.193141Z","last_seen":"2026-06-01T01:29:53.974135Z","times_seen":157,"resource_available":false,"data":null}},"time_used":2042,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":1252,"receive":603,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e16254b473c646baabf3473b36647697?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e16254b473c646baabf3473b36647697?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 111951\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 5427\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e16254b473c646baabf3473b36647697\"; filename*=utf-8''e16254b473c646baabf3473b36647697\r\ncontent-md5: nVIImPSaRuCgD+74IkDLgA==\r\ncontent-transfer-encoding: binary\r\netag: \"FicGVqV09HODONUR2u4X3ARAdVHD\"\r\nlast-modified: Fri, 06 Mar 2026 19:29:38 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: quZLYIGRR\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: RmEAAACVPQLiFJwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":111951,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"9d520898f49a46e0a00feef82240cb80","sha1":"270656a574f4738338d511daee17dc04407551c3","sha256":"b939c9b097de39bf3d75f3d77c995b85bb4fec2f82e4fe9f7d2776cfd921cdf9","sha512":"6a30daf6942951db884cae9b35cbeee05c6a4b31c6b6fa67cb21a186fb8163e5629181cb5a00046ff696cdc5144bc9ed4436c59a112dfe23b6aa3c0509da5018","ssdeep":"3072:dZ5X3mZ7h4Q/qWrkbw+EfaB8Cd/udZZf+gmDeTCErscl9kshdyjH3vV:dZl3mRhrqGkbw+Jld28W3z95qXvV","tlshash":"03b312acc30ff231ea795c790c167285e362552d47edfa13b22a79c1b2d345c859b12b","first_seen":"2025-01-03T06:47:24.523779Z","last_seen":"2026-05-31T13:12:34.898513Z","times_seen":92,"resource_available":false,"data":null}},"time_used":2763,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":1549,"receive":1028,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/d3d1c9bf486c4468b3b334eac8768025?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/d3d1c9bf486c4468b3b334eac8768025?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 54030\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 5427\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"d3d1c9bf486c4468b3b334eac8768025\"; filename*=utf-8''d3d1c9bf486c4468b3b334eac8768025\r\ncontent-md5: 2cqg3rC6CGO1Vx+1F1IcAQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fp1aR2N7VPHnw1frSeGAAcXsRN9v\"\r\nlast-modified: Fri, 06 Mar 2026 19:29:38 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: aNTdxdtk1\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: f40AAACTQwLiFJwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":54030,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 197 x 182, 8-bit/color RGBA, non-interlaced","md5":"d9caa0deb0ba0863b5571fb517521c01","sha1":"9d5a47637b54f1e7c357eb49e18001c5ec44df6f","sha256":"3f5ce91e87bfb2844ca164ea817cb3b18087ab06173595c09c1b1facff793b1e","sha512":"f5c7791ed7f44f094794fbaeb32b5b87f291168c7d7712ef101602191e533f181f4f9531d0caf53e844258660d9e86773fc481a769eef8446f19c3882995b1fd","ssdeep":"1536:RjMpe9ILDL0xtTtBBXLifdU00QNR/Q5kdk:hMpe8v0/TXBbifdLnQT","tlshash":"78330170efa5bb2e23f4d162f7968e43320ae6e8712e881790d3d50cb55271e83d0c64","first_seen":"2025-04-01T11:41:17.755018Z","last_seen":"2026-05-31T12:35:53.341167Z","times_seen":62,"resource_available":false,"data":null}},"time_used":2766,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":1548,"receive":1032,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/theme.config.4936a15d.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /theme.config.4936a15d.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-1a625\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 5413838C-F131-4AAD-A18C-9AF3DCC75252\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":108069,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38260)","md5":"3eefb150c31978ff96b9caed5bec52a3","sha1":"09f43bfd4ba73f3544ff6fe3503094bd693ac339","sha256":"26c02d7aaa9d1bed7e205e4985d3a055ac174ef8b47401bf0f442125fe605010","sha512":"c2409eaab8b4f9a8ac2cc3319ad8ea645b7941b78798f06a2f4a85b6d0fa53a9a2dcf56c7ad9da22b18fc5db50bfda7c92404cd6ac44bb76d7d216522617313d","ssdeep":"1536:D2JREobVmtlIRM4Sb2mcTa2mnzyJog9CcHWhM:qUtlGu1Jnz45Hl","tlshash":"92b3cb7ae20c963a6137acbfb46ce111d12e9c0c9b1d5fdef13e10a25b10669c931de9","first_seen":"2025-12-29T19:25:02.034551Z","last_seen":"2026-03-18T12:35:38.977551Z","times_seen":773,"resource_available":true,"data":null}},"time_used":2108,"timings":{"blocked":723,"dns":1,"connect":367,"send":0,"wait":641,"receive":1,"ssl":372},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/logo/logoWhite.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/logo/logoWhite.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 6364\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-18dc\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338391\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 9BC84AFF-35AA-47F8-8076-DBD1036429EE\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6364,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 318 x 144, 8-bit/color RGBA, non-interlaced","md5":"45c781dc22fa33ee3af4b9611b40208f","sha1":"85005a42a66ac2755af868d974cef7a96b3f7732","sha256":"992d312ebba7a4f7559af9b559b803b6de8be4577a26366c29066d98bb382428","sha512":"63a95d0d966dd41d636bcbedda1763579f8126b7ae5448c3f8f350aba06b05dbe81d9f615833f0bbff34bfe341c6f206a89e145ada9acb28945131c816ca8094","ssdeep":"96:T/iMk0vyTGRwuNomrrhXoC4P9IdsLM1hhpMUWBg+TM42IGWUp9PXtQJ1mTdAcsor:TqMkud+wWC4VNyhhpL/+yzV9QJM+4","tlshash":"d5d19e4301c5b55102d0521645ba005b6dfb6be0bedcc40aa497ef0609313e6fef75d9","first_seen":"2025-08-29T11:05:53.141975Z","last_seen":"2026-03-22T22:11:35.376909Z","times_seen":1124,"resource_available":false,"data":null}},"time_used":3060,"timings":{"blocked":2846,"dns":0,"connect":0,"send":0,"wait":213,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f8306425fb46e096ba9db3ab31b67b681fbb31575ff397b0117 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: Z5n3YbHDefAOwKw6Run5fhpwyr/J9XG1Z2t2noex5arHAArHyAhQQ2ZK8eUidNMy2k6WP80hu1/F8RHrixSfYElJTq24qt+g6LgKZnLGDzi26g7XjnXG91Xo9mB2njQGCZSPRqDh2ha6a5F1YFkTCFrXchlnIPNk0AUPF9BnaXM=\r\ntimestamp: 1773320738741\r\nsign: 3q4g3t1734i47n16\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:15:39 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: DA96D9CA-43D0-46A2-B3AD-EE54EDDE5ADC\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1772,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"dc37de311bc28402babbd70f864e8a16","sha1":"39f83a5b722c05c67e3eb4c5ffc697b6be672f13","sha256":"5fafc32bfae82a6e5cab56338bdf4513c93aa406e891254e68e939ae2ab7b6f7","sha512":"dd89d23244bb1aad1a9c4d773c5033e7d891b3684f01afb6f0de38c1f085985df88de286f840a69d2db3c0b1dcc94b8a8787099c031363f2cb94d4b75e92b044","ssdeep":"","tlshash":"165129b9e3915be4db451762817a35f96e4b1248bde4cd45fe3240ea8749228dbac0b0","first_seen":"2026-01-22T17:50:48.742063Z","last_seen":"2026-04-16T09:23:28.992202Z","times_seen":555,"resource_available":false,"data":null}},"time_used":651,"timings":{"blocked":413,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/31098.1766990974022.4108b3dd.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/31098.1766990974022.4108b3dd.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-561e2\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: D1AA3517-3ACF-4E6A-957C-7204C4BBA1D0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":352738,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65338), with no line terminators","md5":"6a188785e7d3e547e5590b8fd050833f","sha1":"071fe5ad95b47333131735b4d9d1353012ef9413","sha256":"359c1600b44cb779ee6c420d1b0966acc4d9a092e91efd7c57ebb9c2d30c607e","sha512":"6803c9195bc5a40dc91b78e88d750faa89094c9f72992b67dc9bac6955c04acb6901cc2f00d5f9d0b0a66b259391b7b27429a005283096b780901000b1fc8c0d","ssdeep":"1536:d+0YvC9jlTKAUSseG1SY46DCdlBBo3AgXOG9AsqCfCXsvCfCXsLCfCXsyCfCXsfX:AKK5sY4brG7O3SnLJNpL","tlshash":"df74b6f4c248c6fdea04ce0a7e7d6f2d50723783f2ec96c446aaf8865e91857245c4da","first_seen":"2025-12-28T13:10:26.266169Z","last_seen":"2026-05-03T15:34:10.27466Z","times_seen":756,"resource_available":true,"data":null}},"time_used":492,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":276,"receive":216,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:15 GMT\r\netag: \"bf7cdad5765dc0a156db56da6bb04bd6\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TiiGMq7Y4lX5JFOE1KoGNk2t1lC%2Bgwy6vwyIcRqPt%2BfhRXsVdPn5p%2B%2FxRySluWnYHvXs5df0Z6dz2CXznuos6J4tfoN63STDpVkDHX0%2BPh1t73fzhw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8f236943-FRA\r\ncontent-length: 117698\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 4299361424308781013\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/home.1766990974022.998896de.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:37.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/home.1766990974022.998896de.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:37 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522598-2e9a8\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320737=B1yfjwA6cJ6C1du+jzEVQBqVY9it0e349RQ+hx4MwGGhiOMkDy3XxWzdFfdMaPHXFBI0u9OrFieBd38uaOfLAUlNknum2GZEGRClo0vvU30FlhFkPI/B/HWCid42h4dsqccy/KLz/ZwZUu0NcML3l+98pn5t+/PCnPsIE9iSonqCB/gVbxaXbKB5UhD9y2bH\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 9981570A-F2F1-4AC2-8C44-036ADDE994E4\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":190888,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64116), with no line terminators","md5":"c8bacac497f9be52a02d18cf99149b05","sha1":"f8f89cffb680291adfd025ba978a443a787d3ce7","sha256":"df8dc59a9712f222386b9765f85997e542198fa52273a87aa4ecd7a39d5c21fe","sha512":"9875a290884d279373f4d56ce6ad35dca0f9fa892ce09e1ee5a186d3891156804e7b2b5bbb677eab9c968077b84d6a4a6cefe4562824383ea0f640808d420505","ssdeep":"3072:fjKkGySIMrCwiYJRuoCQuF7plGvQJLhxffj7TEOiGRA3:fjKkGySIMrCwiCYjFtzffjAGa3","tlshash":"2b141880b5f0e275976fc2b7d7375024b2271686d0ccac60e1f66b187e18796b236db8","first_seen":"2025-12-29T19:25:02.049392Z","last_seen":"2026-03-18T12:35:38.947058Z","times_seen":766,"resource_available":true,"data":null}},"time_used":644,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":228,"receive":416,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor_web_1.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_1.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 42326\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-a556\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 23B4C6CB-748C-402C-9564-23A6242128A1\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42326,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"e0ecbe5a9349aaa328ffd6f9515f9007","sha1":"79ebc30d345c812a3e3a122f152829d161b00a52","sha256":"452d27839b3f3f35d11c9a26f06d6cc9db56dc8c61261ee43e0512f69abf71f4","sha512":"fd322bf3ca925ce2eb45317adae1dee0f1c2e4f30035738052a97ccc054ffb576a92a46758559c8d13cff6be549caca5541d14c5692cbec2758ab2b3c7f3324a","ssdeep":"768:2o9mjFjepo5h5jLasrCO57PIrvmMOSf4t7q5bo6Wruv9CSMsfRLMD7XZ0:2ogpymTxRrwmDSM7mbo6WrutR60","tlshash":"8713f2ebe1075d80bb946c9b3925eec61da50f047bc78d68c5e055f921290bb0fa33a7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.956154Z","times_seen":1621,"resource_available":false,"data":null}},"time_used":2384,"timings":{"blocked":2170,"dns":0,"connect":0,"send":0,"wait":211,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/license.ea57c78d.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/license.ea57c78d.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 1976\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522599-7b8\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: BDEDFB40-D44B-4DB7-A9B4-4C40BF38E53D\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1976,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 161 x 52, 4-bit colormap, non-interlaced","md5":"60a2c7c150b01809fbb7b97932684b5b","sha1":"67fc9647c452a17b519c6a51dc8c38daa23755f9","sha256":"c5ce31558a1f979ae78c7779d2f312b196750375541e9c147b73d6e44d47c276","sha512":"2328442fa1c74e47c6eff4adab55920c7e7738e7ae51bd2b222fb696bbcf8201a14805089a33baa80c28a40db47061048d817c384bd72735b2e0c0116ff63c6f","ssdeep":"","tlshash":"b3412a6266729beced1a8c47592c7df1d8338ca1a200e1c150ed761f1bf8e1060e7a94","first_seen":"2025-08-29T11:05:53.23289Z","last_seen":"2026-06-06T14:57:21.036422Z","times_seen":1517,"resource_available":false,"data":null}},"time_used":3183,"timings":{"blocked":2973,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/loading.da46bff6.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/loading.da46bff6.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 473164\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-7384c\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: CF40DC71-110E-4A48-8C8A-03FBCD2E94B5\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":473164,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"ac7ca483f10bc73cffa89f639f6ffa56","sha1":"03873b9607c635752526968af31773498d259afa","sha256":"a054b81d2850fe2da5b4f97a1c50c05ee59a24c37f1c700e5cc45fe6079598b6","sha512":"caa6b3e243f02c86ccaf71aafd0e716834a7a0cf07305c5c7cc0a1b9d637cc2802caa067b0010c7c3c064e3fe8f7881b26992f57137f98477266653342257760","ssdeep":"6144:NFoYczeWIF3Q/IUPYhuF0KX38I4z/tcKZPehCIjAl/CS+b:rLczeTUPpF083CBdeh7MlvI","tlshash":"79a423929b411988e1096432215fab4d23993b6458ab5fbf78843d88893cf059ff763f","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:20.959683Z","times_seen":1557,"resource_available":false,"data":null}},"time_used":5524,"timings":{"blocked":2656,"dns":0,"connect":0,"send":0,"wait":220,"receive":2648,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/bj1.17ef2db8.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/bj1.17ef2db8.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 58859\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-e5eb\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: E6F9BDCA-8C09-4762-BA0F-D73A806DD891\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58859,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 1299, 1-bit colormap, non-interlaced","md5":"59f1176bd542d042d8ddecbe4ab2cbdf","sha1":"7251e6f8bc0bf8bf3e62e892b34540f8259dcf9d","sha256":"b3bc2f14721d5f84900af66179eb6ad69a9c8d5a89eae36f877cf09fc9872603","sha512":"c4e7f1491686b72482ba26e34fd94496fc71bec2a35ba1d7cf67391e1f47f859465ad9f0c7d286bd35f9a26132fd80012a2cd2f8133cf1c6013db4f4d27a85d7","ssdeep":"1536:jlJ0Z4kwI3cG0YXIPf/OWcFOtk2bnIlfyMcw68vTbD8:gxbsGvYXd8OtTbIsgTbD8","tlshash":"004302d3b5e9f610dd38c157a3d1c9da504483be3e938d0bebbe402629fd56840a6f16","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-06-06T14:57:21.017696Z","times_seen":1599,"resource_available":false,"data":null}},"time_used":2118,"timings":{"blocked":1752,"dns":0,"connect":0,"send":0,"wait":363,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_ca5ef219-cb88-4c5a-b68c-c85984b21465.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:32:15 GMT\r\netag: \"0ffbef6a98ea94ec40dde1e250415640\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OAH26b9emD9xHGDCTkS50iYO0RyA%2Bk8m28hKje6XEPZm3GRB36hr1RE92h9gRx9VcaXAe2tFB5d5vuNeC1TLKXGtiXP2KqQlXFQnkFeef7sH1BBrv%2FBN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9f89fd39e-FRA\r\ncontent-length: 83944\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 13189169336308941078\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":116,"dns":1,"connect":19,"send":0,"wait":286,"receive":24,"ssl":106},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/81f93a5c874c42e288e15686d9dba9f3?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/81f93a5c874c42e288e15686d9dba9f3?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 10157\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"81f93a5c874c42e288e15686d9dba9f3\"; filename*=utf-8''81f93a5c874c42e288e15686d9dba9f3\r\ncontent-md5: aFzEedFMmC88iMGkHtt0Pg==\r\ncontent-transfer-encoding: binary\r\netag: \"FpC7VjSY4HUMc22PphJqlprvZqiF\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:19 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: D4FMWDY93\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: n1wAAAA93Ax92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10157,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 190 x 93, 8-bit/color RGBA, non-interlaced","md5":"685cc479d14c982f3c88c1a41edb743e","sha1":"90bb563498e0750c736d8fa6126a969aef66a885","sha256":"8ce27e69db48bae0123d79389a8942d6656e89f0c839eb01ca54839e3ed5f6c3","sha512":"0b35f7eca0e2ce8690bef3162f9535abe76149bb6ce62fa80c423af9b8983322573443b22fd8e5c84bb5c6859a2142ba5edded2c40c41b90c74a366eb278bbbd","ssdeep":"192:+eVJTJzquyEaqUIHb/6/Atzpt3D441SeXta0EPo9QTkhIxwp6VfEoj:rBaqXuoNHD441SkEo9akJ6dEoj","tlshash":"2322b0082b007f1fa877e138b5602ac136f6f08684d96f2f6305547ad49fb7fea86516","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-05-17T14:18:39.711889Z","times_seen":54,"resource_available":false,"data":null}},"time_used":2302,"timings":{"blocked":964,"dns":0,"connect":0,"send":0,"wait":1207,"receive":131,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a04f29a673254b1f81571168357b25dc?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a04f29a673254b1f81571168357b25dc?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 14098\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"a04f29a673254b1f81571168357b25dc\"; filename*=utf-8''a04f29a673254b1f81571168357b25dc\r\ncontent-md5: kVNt5ypPx5lnS+gPX2r4bw==\r\ncontent-transfer-encoding: binary\r\netag: \"Ft9XWuUYQLSmib8Y_1r3H7QfT5ow\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:46 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 3n1VBhRXX\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 84AAAABab_7d4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14098,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"91536de72a4fc799674be80f5f6af86f","sha1":"df575ae51840b4a689bf18ff5af71fb41f4f9a30","sha256":"9a07fb612ce17f0d6de8b1c5bc1687da5340b2aa29cb9bc17ecff53c202c7e06","sha512":"930a68510daf0f5f5bdd74d41bfd25c2425b36fa39a62d7ef9e1828da6b4160d1b4c460451059318732185efc37dec77e574bba0d22756a764f2326b147a622e","ssdeep":"384:s+jw1P4UXdOuVTRoreoeuX6b4LYIwMgwJX:BjwFnFR4eYqb40bM9JX","tlshash":"0552c1edcb14b4fcfcea60d5a550a152ba2e103d407f115194b5f6a3ec6067562c0f37","first_seen":"2025-02-26T15:38:27.684348Z","last_seen":"2026-05-24T05:41:01.459522Z","times_seen":209,"resource_available":false,"data":null}},"time_used":2511,"timings":{"blocked":823,"dns":0,"connect":0,"send":0,"wait":1253,"receive":435,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/chunk-init.1766990974022.833a06d6.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/chunk-init.1766990974022.833a06d6.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:35 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-42955\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320735=t1T7fT66rZ+YDhI9i8qP2DvF5UIxVxl0Aw1JcilzJiPh0k+Zu02i5p98hRUuWF7m1qOUGB0OXG70qMDmFN26RR4pGNIKl++AlxemLPuJb4yF8aQIPOc+pofYlVRAdlm2pz6bL5z5R16vsbw7SYGeZY2KZVphxgDVkTXcWPDu1/QBQD9v1LjxtJUC87BmvCSZ\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: A758C6C0-16A1-4957-A9F1-EF9FDC356E60\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":272725,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44101)","md5":"8bfe603e28e5e2ba4c2ce2eb194ad9e1","sha1":"da473d072f47cf9ea34b6b98768edb31d9bb43a0","sha256":"db49da0b3c77eeaabf0f5b7d950521830d16460c3d9b54a242d75cffc679a96c","sha512":"38d2f08ea71d52b838495954f50f4e8abde57dcca9ff6078491a0ddc0bff2d49dd770f98e5db3bb8aaad7c46b35541e9f1b26fca853c152d5d3164e0a61c2af5","ssdeep":"3072:WtwqhOIKENB85doKa/x5wc0dB5/J+UUknCqd7ACifMur0g/C:fENm5ox2Br+2nCoAlfMu0T","tlshash":"c5441b98b3d171b847cb52e5622b1035f6ba1c933098e4f0d219ea947f3168dd52eeec","first_seen":"2025-12-29T19:25:01.962012Z","last_seen":"2026-04-27T23:33:27.866246Z","times_seen":897,"resource_available":true,"data":null}},"time_used":1802,"timings":{"blocked":725,"dns":0,"connect":0,"send":0,"wait":452,"receive":625,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/35142.1766990974022.f3d30e50.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/35142.1766990974022.f3d30e50.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-52370\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: 22E016DC-BB8B-4AF9-AEF4-4A9D916BFE5F\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":336752,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64888), with no line terminators","md5":"2f2b45aebe46e87335a41a933bd6ada9","sha1":"52decab337e7945b551144884b42c36a8570a0c9","sha256":"7bc82b8b13e9449279a6e0928b8412fba3b9f7ff0fdd5007eb92d2dfbaff438b","sha512":"668bc6fe7df1ae1bb328a733a63427405f9c38ec6c553767e9075245a338dc49ef9202447e0e077fafcd3a78cf202533242c58dee2cf3b1a1a51ad27a0cc7045","ssdeep":"6144:fjhhkpltqniyveBHlBfb04ae7Ancbt8ZijKfILToSlthWe/futUDhrRtZYD5jMDq:fjhhkplwniyv0HlBfb04aaAncbt8Zija","tlshash":"c0644c84b690b17883af86fb721a9194d24d0e9460ccace4f37e6e40bf15746b8775ec","first_seen":"2025-12-29T19:25:01.951652Z","last_seen":"2026-03-18T12:35:38.955057Z","times_seen":762,"resource_available":true,"data":null}},"time_used":942,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":483,"receive":459,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_91f2d885-8341-4928-bace-352c8c691bef.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:32 GMT\r\netag: \"16aab0027c0128d815e6dc1bce622be1\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pvz11IGt5NkUUACF5WwhdL%2FWjaX8MWskXcKCmKkMgTMcx%2BMyhYIB3P0lJP9IZ8ckXbi7X%2BZ7JSzjc9R3jzw7KO6KPh7ZwUZVL0qWPSZ1wj7URY4iXwCF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8f143a4a-FRA\r\ncontent-length: 11602\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 2832714609681172460\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":227,"timings":{"blocked":18,"dns":0,"connect":0,"send":0,"wait":173,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/5c236762431e4b8499137a098128718d?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/5c236762431e4b8499137a098128718d?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 46519\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"5c236762431e4b8499137a098128718d\"; filename*=utf-8''5c236762431e4b8499137a098128718d\r\ncontent-md5: v91QBIQzDWOnI8vDlt92LA==\r\ncontent-transfer-encoding: binary\r\netag: \"FsL5qmMbtQtUbU9-oX1_uLd5a5H5\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:14 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 77nzeQLMR\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: INcAAABibf182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46519,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"bfdd500484330d63a723cbc396df762c","sha1":"c2f9aa631bb50b546d4f7ea17d7fb8b7796b91f9","sha256":"dded3e4d80883f4e0b252ede1f029cd3b764eeb7928fef10fb4b0faeebf326a4","sha512":"aa103789edb020732b7040c7a7a389a2cffbb36823a250dd3de017481da59bf23d51fdecc95b988fd23188035588816984a1fd8995019870d8ac0a3111b3f14f","ssdeep":"768:SfdBtucg82/pFKJJ00Mip/vYLSRRBq9x4QhGpfrr1KU76QkFPF00uvX1:Kdus2/LK700Lp/v6SRRBcx4gGpfrr1PR","tlshash":"0f2301dede041e9e70206c2597ea950c997ee25b6f25a30398e7a4fb04f33012e61d47","first_seen":"2023-10-31T11:08:25Z","last_seen":"2026-05-15T23:42:44.609231Z","times_seen":249,"resource_available":false,"data":null}},"time_used":3375,"timings":{"blocked":960,"dns":0,"connect":0,"send":0,"wait":1207,"receive":1208,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/987ba0f7d3ad4e108b2353d441ccd887?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/987ba0f7d3ad4e108b2353d441ccd887?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 27217\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"987ba0f7d3ad4e108b2353d441ccd887\"; filename*=utf-8''987ba0f7d3ad4e108b2353d441ccd887\r\ncontent-md5: ZQiUbJpf4iqHhLkFsl6MeQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fg4UaIZrZbDVorodZPl-Wr9UreyW\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:45 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: DGxR3o5II\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: YS8AAABPAhPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27217,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit gray+alpha, non-interlaced","md5":"6508946c9a5fe22a8784b905b25e8c79","sha1":"0e1468866b65b0d5a2ba1d64f97e5abf54adec96","sha256":"893c1114ae76ae3a992db25f75b2f788b0b4b0239d06a02a02d254fd6be71485","sha512":"0bc956d3d26a7853dc611e4c7d3ba5685b540665040adec770f3ed02970b6124e8a0a970aec13056a8bcd5a81aa10897efeb6837b01432003fab1feb15d2bbe4","ssdeep":"768:ZCG5epoj42Sf3AQoGrc1GDUyomPUmVZckFfjKKW/:ZNMy+fwvqoVQXjKKU","tlshash":"6ec2e2e68c147b28629bbb5e8cf93b40c57315978cdc878c552153c83a813b641c3bfa","first_seen":"2024-12-13T17:33:29.045823Z","last_seen":"2026-05-20T08:35:52.502462Z","times_seen":314,"resource_available":false,"data":null}},"time_used":2535,"timings":{"blocked":756,"dns":0,"connect":0,"send":0,"wait":1254,"receive":525,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/56c4c0597484472d94179dce3a9097f6?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/56c4c0597484472d94179dce3a9097f6?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 16695\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"56c4c0597484472d94179dce3a9097f6\"; filename*=utf-8''56c4c0597484472d94179dce3a9097f6\r\ncontent-md5: AT+y17Z21b0U7dIxD0S8wQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FmE6PGKmJEeOwAG-74Lsuf5bfPbA\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:45 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: CkcOKSFZB\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: XTEAAACk5hHe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":16695,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"013fb2d7b676d5bd14edd2310f44bcc1","sha1":"613a3c62a624478ec001beef82ecb9fe5b7cf6c0","sha256":"c61c6c6f67060248c02f8cfe66677ff5f626195f9a6f55b6e1c8d468f65cb2c0","sha512":"a31fbcc5fddb06fd71496c466892295167d6f4faa350d3d530bb637eff8ad70048321b4ed768ae64a243f285a17fd1efdb58e22c76115f09bd96ec1d06138e4b","ssdeep":"384:7mjiH4zcB2vu/UhzYEo1/gZQ4SpjjfbgVz6mYr/R+:L4zMKu/Uh0Eo1CQNjfbgd6mYDR+","tlshash":"4972dfa9673310ccdc32ae399d43394ae1338bf5357649f4d952286538abc632a70b4b","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-05-31T19:06:29.590268Z","times_seen":89,"resource_available":false,"data":null}},"time_used":2506,"timings":{"blocked":756,"dns":0,"connect":0,"send":0,"wait":1254,"receive":496,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/12b7443d31f54a6f972dc9326b9b2df0?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/12b7443d31f54a6f972dc9326b9b2df0?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 27593\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"12b7443d31f54a6f972dc9326b9b2df0\"; filename*=utf-8''12b7443d31f54a6f972dc9326b9b2df0\r\ncontent-md5: 8EWLHxthWZOAFj8ayDWSgg==\r\ncontent-transfer-encoding: binary\r\netag: \"Fr77d6IjE2g_gNEJxSKVOM3KVzCm\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:49 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: QIb2Q2ylh\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: A4wAAADbihPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":27593,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"f0458b1f1b61599380163f1ac8359282","sha1":"befb77a22313683f80d109c5229538cdca5730a6","sha256":"7658b1a28c83956cc455e75ae1315d0056895587996376b7b7a89c3ad5e3fcbb","sha512":"85f842964eda05ede4d2e3c96d34faa626c4c035b504b4ed62cdaf96c954923099626561d4420c4d9f0ad645e9c2227c1ef8a78cae275b5169a81f8f5c858baf","ssdeep":"768:DbAd7wny6s6BbSomumPr23QHXgW/qnlLZ3F/McGnvb65yXF:DbA5m3BGoxo2A3gtLNFEJz1","tlshash":"c7c2e081076a8065d50f06c3fe62ea05edcbab2bed0570f1d01dbbcd16ca9129aee915","first_seen":"2025-09-21T04:12:34.086102Z","last_seen":"2026-05-22T17:42:05.02304Z","times_seen":203,"resource_available":false,"data":null}},"time_used":2188,"timings":{"blocked":358,"dns":0,"connect":0,"send":0,"wait":1255,"receive":575,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/f45486942ea0457ca2f6a06414b12392?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/f45486942ea0457ca2f6a06414b12392?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 29233\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 53432\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"f45486942ea0457ca2f6a06414b12392\"; filename*=utf-8''f45486942ea0457ca2f6a06414b12392\r\ncontent-md5: Brs1Vyi9Q3yJThgxFXklCQ==\r\ncontent-transfer-encoding: binary\r\netag: \"Fiu-IKT0Oqww0JX1gmoiA3b3Ez1k\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:01 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 2C4QGVBVE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: jDIAAACt-BU56ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29233,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"06bb355728bd437c894e183115792509","sha1":"2bbe20a4f43aac30d095f5826a220376f7133d64","sha256":"6eaa06dec6b1ed3fd197506c5c64788e25d493f920f2b8b474e15e3ee25e5839","sha512":"b39844cf646dec2bddef84b24467cb3db2a56ca4b8a30434c024e81807722c2141f36cdd503498f4d2e6b7c044258a97c88f806a2a6f9897986a24cb0f498e53","ssdeep":"768:VbxSt0XUPfTmwH+llh3/FCwOD8xSFhnB5:VxQkU3TmwAv3MwxSF9H","tlshash":"f1d28bcc62f436ed86baeb6d1907b41d54a5534e886630b4fb22d3db6287ff54c80913","first_seen":"2025-01-29T13:39:14.615125Z","last_seen":"2026-04-24T23:10:16.753968Z","times_seen":132,"resource_available":false,"data":null}},"time_used":2082,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":1252,"receive":643,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/LIVE.88ccbf98.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/LIVE.88ccbf98.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 61665\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-f0e1\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nAge: 338386\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 7C7CBAB8-8602-420F-8327-B0CE60A51A53\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61665,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"372d01a2bda7ccdca1e7966af39c2327","sha1":"d438c1947b711d032c5621a6b4b08bbbca2c338d","sha256":"4eac7be4c06fa607ef5e95789e3ead43806bfeff97872ed6567e3810f2f661bc","sha512":"9f04160df8696cf984cd77604dddaea73969479e4f1c5050e53351df7f11e85d8ecccb14ecb87dcd58bea0ba04d9ba5ea3f99c69a179ba88ad38d5416b7a94d3","ssdeep":"1536:jTjrlfQBxhFWiXt2lnJE9mARbSK0k2C8ve1HfarCtt:jH1QjwWUC9mA10jC8WZfaQt","tlshash":"dd53124a2ecc3a1f7bf21e5e06f286814d36a186d0f9ba5bc6e70ef1218521de0e4535","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.030033Z","times_seen":1496,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":213,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_13f1f273-ad7d-4854-b9a3-7f3eb8823296.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:03 GMT\r\netag: \"800055c0ca062917b33030dc93ade763\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pIPv3S5C3W3gDoWdPaLh4Asa9M2zlazTfg9mwmMP8MhYheaNk46M21vDerzdKtTSKtQ4bgfMcS%2FlFpaCA2Yw2t%2BNAPa1yQyLz56WDOSNS%2FPa9ZxCD%2BeD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba99521cbf-FRA\r\ncontent-length: 147613\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 15205408812422732935\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size704x442_7f760e34-ebbd-4cfc-bc28-666cc8a6234f.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:28 GMT\r\netag: \"11bc0490f01525768f59770db2297149\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8V2mLZ94hfjkCFyMiE3TZfXAbMvepSWMFEbPXsRU7dCt7wXyolBmdvLCBnhpmgfDPvUUwOsRSnvCorH8wMrs8v%2FvSbtJJnTbSBwZo0NzKVbjvfkv%2BzyM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebaecce467c-WAW\r\ncontent-length: 44494\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 12521345493773940574\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.772Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:36:04 GMT\r\netag: \"69942ba4ae61d68959322ce67ce23932\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wXVl4MQIoUuJuaPKvU6OOaxz%2FIt8PG1%2FxBei8F0C0h3%2FZ9fbsyen%2BGnMfnC0%2FH7ISq4nUpMGVY4J75HkTSrhoPmzbAub%2FIVc6J%2F7WtyN3fh5IGcJe9IL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d040a486c80c527-WAW\r\ncontent-length: 126465\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1672603\r\neo-log-uuid: 5560854121117442320\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:44.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nx-request-source: https://u95f.xyz\r\nXign: Vp87QqKEYT9BHclu2vlmP/aI1cpyegglemjxrFNN3UVpRXbeC9Ipa/y3pL2xA7Nk74Rlg6UoWiwbNcGAx2kd0VeISuOTtBQQ4mwOMqpCGkrr6RiS7CoFf9aa43pDl/UTCMh0DzgDlHSvxiDP/mqw0iLiE5dqSsfEfLhYXph3M8M=\r\ntimestamp: 1773320744748\r\nsign: h7s7r2tu1t6k7c2u\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:44 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320744=wTh16AvzE4qB3irp9131XvWZnobPsWK9ztQDVjhLr3Shhn0QukOZy86+ruoVTvduMLxUYBArQzbfRtF1ehvfx53FEzfyXXpnbFHwKIPB4lPy5CDnTpqs528/n1OWuWt33s3hYkiKzvOWgkocgY/odP2vSuUUOuLKK3mcaKJUrk2iHVEiemmQavE8/mXXD3iH\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 60FA9C17-26CB-4D91-B268-DDB96939D352\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16795,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (16099), with no line terminators","md5":"6bbf7bf8e12798187c96e7af5e4b16ff","sha1":"ee7763f2d23727a28f45c0c94b556948283819ea","sha256":"9b558a550d0fc5816b7adfc4db81911be3952488d09ac8b2052f1db355a924e3","sha512":"ec545a334ea5a714555626be28fcd76d1b6934b400415751916dbb1a83162edfe12b859df55fd86fd33c91aa2308d6cca01a59d446e9a138e8e116639e80b345","ssdeep":"384:eAuwS1KpZFIQhfaWk91Pz5YqaSSyjDE00dhhNMuGwZWoqzyLMNcq8rcidrpgUnm8:eAuwS1K/FIQhfaW+Pz5laSPjDE00dhhp","tlshash":"5372bf9a81dd18991b8c61d16e5e3f4c847eb95b0a9eb5daee4ecf0820f83f75240c15","first_seen":"2026-03-12T13:06:12.648485Z","last_seen":"2026-03-12T13:06:12.648485Z","times_seen":1,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/no_data.02e9590c.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.341Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/no_data.02e9590c.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/bj3.a7dbd558.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/bj3.a7dbd558.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 5835\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-16cb\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: A7623889-2EDB-404C-9281-79EAB5CDFCCA\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5835,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1003 x 171, 8-bit/color RGBA, non-interlaced","md5":"b79234bcd23ce7e063481b3605bcdd45","sha1":"eace4c48cc352cfb10fb6fcffed50748f18aa78d","sha256":"2dbca2ee9a515b178cb6a5ce670a5dafa30941ad8c753fa3e94642f8dacca13d","sha512":"40fa685181391f1ca805440f53683045d1fbd5c0f36cf471f53641c6f289481f42fefc4d1f2b2fdfe8a20d7488ef0537f10352492e46af76770b49fe8876def7","ssdeep":"96:brOIaX7VK+RUSrZ3rnZ1L++y+hsVoK4CBVVikox3n0muoE7Nqh7zwGto:K7VK+RBZ3l1i+y+3peikr3oEJqh7MCo","tlshash":"91c18f03f313ed339b875f190abe4dc3498b2f9a4725a7d6285b5aa89654819c062e82","first_seen":"2025-08-29T11:05:53.328141Z","last_seen":"2026-06-06T14:57:20.964609Z","times_seen":1564,"resource_available":false,"data":null}},"time_used":2504,"timings":{"blocked":2277,"dns":0,"connect":0,"send":0,"wait":226,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/pay.8f35ebe1.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/pay.8f35ebe1.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 5453\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522599-154d\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: CBCAF389-D50F-4847-927C-46049E272C74\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 492 x 132, 4-bit colormap, non-interlaced","md5":"05d444b76263f6958a37ac82e45daa67","sha1":"a067d3a654da1ec4c51d8f049aabaa112183e355","sha256":"49166910b376f5487f30174e60fcf13aaaca9620ef1aa58cfb2c94a8c111ea8d","sha512":"7d276d57b068ec4a0125512e0781c501a96bf6c30b30304d247251190c6421a9ed7a03ec208a590d19d9a1183e3837b06d141bddd99abb7b0ee4e2a1ba28b28b","ssdeep":"96:u9g9Yof8+keuD1Kai/MXG5BHMsDiCNPFH/qX4iWXnqvcIzDRHSVyl07TrOKCm0R4:u9g9rJuYai//7FiSXnqvNYGmrOKcPwzp","tlshash":"74b18e749d6efb2a26b315c30d7499c21ea45c9e0d94f1c2244776963c732de3270985","first_seen":"2025-08-29T11:05:53.301829Z","last_seen":"2026-06-06T14:57:21.018191Z","times_seen":1509,"resource_available":false,"data":null}},"time_used":3329,"timings":{"blocked":3118,"dns":0,"connect":0,"send":0,"wait":211,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/noData/cms_moren.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/noData/cms_moren.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 19732\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-4d14\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338391\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 4FB49C41-C6BE-4A8C-B649-26E4C178D55D\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19732,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 215 x 214, 8-bit/color RGBA, non-interlaced","md5":"f3c825751a70d4aad8da2ce57f76acf6","sha1":"732da443668abb03a79a70df2d0ea8d801158655","sha256":"c395f4c1941459ef620f6df95fabd39f9ac98e03f6a389886bf224157557ce41","sha512":"a3b3fa2a216c10d331fea4771b916825d0605b94e21ac242d152d7c5e4b984cf3baad7a3fd071dde3432162037514d756cce1a0f699baf3dc98eaf75483c91b0","ssdeep":"384:64pTwcIHFqFpIlD8SqhwFLW/na2PvyQXSOKvOi58KUezsTT5ZOon:67XlROe8WvOAPHQv","tlshash":"a592d0d8abcb6705bb132b43b941a3558e0dfd6a130b9bb131782805ee16151e8d7e3f","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.043292Z","times_seen":1629,"resource_available":false,"data":null}},"time_used":3129,"timings":{"blocked":2684,"dns":0,"connect":0,"send":0,"wait":223,"receive":222,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f83064249b06e0660afdb30b60772fdcdfbb3036fb467600d10b16d76dc640e HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: oD6jSo21d8la1Ts6Y1YW6Z6jD4az+uA5JEqD/oWVOuabmYnVAuyDOJJCxej9cnurm/mXbl0vLHGEIAsLV7ZhaEFuiQTyd2fZu+mT1Hg0adfMexi/VyZ08LQ7I3VMuIEqfP8PaHKM4fJY8gRXo4GHIojFDzF0wC5KycP+kIV684M=\r\ntimestamp: 1773320738741\r\nsign: 84c142018v4l1j6k\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:15:39 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 2AD80F5B-1FA9-48F3-92A4-7A5A127983E7\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3632,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"b1becf5826103f8dce588065a63ddc4f","sha1":"1e111fda1891f3c1bb8a1c6c0444940c24e6ee8f","sha256":"53ddca5bb11a704f0677f6b6d3bc085c60cbb8a9b62dd591eedf5eebb876da25","sha512":"dfd7ddd9512d3677a16e79ab667c276c9ee25bdd16b1756695cfaa5e255e3c61ff6e8f583c901f620dac2d809d6b905284a29b7718409f720acbc28d4a626db8","ssdeep":"96:eOG3iMFIoHUm0mYvNGEw1sSB+Z+x73L7648bFYOaJQGCCrzlRdTe5s:VL0cmeRw1BB+ZG7RKOGRCrUs","tlshash":"a8b18e2659a1dbd4e946cafb38d0cfd027a35be87b937fa0cfa58142449a0414aaf085","first_seen":"2025-12-29T19:25:02.051672Z","last_seen":"2026-04-22T19:07:08.764367Z","times_seen":864,"resource_available":false,"data":null}},"time_used":662,"timings":{"blocked":426,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/SPORT.aab253e7.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/SPORT.aab253e7.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 55380\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-d854\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nAge: 338386\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 246FED75-5379-4A29-92F0-1E45570DAB8A\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55380,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"3990a0dcf110f100c97ab413079e969e","sha1":"8087b72a149b71f4f5fc43b0f8bc07b89b621583","sha256":"6ddc189e7780b1313933d4903be9fbf6644b6a590e9aba83a6e4e50fdafb170e","sha512":"6b092584d42ec1423ecb94383907f29571e93308944813286d6e74b10f6eccb27536924220780f9a080dc259a095718a33f0757fc0adb04d737c83a6fa1647e5","ssdeep":"768:aEivx5zbZ4L0zze87wWbuKu4YIsZdCPX4ueh17yEs7NsGJSLsBQ1MDAaYHKJTbYC:aEi3eL0za8xbw4UmXI1VfJIRDYqz6W","tlshash":"bc43022944944c242384f1a6ac778dbc6dffa348a5f38f639a842bec7dcd84d95f4811","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.026614Z","times_seen":1507,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":212,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_6ba5f6e7-0a03-42b1-aae6-3de33d838c71.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:45 GMT\r\netag: \"de74f0edd03d014ad273645588230ca5\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6P6re5KdlwcXfiGq%2Fid1SuxrcrJaXPixqxSh73FFQLStspdLOV%2FMrvNXQtEvIrJ2nDt%2FSGCZ0%2BNyWVzut3zm%2BriGPQX4%2BM8HjzyC64aJqrM53rKLtjMD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9d83e4467b71eed5-WAW\r\ncontent-length: 72698\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 494089\r\neo-log-uuid: 13224148037746711973\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":237,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/4617fe4f12744462942448f197b386ad?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/4617fe4f12744462942448f197b386ad?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 3251\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"4617fe4f12744462942448f197b386ad\"; filename*=utf-8''4617fe4f12744462942448f197b386ad\r\ncontent-md5: VNu1QPPbnLdMOhTi0jV1Mw==\r\ncontent-transfer-encoding: binary\r\netag: \"FvBSk1zom7xgdO7kiYuX9B11MQY7\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:43 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: KuqucBvsF\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: bssAAABWf-vd4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3251,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 110 x 110, 8-bit gray+alpha, non-interlaced","md5":"54dbb540f3db9cb74c3a14e2d2357533","sha1":"f052935ce89bbc6074eee4898b97f41d7531063b","sha256":"3cf98ecb957b894e5f79688a0f428fc682dc67726f6751476a594756dbd4838c","sha512":"c5e3265a9756f366435bb58198192fae733f312d594c849fd62e7fdff8a22f233a0f764892322e4deb5aa396d96a35d6012b24d6471a68470bb9cdff3c717c8f","ssdeep":"","tlshash":"66615d71d3c7b9220cba7177b3d602f9de829f3d5c4950a296b671c6d4f619187c2405","first_seen":"2024-08-19T15:20:18.571455Z","last_seen":"2026-04-24T23:10:16.807924Z","times_seen":117,"resource_available":false,"data":null}},"time_used":2495,"timings":{"blocked":826,"dns":0,"connect":0,"send":0,"wait":1253,"receive":416,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor.json?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor.json?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: application/json\r\nContent-Length: 646\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nETag: \"68d7cb3f-286\"\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nAccept-Ranges: bytes\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: D98F5D05-D5FD-46BA-80C7-281E368EE43F\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":646,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10d2161de8cf99c474812f4c43645a26","sha1":"71884ef7281cdcb5084088f16d4550ce8790e634","sha256":"bb02fd7438bb49dd4decb6f76a71f11e93355332fd9f965d6f9f13bb8175aeca","sha512":"bf0fd1232309fcc5582d5c42644e1c7b4b8d235b1066e988ff55e0dd94a956f89742401f00c2d904359041c8e0c2bac8e9316252fab60db5eb0a3b4c935172f0","ssdeep":"","tlshash":"d8f0f44ad8b25b93211fb57c58cd050470294a8f0eccaac4baac987c4f598ddd1e839e","first_seen":"2023-06-16T04:51:50Z","last_seen":"2026-06-06T14:57:20.956662Z","times_seen":1751,"resource_available":false,"data":null}},"time_used":1395,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1395,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/appdown.6e7c9177.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/appdown.6e7c9177.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/index-399e2569.1766990974022.29c710d5.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 10111\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-277f\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338391\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 6E288F0C-9453-45E0-AFF4-B0F549973B6B\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10111,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"716d097b193628397635cfac41b561fa","sha1":"545d1876219bed15fe850a499a08322de6a26866","sha256":"50276d87fae9c1e30a32c32b4e90dcc2e227cabb4e3bb1d60ecb22fb50c5f2ff","sha512":"47ea5928e921bec4ce4d9c807ee921f6115a6dd27af6fa7325e6d988058d22cf36c03693ebc56665203809cfd6d008cd410380e688e90b36d7eeec18ce6aa92f","ssdeep":"192:cALsiDRih/bWKl4Hq2BHZE6+3paMeCsuTvB6hi6tswYmd:lBEv2Hq2BHS1ZaMJtB+tsud","tlshash":"4622d047a584327b826ec79c8fe98c112470ad1ce6f04d5ac44e711128e8df3503baf2","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:21.038991Z","times_seen":1571,"resource_available":false,"data":null}},"time_used":2695,"timings":{"blocked":2469,"dns":0,"connect":0,"send":0,"wait":225,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202506/_enc_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202506/_enc_size1260x1156_03543abb-5967-4969-b0c5-87347b24c4d6.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:32:07 GMT\r\netag: \"edaf3a34d49e86d1ff9ac779f4a2d3e6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MD2YAByZyGEptwWwD%2BocTPhtuphDP3ZVFwfWm8dIZMj%2Bb16lpNgsXI%2FjArIwkCDh%2BjJwQQPJvBhyxGJx6vL0IfayMH%2FC5LJ5JQPGcw1Wo4vZNaDg%2FXQv\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9bcdb3677-FRA\r\ncontent-length: 148768\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 7569743873624255815\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":579,"timings":{"blocked":136,"dns":11,"connect":19,"send":0,"wait":222,"receive":87,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_96811f47-5a2c-446d-a8ca-696df160de09.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:26:39 GMT\r\netag: \"c52d2466fd690c6aa6227524649af402\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qdOuFiPjKXSS9ToMqsni6gLnVI4PWtq4rd4Ngu7%2FO2v%2FbcKUv7f6agzegSrJaey2Vq8mbDBMOUM%2B2yIDx1tmHFQBT34mw96g13jOG6Q%2FzPceLpoouX%2FM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebaaed2974b-FRA\r\ncontent-length: 46184\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 9765792544633281915\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/2ace0916ce8e42f296ff03c439e388d7?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/2ace0916ce8e42f296ff03c439e388d7?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 107246\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"2ace0916ce8e42f296ff03c439e388d7\"; filename*=utf-8''2ace0916ce8e42f296ff03c439e388d7\r\ncontent-md5: vM3Zm6lOQrDdSbpZUXPaZQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FiulWqX6afDo2zdd-9oDaPLCqkeV\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:21 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: gK4sQRp4u\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: RzgAAADqZf182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107246,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1455, 8-bit/color RGBA, non-interlaced","md5":"bccdd99ba94e42b0dd49ba595173da65","sha1":"2ba55aa5fa69f0e8db375dfbda0368f2c2aa4795","sha256":"1b624530a5f9e367dbb7a2ff1827b032b4c1154a4070655ab48674e931965480","sha512":"be4e8edd316894f3e5f2f5be7717fcc2d66850b9ace9be91463c3fad3e8c08e7b8294dea1374c9255737ca3e93426727cd19a0519bcc36b212744a43a80f17bd","ssdeep":"1536:0ReVLlIo2C7b8Hm4L/+0g5aJbcF4XaUqon5li0YbuxYjPv3tlBNOo2HO4t:xVt2C8H1L/8h4XaO5lqyCbtoHL","tlshash":"bca301451c9277e8e33e8674b32d0442829896fb4e04d73716173773ecf5ae24bae5a4","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-04-12T14:07:57.019877Z","times_seen":59,"resource_available":false,"data":null}},"time_used":3458,"timings":{"blocked":952,"dns":0,"connect":0,"send":0,"wait":1208,"receive":1298,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/5294a0286f13482f9e20f3063fba3265?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/5294a0286f13482f9e20f3063fba3265?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 7077\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"5294a0286f13482f9e20f3063fba3265\"; filename*=utf-8''5294a0286f13482f9e20f3063fba3265\r\ncontent-md5: aXRjhPqXGA4Js+7v6cnMhw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fg19uiEhPEwQrK4E1o2R4g_Xa1Vz\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:42 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: aS7YoeyXr\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 2HQAAADgHv7d4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7077,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit gray+alpha, non-interlaced","md5":"69746384fa97180e09b3eeefe9c9cc87","sha1":"0d7dba21213c4c10acae04d68d91e20fd76b5573","sha256":"f54ae29096528992edb8bff715a2a1bcaa8575b528adc1d214c015944fd04085","sha512":"1e1f273bf4b1c05a2702cef7ba651a5848e823c3af5417ba61f9d8cea9b083d766cbb63d55e6813c2c77b0e9283fa00048cfac65bcddd03159516b9bd77b80be","ssdeep":"192:P1+RyGlPji5BHfyi0EMJjarPNbBSlnGC+AMgw5:P1+kGJYHfdpgOSlnl+AM","tlshash":"52e1afc4b8b8a438426e99d79acc5f47deec0eac2c910dd4d603493eae04544e87df61","first_seen":"2025-09-01T23:16:58.465232Z","last_seen":"2026-05-04T20:16:58.003883Z","times_seen":112,"resource_available":false,"data":null}},"time_used":2494,"timings":{"blocked":825,"dns":0,"connect":0,"send":0,"wait":1253,"receive":416,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e15bb6b1bba049769c0c2bb41922aa43?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e15bb6b1bba049769c0c2bb41922aa43?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 12220\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 45313\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e15bb6b1bba049769c0c2bb41922aa43\"; filename*=utf-8''e15bb6b1bba049769c0c2bb41922aa43\r\ncontent-md5: GAVUqswpG4L+gkhl36otdQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FsZ91tmLlq3bebQpTKgKMQK7z5jT\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:11 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 9jszsFYQC\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: A6cAAABsy2Sb8JsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12220,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"180554aacc291b82fe824865dfaa2d75","sha1":"c67dd6d98b96addb79b4294ca80a3102bbcf98d3","sha256":"d6040cb887ba3ced22e89b047e81436d2e7149651e4e2fdba193cae3f12fa48b","sha512":"250f4fbc819dea63b834da9cfc85a16146e6204578857c6c8ddc0564056112c02bb00a8818f5d2bca943e890642b5f1be6d9097e070b68c76e9813cc0be891cd","ssdeep":"192:v0GDwd7lqR62IO2FZtILS7Ql9087j1J6OZbKu7fVqqKPcMUPdntI7ZbTBooT55z:vnIla6s8zk9FbZZbKSfVJKPcMU6Zbd/v","tlshash":"c742c0b4d31a2562a931570bc800f0bef65f079f42a722309f643a5fb3338a4d5a43d1","first_seen":"2025-01-29T13:39:14.883319Z","last_seen":"2026-05-27T14:35:19.945761Z","times_seen":138,"resource_available":false,"data":null}},"time_used":2202,"timings":{"blocked":188,"dns":0,"connect":0,"send":0,"wait":1549,"receive":465,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/service.68be110a.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/service.68be110a.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/index-399e2569.1766990974022.29c710d5.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 10641\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-2991\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 2FF99E78-D773-4BAD-A7A3-B28B62F989CF\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10641,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"993784a38ddc1156572bfc3308055ead","sha1":"becff431867226bf323b5a6535fa383992f107eb","sha256":"abca3af980888b08c6cbd57366b3ac94344d66ea048484c4f9867e300ee8703a","sha512":"48790c6340f273a58295fc6607306353ab69d5a818569fe36ef1bffc8fff084b23d37b401e10502b830c67a5efedca56c1c9d778d6198e4069018d055f1869f0","ssdeep":"192:NdsarkpjwOOmfStcnaHtzB3l2eKD9RdfXtRqi3ln+ojjjKMGlnyL5H7nx+:nJQpjgOz9Dd0orKMGlnA5Hbs","tlshash":"8822c0c41e1be1b6d2ffa916b28543a04b3421fda1a24c342d828c04ccad56ac91f9e7","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:20.997053Z","times_seen":1572,"resource_available":false,"data":null}},"time_used":2557,"timings":{"blocked":2348,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/partner.dca3fc6e.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/partner.dca3fc6e.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 28969\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522599-7129\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 346771\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: A99AE29B-A813-44E5-AC04-F32AC3836987\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 151, 8-bit/color RGBA, non-interlaced","md5":"7374b72d05130af2d77119eb0eb4ba10","sha1":"5b3e5e621329685de250121b2fd9c798f46f7d65","sha256":"059a622a7f1f0f1f239d624f19b0f5531c0f0aedadb8ccd40d2570a76dd56752","sha512":"c2d0f744838a882c8ac15de6bb0bfbeb3dd2f31550cc7a259b9890ea38eddf835902171c1346ed7e1d2005ba18b929d598002d60b7355df72073d955521b18b0","ssdeep":"768:tAAoY1X4ITISUWhiqmMiuCaUENwHoacq8zqWx6:abaX4SIYIdMMow8zqi6","tlshash":"a2d2e0ecdc3058f1f533894dc979813a6f3886ba05e359817a36f92bddc3e8506491e6","first_seen":"2025-08-29T11:05:53.287538Z","last_seen":"2026-06-06T14:57:21.039453Z","times_seen":1508,"resource_available":false,"data":null}},"time_used":3378,"timings":{"blocked":2980,"dns":0,"connect":0,"send":0,"wait":397,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/zeren.c0aa584f.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/zeren.c0aa584f.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 3322\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522599-cfa\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 42267EB4-1098-4F44-9173-939C5CB66CCC\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 414 x 130, 4-bit colormap, non-interlaced","md5":"217588cbcd6216a09cac17953ae710b1","sha1":"de250755d284bb75dcee38ee45f2fc839987dcba","sha256":"24c2821b322d0c9087bcb0727dc0307311f6cfbb52af9f8a93308e48705f706e","sha512":"da190054ec0862c9927bb3bd928481459d53d4d778e9b2928c2507f2a34df5791d43adda750fcf184b767c1ba3a3f92e45dc57242a80869e253a9b37639abb4a","ssdeep":"","tlshash":"50616c01eb9130b8129c286701bd3fcda4c64d993d203d798d87b29bd6f970d288b123","first_seen":"2025-08-29T11:05:53.326961Z","last_seen":"2026-06-06T14:57:20.972369Z","times_seen":1505,"resource_available":false,"data":null}},"time_used":3387,"timings":{"blocked":3164,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_50b16c20-cbfb-4c4c-ba8a-249055c85af3.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:07:40 GMT\r\netag: \"8e059e4f2161c22e81e610e960997391\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PsBJc3euD4ck%2FwRmaHnuDrpWSzVJ8RaAjKxzWvYIHvyjciXy%2FSkTmrGsyhavZ9OktiyZVTiwZk5ebOyg8IBIL8DGilpr1n2FzPE37FoGuABZteWCZPAQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebaff80de10-WAW\r\ncontent-length: 18518\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 1515587647375692967\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":235,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6a2f72a93ab24b1c8f58a976b15546d9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6a2f72a93ab24b1c8f58a976b15546d9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 55133\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6a2f72a93ab24b1c8f58a976b15546d9\"; filename*=utf-8''6a2f72a93ab24b1c8f58a976b15546d9\r\ncontent-md5: 1MgSG19zjPryIneaQ+dJXQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FttM1vIF43cUHyqFiDnxGx-EOSlM\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:19 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: utpaj80cq\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: C4sAAAAeh_182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55133,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"d4c8121b5f738cfaf222779a43e7495d","sha1":"db4cd6f205e377141f2a858839f11b1f8439294c","sha256":"d539a73446d4a1689a60854cd1891457d100584b5929464fd014123ac7d61744","sha512":"28b9f982fbd9ecd8a7552a32e78681c6377b6af7e3bd264820fafde6b3007b797c0b3b6257730b1b948990b2b725874c330d1e71be5303e8fddf7408185bf090","ssdeep":"768:7BYFiLLvH9YZgHw+0zQ/33ixMY5M03vhdWozX4SLi4E9mpSxsEljoED+:JHlHVf3KMY5MGZdvIWi4E88O8joED+","tlshash":"2f33012e453def30f4fc9668aa6181559bfc782a88a7b835f40cbc459293d9d3538f42","first_seen":"2025-08-28T02:49:30.699616Z","last_seen":"2026-04-13T17:57:39.236561Z","times_seen":65,"resource_available":false,"data":null}},"time_used":2036,"timings":{"blocked":972,"dns":0,"connect":0,"send":0,"wait":831,"receive":233,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/76768e44c48d4d6eab424ca4ecf7eae3?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/76768e44c48d4d6eab424ca4ecf7eae3?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 10895\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"76768e44c48d4d6eab424ca4ecf7eae3\"; filename*=utf-8''76768e44c48d4d6eab424ca4ecf7eae3\r\ncontent-md5: FQAZanUs2wmkrX3PP5PCUw==\r\ncontent-transfer-encoding: binary\r\netag: \"FrKx4uoiU8P6KBUKGxCUfdBmiknd\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:43 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: LWNKQ2dFi\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: be0AAAD8rwje4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10895,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced","md5":"1500196a752cdb09a4ad7dcf3f93c253","sha1":"b2b1e2ea2253c3fa28150a1b10947dd0668a49dd","sha256":"0c555e65ff885091809c8a64c5c73d569fc2401484b8dfd88a9be7a400bd9e7f","sha512":"c222f374bd19edb92d726aa03f7199c97a81adee004257628beb63a6294fd2cc3fcfa7ce0024fe786aaf667e2e1c0807068264b19321dfb80a05f95a8d6e6654","ssdeep":"192:hlu+JnUh24r4DfcmpMw31tU2/dCftHQqaKWKXR157LCFl4s8l07fPL:6A22E4Dhj3efFQOWKXT1Lk4s8l07nL","tlshash":"3322ae7028b1d32ed8ec56a5872b678030977ac1922897d1c51fbe56dd3804e61776e0","first_seen":"2025-10-01T19:35:49.871106Z","last_seen":"2026-04-22T19:07:08.90429Z","times_seen":46,"resource_available":false,"data":null}},"time_used":2486,"timings":{"blocked":759,"dns":0,"connect":0,"send":0,"wait":1253,"receive":474,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/api/sport/match/player/match","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /api/sport/match/player/match HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nx-request-source: https://u95f.xyz\r\nXign: JlNO5ly8/j0NzPOsLLgAIlakMfO2/ZWlfH2975MbZ4MwMXQnwbZ1Usj6M1KCLJm2neJN/g00+j4lKVgHe4kxis9SZx+4NpxUbwuHc3QsMi3WFeaNGuKlZWm3q6EqjGoqRdJRQl8kJKsyEql/bFAV23bYIFCQRaiOQTnZmBpxDDQ=\r\ntimestamp: 1773320739818\r\nsign: q203e653a7q2l37n\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: DF23A6FB-CBD7-48C6-A2E7-6C7ADFC51AF2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ad1b5cbc37e087c212a41eca07a863ae","sha1":"f990fb40077ca4c90bbde8ffb87c73e1c06fd931","sha256":"0fca88eefe8bb5f59242b88e2b8b179148a088b4cde3499e1c56fef8c84c309a","sha512":"fe056eef22791a958cc37f63c1cc4b3f35bd990c34d1d321f34504b7b99769b571fe46cf18ede31f7ca0e564baf63aaca9d4f3601395bd7a3ce424e50a2aaf87","ssdeep":"","tlshash":"56a002473a282ea49bc31066b50e7a5500a421749a55f469cc8e623dc755453b546531","first_seen":"2024-05-26T00:49:06Z","last_seen":"2026-06-06T14:57:21.02275Z","times_seen":1626,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":237,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_b1b5acd8-3851-4b06-8e10-d549f7f09d1b.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:01 GMT\r\netag: \"209a79dd2654ebd211d71e0b0a604a0f\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q44HduIC9bLPG%2F5tD%2FVB2iaoH68HP%2FAMqV1WZdNBGmHV5oVyRmI6PD1ERs%2FhM8d8Rro0qdesgn9wvVcf2SpBbbBORrAAZtrswpd9IWXZZI7xRM612RKc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba9f33d2ee-FRA\r\ncontent-length: 15438\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834447\r\neo-log-uuid: 12370169951655410955\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/config/initGeetest4.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /config/initGeetest4.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:35 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-3a06\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320735=t1T7fT66rZ+YDhI9i8qP2DvF5UIxVxl0Aw1JcilzJiPh0k+Zu02i5p98hRUuWF7m1qOUGB0OXG70qMDmFN26RR4pGNIKl++AlxemLPuJb4yF8aQIPOc+pofYlVRAdlm2pz6bL5z5R16vsbw7SYGeZY2KZVphxgDVkTXcWPDu1/QBQD9v1LjxtJUC87BmvCSZ\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: E22EE912-50B0-46EB-9334-274AE2ABAECE\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14854,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"8c1728fc2d381e145b190ab70c9bb0a1","sha1":"0b96f2760bd9ca0f1d9ffaeed79934edb645cae2","sha256":"6d0aaf3dd58610ef691fb625d47237f756c4821be2dc28950c94e8eaa7761edf","sha512":"df586fb362b77f15f597573310941d008233942242914d9791e6a38e0a642874843b4f98b66d2ffd84be5fe0a986968aaccecbefedcccc7831b559164b3724c2","ssdeep":"192:hN3ar8HuCDoNu5dq+ExNiqc4K25MB5VsaiQxta4SScQVy8QRHIqaawzjTki59r8j:fJe61XHlii5aI2PG4lyUIVKQTwwwlB","tlshash":"a762104d68f750a35553b43c8b9fa014b5388a93041cde41be9ce394af9843d9bbabdc","first_seen":"2025-04-08T11:24:52.26859Z","last_seen":"2026-05-23T23:33:56.909269Z","times_seen":2066,"resource_available":false,"data":null}},"time_used":615,"timings":{"blocked":158,"dns":0,"connect":0,"send":0,"wait":457,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/bj.ada43481.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/bj.ada43481.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 439504\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-6b4d0\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 17C5258E-D45F-41BE-ACFA-9FBA70E7F90C\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":439504,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 927, 8-bit colormap, non-interlaced","md5":"2c55f8fcc8edb773be5014d8deb72c4e","sha1":"e7e55505bf22de833ec6b82a229e70bdba93b58f","sha256":"21c44535cffd825752bf9a535001b4b605147e3434cf2906fc2c8fcdcd992c1a","sha512":"bab93e8eb191df623bd7e238ae8d5cf7feae73e2a768d7b591d4dd8b7aafc199fce7c34066a272fc9137959a78a6bcd9fb388f39d4a0938f5674aaee815a3cf7","ssdeep":"12288:K+TyFzCVXhEu0hvb3kkjOO9FNkh4k6yvwUKA4AuJiT9h+:tTyFGjENkkyOWh87UK/JiT9h+","tlshash":"739423b1df0b89c858a39043dc74f99263e8d0a6bdc40ab80bf14b9176709dbbbf5116","first_seen":"2023-08-17T12:39:32Z","last_seen":"2026-06-06T14:57:20.962785Z","times_seen":1495,"resource_available":false,"data":null}},"time_used":2037,"timings":{"blocked":1389,"dns":0,"connect":0,"send":0,"wait":212,"receive":436,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:17:09 GMT\r\netag: \"2fcc54486b2179e536ba332abd714c28\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9EjPVLy%2FeJYyf14MaAkfCW93AuzDmgv9ohZtex5MqSWUOVRUGxXKGA05RVYr%2FVXbCf6%2Bqup30BDIujDn8Sh%2FCFgqEOKP6QaHCQAjJplTPbVNlELoN0mq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9d9d8d346-FRA\r\ncontent-length: 72760\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 1217224802732678299\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":350,"timings":{"blocked":71,"dns":0,"connect":0,"send":0,"wait":236,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_de72e240-4300-48d6-8f6e-b9cb363e7924.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:15 GMT\r\netag: \"bf7cdad5765dc0a156db56da6bb04bd6\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TiiGMq7Y4lX5JFOE1KoGNk2t1lC%2Bgwy6vwyIcRqPt%2BfhRXsVdPn5p%2B%2FxRySluWnYHvXs5df0Z6dz2CXznuos6J4tfoN63STDpVkDHX0%2BPh1t73fzhw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8f236943-FRA\r\ncontent-length: 117698\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 13243062571077227000\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_0b2c7f25-c17b-4d07-adb1-68f1823633a2.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:10 GMT\r\netag: \"37590fa25c13386eaeb6571b33fcc201\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gihg6H7aPVDVpfB7cgndYjL6FUFfJihTyTuWt8n%2FQ4kik0WbkJ8D%2BfgEAnA1yzdMerDod9%2FK0LUaxBJl58QR8KZFHXKw%2BGQU%2BV7H%2FxGP%2Byl9GqvO7qSG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9cfbe0da3d63bbd6-WAW\r\ncontent-length: 10536\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 2087737820662062545\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":281,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_d4d2b521-861c-48d3-89a5-438931453851.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:19 GMT\r\netag: \"de3591a5d6778f4310b8109f6c781f30\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kcY1pI%2BuSHpWOFP3fVGKsJaZYi4wYYpu2b8w2LSh2p%2Btnp8bgFwwZNxSrtmkh2YQww0nAixinxVt0wobqO%2BLUuPU9ZfoOtdQio7OtHJ6g%2Brq%2FyK8Pr5U\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebaafaed345-FRA\r\ncontent-length: 52456\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 13563286251473195244\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/27cc388862db4198b478b4b30bf58c75?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/27cc388862db4198b478b4b30bf58c75?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 26552\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"27cc388862db4198b478b4b30bf58c75\"; filename*=utf-8''27cc388862db4198b478b4b30bf58c75\r\ncontent-md5: GSK+D1vgH0j30DSP+7BKpA==\r\ncontent-transfer-encoding: binary\r\netag: \"FnTd8T5_XSD3Pd5U5OU-UubKlYzX\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:19 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: wD0hgruV5\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: 5KsAAABvcP182psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":26552,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 229, 8-bit/color RGBA, non-interlaced","md5":"1922be0f5be01f48f7d0348ffbb04aa4","sha1":"74ddf13e7f5d20f73dde54e4e53e52e6ca958cd7","sha256":"b8ae36e0bfded004ad7085967d8e3c7ad83a309b643e611a2978664574f8e9e9","sha512":"effb57192738c2332f8b2356e01b7e9cfbff7a306b798faee63e42aea0484a4bdd096fbe6a419593c1254c00fa4e9e90ae9310154f118e9d2526e020c18fda8a","ssdeep":"384:scAe/gdJzicSYBlcyMQ56a6STftccgLA7q2+1HsSZ6ZxSqk0YejBGp77wc4YjdhH:NkzPSGScdxLELX1HCS/PP6LVqBfd","tlshash":"87c2e1bf679fc55f7b47b3f52cb488e298d70b8069c6c1d03352624718a5be2e4a44c2","first_seen":"2023-08-24T20:41:52Z","last_seen":"2026-05-17T16:34:28.370606Z","times_seen":60,"resource_available":false,"data":null}},"time_used":2396,"timings":{"blocked":962,"dns":0,"connect":0,"send":0,"wait":1207,"receive":227,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/6f2c1fc698234b8a99998bf1c59e3d1f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/6f2c1fc698234b8a99998bf1c59e3d1f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 23913\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 45314\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"6f2c1fc698234b8a99998bf1c59e3d1f\"; filename*=utf-8''6f2c1fc698234b8a99998bf1c59e3d1f\r\ncontent-md5: l5/+aut+FQuX3rF+WU0xNw==\r\ncontent-transfer-encoding: binary\r\netag: \"Fjj3Rs82GLVftlN-Dm2tpzVVKOOt\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:12 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: Ak3czAEhN\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: LNAAAADb5EWb8JsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23913,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 139 x 181, 8-bit/color RGBA, non-interlaced","md5":"979ffe6aeb7e150b97deb17e594d3137","sha1":"38f746cf3618b55fb6537e0e6dada7355528e3ad","sha256":"6f92bd8b155f012a4b75e42fecf224470519ed4041e926d497142b47d33b88a6","sha512":"3bb568232330784364af55a776400ac9a558633c43ab9369b60cd5f11ec903d9dbc343dd7da80e98cd2625a4b986a37bbb1904fbe612353dc4f7d25a18a1cbfd","ssdeep":"384:usz/Efq9KVbmDwazjKskZZQzzaw1lnGvwCEZJ07y8emeDum2o8lXHWp4QNWCKqiC:dz/v49mDw8vzaCGvPEZqW8cJSYGQNoDG","tlshash":"65b2d102a678c26394c16b13c89d435d2ed8f71ce26fe31c8de684d1241ef5de5b4a99","first_seen":"2025-03-31T13:06:08.137119Z","last_seen":"2026-05-31T15:09:55.436446Z","times_seen":222,"resource_available":false,"data":null}},"time_used":2179,"timings":{"blocked":189,"dns":0,"connect":0,"send":0,"wait":1549,"receive":441,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/CHESS.80cb714e.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/CHESS.80cb714e.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:39 GMT\r\nContent-Type: image/png\r\nContent-Length: 58759\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-e587\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320739=9I+PHlnLQvmxKj6R8Jbyy1+z041a6EbTo7bbd4Ml0pNhG7cBYc4imFMtHMW0ai9RVCmn2MBUEauBeJ5w5PmhZ8SFO/rUGrtuC9x9j6vWvfrsXUl/Bcdd/jwVy1RQpZ04h7Xp9kA7Xw8JJuk2lR2IywxI+yiDkK9PQD32Hjw6hm+Y7cwzNJbdbxS1eQIuD5oe\r\nAge: 338386\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: C4A96866-B443-4ECF-9C91-F79C4A3E55C7\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58759,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 582 x 307, 8-bit colormap, non-interlaced","md5":"727b4dc207a4141335b27fa73f76fb10","sha1":"bb63b02e635f5503d76c4fc3532c2c652a06cac8","sha256":"5d840214ae46c94540df7d0a94963cc398b32c7b868edddb6a4f2a2faf113e42","sha512":"c1512f9d9a191ea10e806fe3a8f812f78dec9832568373b7b5362fafe9aef6783947d248deb2fc8d30ba1c61fd3b94f308298e69c1de32686110fa35f7bd4ed4","ssdeep":"1536:gtPCh483gu6aLw9AJeteTzkprgTWEHbP4BzrJ:344U9Xte3kprgKE7gZJ","tlshash":"0543025a13c1159f422f37b8148758a6d8154f9f38f32ea11a9e2afda58cb0af431c3d","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.967445Z","times_seen":1500,"resource_available":false,"data":null}},"time_used":1430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":716,"receive":714,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1bd698d698b64ff88e267009c3ef635a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1bd698d698b64ff88e267009c3ef635a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 62034\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1bd698d698b64ff88e267009c3ef635a\"; filename*=utf-8''1bd698d698b64ff88e267009c3ef635a\r\ncontent-md5: z7sST+ZIt7hx8t9cG+Fddg==\r\ncontent-transfer-encoding: binary\r\netag: \"FguTjg4mwIgzNlmKLmxFR9I5C61-\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:51 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: h7itzgdoZ\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Q_4AAACZFxPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":62034,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"cfbb124fe648b7b871f2df5c1be15d76","sha1":"0b938e0e26c0883336598a2e6c4547d2390bad7e","sha256":"b423d40b2fd63b5c2fbac9bf708712b0c852ec190cea95aae524faa36e196f46","sha512":"c1b59ec22dcfffa9988078337106dde31a62682094295177eb588a3c1a821573240c31ebe75b40a0ecbcebbde023667a7d21a852407487f185a15e5f24931c38","ssdeep":"1536:oV1G9cYII/Cjl629avhKU6jg2DHszMYUlXkcGtv:iGW/IKgJ96fDHszFUlXknF","tlshash":"345302ff76591c6db64ee2782b305fdfc345b30ee690401d90157eaa94bb98e3428e81","first_seen":"2023-08-30T20:30:43Z","last_seen":"2026-05-10T16:58:50.146341Z","times_seen":39,"resource_available":false,"data":null}},"time_used":3299,"timings":{"blocked":750,"dns":0,"connect":0,"send":0,"wait":1254,"receive":1295,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202502/_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202502/_enc_size328x442_27f7b303-88a3-4b2c-aaf9-2bc0106b5d62.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:17:05 GMT\r\netag: \"6e183b8d89a538d686c746516823bbab\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cSo187XymNOhU5Ne%2FqNyA2DcH4%2FQ82BAD%2FiNmmBu0LmeSBn7Jw7CbvvzSc8OPDS7e7YRwxk87kANXAOQl7vOkb%2BCAdwnJ%2BEciPYrIqv%2BiHJwUGlwitcM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebabf2e49bb-FRA\r\ncontent-length: 22168\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 14079826699383233703\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_9986c108-3fd7-4f35-9443-f78ce32e1660.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:11:44 GMT\r\netag: \"63edab0158abb20aedace0961c66c5f8\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H1gUEoodSQa9NCZwdajiqa0PseltPcOmvwpBWaArGt%2FcRjwxdlQlRqk82pG%2BSZKSDeIvjTrnjBx0Cop5bV96sRi04bW80ud%2Bx%2BNaPAs2wb7aa0uGQDYO\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebb38d568a5-FRA\r\ncontent-length: 15914\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 12209208227701302008\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-12T13:05:33.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:34 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nCache-Control: public, s-maxage=600, max-age=0\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320734=/1I0Hf7CNC+dv3zMDBBPYMPQOAzsiVmE8qrRo9O7qSLmzo0AJN9i78QRNAoBjES7u482yA0XvtEvoUVBEVvLoxugcmnXYyT0B0C0RsEplkfdxbVAhme6Vr88pTrViC38eBWrV+NhIjrJHTNVCr0u8htJ1YFFgzFc3vMrmu9Lsd7lp01UKJuOdJnzGmwRSCTy\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: FD7B9CF1-C5A7-44F2-8509-D476E9007497\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24147,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5777)","md5":"2cef0acbefda60f4c25755a79d627d71","sha1":"1e4b8d568c4a55304a4c8f0e42b405fcf1facff4","sha256":"dbacbd6fea7eccd549b1e7ca09f50ea374a67c1e0f1d228ebea55d767aa44243","sha512":"964d3180e03b83287f6c71497e705add4d5f4b55c4feb8eefce022cebb7e8c5ff91e06ffa90afae8e51225e1d98a88f3971f991768b382401ca2124b356c6ec7","ssdeep":"384:+RrxqNB3JK2VwiYwJvSoVXsp+pa/iZcVk97g6nMusplIiz:+RVq7JKiNYiKop/E6wkpcu2llz","tlshash":"73b22a1a9df345762523303a2b7fb20879b1c0134309ed407e4de7588fd5aaa46e3be6","first_seen":"2025-12-29T19:25:01.945236Z","last_seen":"2026-03-18T12:35:38.937627Z","times_seen":761,"resource_available":true,"data":null}},"time_used":2712,"timings":{"blocked":943,"dns":28,"connect":439,"send":0,"wait":443,"receive":383,"ssl":472},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/sports.60212fd6.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/sports.60212fd6.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 116532\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-1c734\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 1AAA1A42-04D1-4718-A45E-2C206E409320\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 666 x 541, 8-bit colormap, non-interlaced","md5":"fc82aa907334f929011fc2a6ec906f55","sha1":"f76bd75b9d1235807c70c7d763a1865d7c3f8d4e","sha256":"2ae1d61176960d7ddfddcb30a69d22b9da893687370d8cd26f4917d129a1bf3b","sha512":"12ef7a828d7d4228596b0db0ad77b200e8ffcfe2457d12821a4e9778b62668ebeef075c2bc79076e36291e3015afbfe276a2ca230ead018b38e2d3fd803dd31f","ssdeep":"3072:/ZEgiWqpGRwEyiwX0wgOZzbKoSxNiSvrUeO4h:/ZLf/R2iVwgAKoSPiSvVOy","tlshash":"76b3021c79775a2083c6bcb40b583aeae09b3dc19d169808d68b7791993df43c970bed","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.970543Z","times_seen":1652,"resource_available":false,"data":null}},"time_used":2853,"timings":{"blocked":2113,"dns":0,"connect":0,"send":0,"wait":372,"receive":368,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f83064248a6651521ab9b26970d60fa83f0bf5f79fe68600101b67707c272184849423924c3e9832923a30acedcbfec8ac50fef89fb HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: lsiidLRhFjZht/BF9+MOHKy8NIUzsdBeQNnMbrEM1uqyfLhXeC/JsxzLdLYv7u8tNrJ4UnYRp8ZG9uGMx93CgQ526KoP3cFffOeGuHjh7PIJhqwW3gFs2WlbyotgPIcMhcmNsU05BE4Q5SYTlhO6ufAEFNwBCVgh34MlQKGuuKE=\r\ntimestamp: 1773320738741\r\nsign: s4l27f3e65593u2j\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:15:40 GMT\r\nCache-Control: public, max-age=600, s-maxage=600, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 71FF06A8-9F21-45AA-8881-9F368AB8B92F\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7007,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"e5e9152841623a71ce014748a66258b4","sha1":"3618eebcf4f89dbeca87662e1ac1da330797e24a","sha256":"020b977ee8bb7012d2087c5115e228b25a5a067dc03cf59a1e61bc1a9a9a6a50","sha512":"041ce54c3a63ef935e42d787f68108c4e2e24b46652735b8137fabdf46be121e8072283f675aec5a2355b28d556d3a225bda7695bd54af7e16dca00df3ab0b47","ssdeep":"192:VVeAB64LW4Ui/Nhb1BEd/3AgbBOUDq5H1ZvA/173aOlC:njBa4Ui//xy377Dq5D4973aKC","tlshash":"6922ae6b7341a7afcac003f7552683f87a09adcde37939b5e7b4c15136ce10a989c851","first_seen":"2025-12-29T19:25:01.977743Z","last_seen":"2026-03-18T12:35:38.961183Z","times_seen":764,"resource_available":false,"data":null}},"time_used":1416,"timings":{"blocked":1010,"dns":0,"connect":0,"send":0,"wait":405,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_0fa85f10-2205-44f2-82c2-66bd141c7d57.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 15:07:05 GMT\r\netag: \"76d1f22a14240df440d611d67b4d223d\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XRtdFpT%2BqZdSUi0cMwrD424M6GdidA%2BLpuTu5s7hIkcnNFjLtZLm5YrHEnwcV4haOz3WJpLYD%2Fdku%2BCIDY3ChXFYAAvP4bOR0VBc8cx0fUB%2BG3KMOX%2FI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba9b19d3c2-FRA\r\ncontent-length: 10174\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 13196079715090447848\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/1130afa684694bb2a07de9e77eade07b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/1130afa684694bb2a07de9e77eade07b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 13421\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"1130afa684694bb2a07de9e77eade07b\"; filename*=utf-8''1130afa684694bb2a07de9e77eade07b\r\ncontent-md5: 2/G0fDYuLv1ILhe8ZiJaJg==\r\ncontent-transfer-encoding: binary\r\netag: \"FrDJT3rdi_hR5vhpNpBDMmClF32Q\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:17 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: pEHIv7FDB\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: l_0AAABjzAx92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":13421,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 78 x 152, 8-bit/color RGBA, non-interlaced","md5":"dbf1b47c362e2efd482e17bc66225a26","sha1":"b0c94f7add8bf851e6f8693690433260a5177d90","sha256":"9c2b8d555c0d79df542ec3ed4798f8c937518cf90ff925ac63bc75fc801edcb8","sha512":"707854c42d16158ca5d99e3acdbe3924e28752ed880a3d3dd2a219407d298c4ae6b2820ff042b86eb885ac0440549f489e66dff4dbe91d935421ca1f629fe60c","ssdeep":"384:JJXE05dgc+p6rij9dXWwxQNXhd3kkwuX/:735R46GYNXh9kkH/","tlshash":"d852d09d5f71f4df3656a8300ebf78816647375ab8977359c5f501ae20dac227f90420","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-03-12T13:06:12.732251Z","times_seen":63,"resource_available":false,"data":null}},"time_used":2426,"timings":{"blocked":910,"dns":0,"connect":0,"send":0,"wait":1208,"receive":308,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ec3429c2f2944febb571df748d03ab22?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ec3429c2f2944febb571df748d03ab22?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 19771\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ec3429c2f2944febb571df748d03ab22\"; filename*=utf-8''ec3429c2f2944febb571df748d03ab22\r\ncontent-md5: /ZVNCD7oWm8aPyRx3HViQg==\r\ncontent-transfer-encoding: binary\r\netag: \"FlXwTYPQH0AsMIt25PqWp_sfeMeu\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:46 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: A3815jp2y\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: JmUAAADuweXd4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19771,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"fd954d083ee85a6f1a3f2471dc756242","sha1":"55f04d83d01f402c308b76e4fa96a7fb1f78c7ae","sha256":"1576760ad926f7ac4d0daa1f4ddb9948ae4a94b76cadce6ba06aaa7de2fb87eb","sha512":"3a12da7da28de16f0d3c8ae950f38c7279e56ac8911f1723493f4ed50613a02e276396b9e036dd5b0615895340810eeb45fc071f9d348381b0ac54149509cb77","ssdeep":"384:FkY/8NldeH/VQNkZCl0E9drsnYqZVXW9URWkUIHG3nQ6VVwWiAqkNcR:eq8fsf6JAYqP/UImnhvQkuR","tlshash":"9792cf270a7fed708d1ed3466569453e801fb03c392bb794ed8692ea1bd081d8e186b3","first_seen":"2025-02-21T06:40:25.57561Z","last_seen":"2026-05-17T16:34:28.443928Z","times_seen":257,"resource_available":false,"data":null}},"time_used":2472,"timings":{"blocked":829,"dns":0,"connect":0,"send":0,"wait":1208,"receive":435,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/bce42488ea184cd2a4c0943a96339156?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/bce42488ea184cd2a4c0943a96339156?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 49631\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"bce42488ea184cd2a4c0943a96339156\"; filename*=utf-8''bce42488ea184cd2a4c0943a96339156\r\ncontent-md5: ovflr3eqxTPTSQezeX/u4A==\r\ncontent-transfer-encoding: binary\r\netag: \"Fnuq3Y75UAYvOu2kWwOma66psvLf\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:52 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 48i6EvTEu\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: aRwAAAC9jBPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":49631,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 316 x 316, 8-bit/color RGBA, non-interlaced","md5":"a2f7e5af77aac533d34907b3797feee0","sha1":"7baadd8ef950062f3aeda45b03a66baea9b2f2df","sha256":"8b8adc8634c20c031dac286365f01746ea5be7463528359778a4b8fc5c225740","sha512":"ee5e358d79cd4b5ae5d9b062fe5948c113468bb64007acac818beeb6df922899e084f7917df213e05128f60e88c912d253727d2f5f9f5fdaaa7fdffe0b86d774","ssdeep":"768:uf8LrfrmHrJhkxvJGa0IYZ/eC3LFg0Nt43incXKtgMJOowAwQDrTB8on1D:RXmLJhkXXnSp3FNG3gEKtnnz98E1D","tlshash":"ac2302e7e80074548ebdb9f09ceb68d2518b2c7cd314d89bc2f285a4946d6ee064fc78","first_seen":"2025-06-24T17:27:40.453224Z","last_seen":"2026-04-12T14:07:56.981437Z","times_seen":54,"resource_available":false,"data":null}},"time_used":3213,"timings":{"blocked":746,"dns":0,"connect":0,"send":0,"wait":1254,"receive":1213,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/4add7de8daf34deb9c4f87ac9df93513?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/4add7de8daf34deb9c4f87ac9df93513?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 84176\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"4add7de8daf34deb9c4f87ac9df93513\"; filename*=utf-8''4add7de8daf34deb9c4f87ac9df93513\r\ncontent-md5: kDCJ0zhIX2xo+8XaaQoGKA==\r\ncontent-transfer-encoding: binary\r\netag: \"Fk-7_-SfTVrf6DLCZfq9r9OU6dEh\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:53 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: EUUlVqocD\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: JzQAAADkohPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":84176,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"903089d338485f6c68fbc5da690a0628","sha1":"4fbbffe49f4d5adfe832c265fabdafd394e9d121","sha256":"e88d939ce86ea775b1c886f631e8ef01926f5a2559c37c6ff27972372858d00e","sha512":"d0bd57cb84581c938472ab87b0a17555f88ec6f926ade5a3da000a29e13e8e40870738fc457fe52ca03454d32146ffd237f6aac4983327bb9ea3e4c9e930b08e","ssdeep":"1536:R+XgUfjmGWm+45TPXmGfwqsulOpov8o0BjohlupNpSuIeI1dTq7Zhv+0aV:RCgOm4L5TWGYVg8o0BQupNzIewYh2X","tlshash":"d983128073e6f68b5314ab59c7a2d3717980ff4ea5ac035202c274ae8c7587d39b1adc","first_seen":"2025-09-19T13:56:40.384674Z","last_seen":"2026-05-15T23:42:44.576928Z","times_seen":216,"resource_available":false,"data":null}},"time_used":3024,"timings":{"blocked":394,"dns":0,"connect":0,"send":0,"wait":1255,"receive":1375,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /ecb/8f8306425ab46d0221b2c56ef50f72e487d5bb0255ee7333091abb7c08c465094a574c3c12d0e1812241fe43c0d5f0ea88d857f698a4fd081b HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nContent-Type: application/x-www-form-urlencoded\r\nx-request-source: https://u95f.xyz\r\nXign: Sx65YGmz0oEEphiy1yJWDOds7G53EAtz9zkbMPHVz/3XsM3pjjs9euKlUGmgKtkcyJUxWJvMTqtoMsXio2KT/ABf2wQ+/1UhipgyrlNtwLzxXrQ8fPvsrhlhFYVLDm+cM4m0biFCCIoO+VYS1I0a+sSF6V/fgJHV/TcBCebW2Pc=\r\ntimestamp: 1773320738740\r\nsign: 2e1k7s25403c4u5r\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nExpires: Thu, 12 Mar 2026 13:10:38 GMT\r\nCache-Control: public, max-age=300, s-maxage=300, must-revalidate, stale-while-revalidate=30\r\nX-XSS-Protection: 1; mode=block\r\nPragma: public\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true, true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 28ADFBD3-37F1-47D5-B575-12129E6E76E1\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31147,"size_decoded":0,"mime_type":"application/json","magic":"data","md5":"5e41bcc961aa96f972616c43b7921c63","sha1":"3a9212d4858a69e3798fef2ee4d22bd8c36930ba","sha256":"de8a1a6a14ba4d63c4edd9954734c7ddc89cda35de66116c33a7188600f833a1","sha512":"761be31d117d80f373c5415d8a53ddd3c5002e8c4d9bc6a55d74702213052d6236c8a265764f1e4e2be3e498a7cf7dd189a09a7f7581823e32fd74db7cbc34d1","ssdeep":"768:OcbV89oQcSCE9P6FhJP4H2vLOPlSaqxIy3Byj2TdmwcDWsnE3MpzTLaAmrx:OcbOCR4WvLWSaqCy3Y25xVV3clq","tlshash":"cc23e1005393f36567b7b9f4d82606fc62509a8867ed7c52eb25c4511aee22ef6cf0c2","first_seen":"2026-03-11T22:32:22.980559Z","last_seen":"2026-03-12T13:06:12.735653Z","times_seen":5,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_4d4d0270-e129-42d7-8f6f-0802c910d540.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:52 GMT\r\netag: \"c1e3846c7e9a380b0cec478d19868007\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jN6owLhZR6piStfTN%2BFn%2Ffw9JnfNZfiqB74QR%2FQuJKcJWODMHl0EuDuru%2BlFD%2FAhwYV%2BbnTP85nnxOMs%2B6JJFbO5oSdRLvH0SBnfoQnWooi%2BBT105cxz\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9ef71d2ab-FRA\r\ncontent-length: 11920\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 14337015131935303261\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":285,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202505/_enc_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202505/_enc_size656x844_f676ec47-4b6f-4d37-b476-fd69f2381a1a.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 24 Oct 2025 10:14:43 GMT\r\netag: \"305fcc830f36eb66336882036b89ac7c\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LnNGwHh162kKlpSFwVxRN8JzP4Ey%2B7%2BtX9EgMyCEqt6hyLnTmdzGae3hK4O5o%2FNyhIyDK78B7XvVgi1bKmOY9cxrvoApHmlX%2FrdbdnMbL0JEMYRT%2BTxt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebaab4bd2d6-FRA\r\ncontent-length: 31452\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 5285665375450261559\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/9ecf640f92d64dc0a0c4fef600149fe9?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/9ecf640f92d64dc0a0c4fef600149fe9?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 43531\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61520\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"9ecf640f92d64dc0a0c4fef600149fe9\"; filename*=utf-8''9ecf640f92d64dc0a0c4fef600149fe9\r\ncontent-md5: B+VWRMJTtGGN2RRr4ny8PQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FrPdS5wMY2D3Pv_gpXysjiI3tT4D\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:46 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: HCGqJLxm9\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: vs0AAAD3m-Xd4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43531,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"07e55644c253b4618dd9146be27cbc3d","sha1":"b3dd4b9c0c6360f73effe0a57cac8e2237b53e03","sha256":"e70e33c5e77990a158892cf21cc4dee5b0bf1ecd31ab4cae617251e22003ecb3","sha512":"5b4a5af08a9e8d7daf02004d4bf55a9b68dbc1f5290e275805cc0155cc9bc505485c008df16c9dc2da6eb7b59c99f85bab5962bc87b64ecc9c28f8457fa3f610","ssdeep":"768:JV/dCJYMW5rdBlq0BTXGTRiP2HjLaJ/li/qbOZljNkBH3b3UdhMO:JV/dCOMGBlq8WViPojLC/lrOZ6bkdhMO","tlshash":"cb13e1e204be23e761ca9055f71c4f805dfda11c2e85109ee945fbfaa980673ac3536a","first_seen":"2025-02-22T05:14:38.11731Z","last_seen":"2026-05-28T15:23:52.575923Z","times_seen":171,"resource_available":false,"data":null}},"time_used":3105,"timings":{"blocked":827,"dns":0,"connect":0,"send":0,"wait":1252,"receive":1026,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/763a692b95a54d58bbb28f8aae989154?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/763a692b95a54d58bbb28f8aae989154?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 17754\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 52528\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"763a692b95a54d58bbb28f8aae989154\"; filename*=utf-8''763a692b95a54d58bbb28f8aae989154\r\ncontent-md5: Tz5+6QJd3tLzuPLFlVmrBQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FmT19cc6ZypL45hBWYliu79Gnw9Y\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:03 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: kiSa5YiS6\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: -LAAAAClP3ML6psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17754,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"4f3e7ee9025dded2f3b8f2c59559ab05","sha1":"64f5f5c73a672a4be39841598962bbbf469f0f58","sha256":"abf4889fac459c80e477ff740c2a87890adb4f4a8badf545c4a96f89c3f55da7","sha512":"01f4743659ea60e9866a446efce02bf7a049920a21063db1bac17228d9d82af269361f9ca429aa76f2aa12695684bc4a323b2b1715b71808e8387ccd2beecd9c","ssdeep":"384:TQJ0r8wGBR5HLOErFFYRBlB6Lci9L27k0nJrq5S33U+wdaeJgRBxOBZshUvnl/eg:E0rmR5rO8ALKR9L0Jr2MUdaeJg2SUf","tlshash":"9382d07b36948d55734cf590b9ba08f087d337212fb82c0cb2b76a966610a1f5507fab","first_seen":"2025-04-19T22:34:55.213124Z","last_seen":"2026-05-31T15:09:55.482587Z","times_seen":208,"resource_available":false,"data":null}},"time_used":2134,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":1243,"receive":701,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_465faf5d-2f6d-44ba-896b-8d6bffead8bd.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:08:06 GMT\r\netag: \"4e3dd8d15b3ee692a0dbc6fd5f6701bb\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=exXzWIVkeISnn2Rb%2BRBCVDGK2Nvg%2BT38qnm%2FUOUjnr3V3zqqaV1NANoS6zehTD64ssbCY9hdx%2FadCrF28O36m1ubnQyYRtwaDp1KStDj34fADNb9PIpK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8a309143-FRA\r\ncontent-length: 10758\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834447\r\neo-log-uuid: 12123547504500721227\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_bdd30f19-a4d8-4eb3-b2d5-d24180d2e353.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:16:54 GMT\r\netag: \"ddc46e1f9525ce46ef8c7a472890a566\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HCwG0cXTVd%2FLXgmLW3hecKgl5hxqCvwRscM3F%2BAu3xYdqc1CTbEFlW11wrUwR5RooL9RgzTKnKbG8btwNm%2F3nYFy7JHRjfyWjeI6uzyYwRrB0hJH7pUN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8d8bb905-FRA\r\ncontent-length: 15228\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834447\r\neo-log-uuid: 7324500041203561157\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor_web_3.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_3.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 40879\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-9faf\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 346771\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: 11C688D3-610E-45A5-8694-052856544DF7\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40879,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"c26161f438986f6e2d677c34d653285e","sha1":"faf6c47a013a9944bb8cac197688908422992039","sha256":"58d11e173550b3420b35c4e4be3eeb76b59ac790d9fb59b535ffe55d3b470fa9","sha512":"97649de556447ef6aa6cdd7d0bec46837cfb328335daa3b862cbaa5e23ca5a8f2af296703c9e961cbad02bb797ebf1f99ced2d1d245fbbb3a428e39d26428c76","ssdeep":"768:ub+4OMIuYE3McXMuDR64Q7sRFKJdsCA1Hunj5tyKxGGTVtkDGlT2oTO:uS4OMXYODNDR6XsRFisCAk39t6oi","tlshash":"db03f108254f2d4466ec90bbc7a1e0f7ee1d103dddb7e30c35a685163e46ca559fa0e6","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.042744Z","times_seen":1612,"resource_available":false,"data":null}},"time_used":2677,"timings":{"blocked":2216,"dns":0,"connect":0,"send":0,"wait":460,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_df036cfa-66a5-49f7-b863-3c22d1a3d180.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:19 GMT\r\netag: \"d0e3b3b8ab5b8a14bd815c33b4fe2231\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BIgQ2M7NnerFOsoF7WfhR7AoLVt8Nody%2BAJ%2Fw98V7nc2I%2FNiBmuqTDWdfnO%2FxK4vq2Wc8MMQJhPoAr3IlPdBZ%2Bm9jKerHj2QO6LG%2FQbx5aRlu0zTgujC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba88c67641-FRA\r\ncontent-length: 178321\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 6217305024873636879\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":284,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_b219e889-d34b-4c28-b534-674fb2e77fdd.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:36:04 GMT\r\netag: \"69942ba4ae61d68959322ce67ce23932\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wXVl4MQIoUuJuaPKvU6OOaxz%2FIt8PG1%2FxBei8F0C0h3%2FZ9fbsyen%2BGnMfnC0%2FH7ISq4nUpMGVY4J75HkTSrhoPmzbAub%2FIVc6J%2F7WtyN3fh5IGcJe9IL\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d040a486c80c527-WAW\r\ncontent-length: 126465\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1672600\r\neo-log-uuid: 5026923929167318841\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ae32d287505e420ea1418847dfae7cc1?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ae32d287505e420ea1418847dfae7cc1?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 126293\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 80\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ae32d287505e420ea1418847dfae7cc1\"; filename*=utf-8''ae32d287505e420ea1418847dfae7cc1\r\ncontent-md5: oWnmCwLkrJHNRQ6I/z3jEg==\r\ncontent-transfer-encoding: binary\r\netag: \"FrJewLVguMCvQbXAbWuLmsT7-gk5\"\r\nlast-modified: Thu, 05 Mar 2026 19:15:44 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: FfQO71mO8\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: rgAAAADrfR-_GZwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":126293,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced","md5":"a169e60b02e4ac91cd450e88ff3de312","sha1":"b25ec0b560b8c0af41b5c06d6b8b9ac4fbfa0939","sha256":"fdf1ff351fdcef51bdbe44f3f99e4264cf06b07b57757ffab81ae7d68fe06a64","sha512":"aaee6d8c5274e741d8022e840ad2e33d3e87a26c89d69e469f9f84caf9cfdc2a3f690cdde086ec81cb30a1c31966cc16144e1fcf72f1949380f6d1556f96a00c","ssdeep":"1536:5Kc9mI0L0A7xBQqQW7ivrKlndkwjHP0+EhA0Ci18ASy13WTzUv49+/kTKpf4gWzu:5L9N0L02QJN+JdQmSeA/3QzgklTufJF","tlshash":"07c312dc6b10c5bf0e1962580ee7fe7723ed91ab345fee191410b39e0a1929ac914e7c","first_seen":"2025-02-26T13:00:34.721596Z","last_seen":"2026-05-01T14:24:54.74061Z","times_seen":15,"resource_available":false,"data":null}},"time_used":4794,"timings":{"blocked":1001,"dns":1,"connect":263,"send":0,"wait":1548,"receive":1079,"ssl":896},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/eab1786bbc87456cb43dad093429808c?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/eab1786bbc87456cb43dad093429808c?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 50049\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"eab1786bbc87456cb43dad093429808c\"; filename*=utf-8''eab1786bbc87456cb43dad093429808c\r\ncontent-md5: UAXY/qsQnOZOQL65gHPMHw==\r\ncontent-transfer-encoding: binary\r\netag: \"FirislHKNIYqAcw3ydFr-foeWs2m\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:20 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: tL9Xg9bPe\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: w8kAAAAdwAx92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50049,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"5005d8feab109ce64e40beb98073cc1f","sha1":"2ae2b251ca34862a01cc37c9d16bf9fa1e5acda6","sha256":"7df6e68379f0c2c1fdcd20def82a313b0d6d938a4f4b45e62341b298c1ef90ae","sha512":"61b6505dc3c6b3064bddd56dfbf1f396e8c401aec60788b40cba99bd05cc2dcb1271e5b1428050769c3f5476b86cb7f943a4bca0477a7d3168b90f2eac40d018","ssdeep":"768:3TaNFG6vy1lEFVdVrVQ0xNcC/wWcVFQu/GPYK3kHf/O6oDmgnkMyCxI3eddKqmZb:3wdvCefVrVPcC1IUjmfkDTksxI3x1SO","tlshash":"6923f11f354b568ce9c47958832bcc13d9db019a44883f89cec9e89362f05947eeb29e","first_seen":"2025-02-17T10:07:52.480226Z","last_seen":"2026-05-27T19:17:28.066618Z","times_seen":290,"resource_available":false,"data":null}},"time_used":2272,"timings":{"blocked":970,"dns":0,"connect":0,"send":0,"wait":1099,"receive":203,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/ad1911e4456a47fa98401a36e8867179?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/ad1911e4456a47fa98401a36e8867179?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 38678\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 50726\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"ad1911e4456a47fa98401a36e8867179\"; filename*=utf-8''ad1911e4456a47fa98401a36e8867179\r\ncontent-md5: Qz2wgWGFe+c+tT0w9dILDQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FuF-ZvrDI70sxRBH-Aj3DoWIwNZe\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:05 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: oIJ573SAE\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: WjEAAAAYrSav65sY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":38678,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"433db08161857be73eb53d30f5d20b0d","sha1":"e17e66fac323bd2cc51047f808f70e8588c0d65e","sha256":"c9b1cd558158ec763629ac70191ad96666e1f11116329c8da38442ca1593ef05","sha512":"5e82b5a684b2be0705c929f9fbee62c90b39eca95f0e14cdc0b05b9615d2524903215f28b6a34eb8976d517ccefc6e16583c1035669971b3b00c2e111a4dc1d0","ssdeep":"768:sYDTBjPiYZ1EK4v3aXLM36zkew+FukgnmrfUQXKIUcBnZr4exhJEZgG:3huqiK4vL6a+F8n0McXtOwsZgG","tlshash":"b403f18597402775a9de0aa7f083f9bd9f6cc38e4b5b2368f01d14e7d42fe01d92191a","first_seen":"2023-11-07T23:54:12Z","last_seen":"2026-05-31T15:09:55.478811Z","times_seen":129,"resource_available":false,"data":null}},"time_used":2507,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":1550,"receive":767,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:10 GMT\r\netag: \"347c99272e6b5f508846832209fba77a\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bhAmPYI92AnYaqPp5kV8m6EzoZPQrtqY0aDv3HWp62leqENJyaQAfk1hMWqhRP7xyq8EkG%2Bk5QzkpNWQS8MLKYmzIye6w4Fe%2F0%2FCl5QjaS%2FLxsGFvQpI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d040a3fca5291d7-FRA\r\ncontent-length: 47886\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1717508\r\neo-log-uuid: 2881165928989826093\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_79864bfb-d71a-4513-a524-8823b86ee01d.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:10 GMT\r\netag: \"df68f353c4e753dc68726f8cf495ecc0\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LWY7edlEINrgWnV2D1DRcHc7koKOljznRRDMgLSvz3YSM%2FkRp%2BQdP2yP5HVK8ZKPwXDnKetMXALiFLYgI%2BWFxJNaA9UTEIMBt5ArONyFgiPSkr8qYiAK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba9977199e-FRA\r\ncontent-length: 87818\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834447\r\neo-log-uuid: 4175263679345586831\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/chunk-svg.1766990974022.1e4dfc16.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/chunk-svg.1766990974022.1e4dfc16.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-714b4\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: C859ACB3-2F31-477D-9137-28B013776BEE\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":464052,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"60ea8e82c4faa8daca2d833fb2853bf7","sha1":"526b96b2b45c8cc703e954cb89bb96025db0e7d3","sha256":"333f43aa9716e828751498d9a23a98931d609433d99f21790f93e9a797a0804a","sha512":"9f65be830d9cedcb63ae71c67467a827a3ad8006111236319758846e2d1700240e15905590503182b6348712dc50bdd20e7c21ff90503d80a53a7089a490973e","ssdeep":"3072:z8nz2uaLZSZvx6Q/sIPrekK+m36Ua94sRZI7gbpF/:z8nz2uasNxpXPrekK+m36UHsE4pF/","tlshash":"b6a4fcb4c190f4edf704ce196e7c9e1c50321688e0a9e9e52da9fe0d9e85d6b241cdec","first_seen":"2025-12-29T19:25:02.023641Z","last_seen":"2026-05-03T15:34:10.263068Z","times_seen":901,"resource_available":true,"data":null}},"time_used":1950,"timings":{"blocked":665,"dns":0,"connect":0,"send":0,"wait":480,"receive":805,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor_nav_web_2.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_2.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 6434\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-1922\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338392\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 50C83161-A7A4-4B6A-858C-A72FD30F2D88\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6434,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"e31cb9f70abcc458288bb53868031352","sha1":"965f7cb9aaf0d166c21b8681b0671d17e019c74e","sha256":"33295ad776e1fde54dace5b0343c9aab9a2d70cfa8848e5cbd09065c340e294f","sha512":"acd328b1f4cb6e1c7267696487f637ea5ae4b724f7ab32516632a3eb2c8b4e374fa472ab77120230258fb49a23f54ba3988b155004b46e69519fe3ef57ee79c9","ssdeep":"192:RYc0QiGWn0WG2WmjNJMjOluoj/xrASMJmoJESULHT:RYc0QiGlHmjOo1j/xPMAG2Lz","tlshash":"c9d18ea6ea2a4a52cf8d0d633efc5b0671508e582f390826809a1d1d57767fa24a13e7","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.001607Z","times_seen":1557,"resource_available":false,"data":null}},"time_used":3239,"timings":{"blocked":2867,"dns":0,"connect":0,"send":0,"wait":371,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/help.4e3cf897.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/help.4e3cf897.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/index-399e2569.1766990974022.29c710d5.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 10322\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-2852\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: B87FBE55-A830-4AC1-A6C7-E195E0EA7767\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10322,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 112 x 112, 8-bit/color RGBA, non-interlaced","md5":"6dd52a6a4d07f2786b1926fac1b4b06a","sha1":"9c9908204401fbe65d33cf7df8881639d6aea37d","sha256":"e02471f47b506ab510d0e0dc4224cffc03c34f950b649ce347ccd71af0bcf0ab","sha512":"fdd52f532e5c2e2c182db20e2053eee0ca8c26cec51ff75e1bc341b01911461ac72fa75887fa3114188ba32aa6341c0974d81d071fc42b605e72f73dfb87ab9c","ssdeep":"192:x0C+pMwjX2XZ456BAJu+1KzdjCfDrRq6wUPlJyh2h4PAmWP5yQSkHxfYX32H5TRm:EjGXZau+1MjCrrRLlqGOnWcQSkRQX3IG","tlshash":"3822c054370836084f737a4362ac4e837a06040ffdf9b7919a6372659a5b94e44cfb66","first_seen":"2023-07-01T07:21:14Z","last_seen":"2026-06-06T14:57:21.003594Z","times_seen":1576,"resource_available":false,"data":null}},"time_used":1720,"timings":{"blocked":1511,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/fonts/DINPro.9ee75b04.ttf","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /fonts/DINPro.9ee75b04.ttf HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/61540.1766990974022.3004bb5c.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:38 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 119892\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nETag: \"69522598-1d454\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nAccept-Ranges: bytes\r\nServer: Nginx\r\nX-Safe: 1773320738=P/dh3PFO99SuySS7edpU1yAdx3rYzpOCt6poV29YHrjktIG4/zWz02Q8ZMriGnwj67XWX218jrPOrXOu1916Yn4G+oHeyC621qqWst58MXCg84w5yKin/KAsFUjijqDC5H3pkzj9js5DQElkNclmXAyyfuOEC5R1rm6DUHbVgBKzIyZwlqYiphAfKcun8JKO\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 9E46CC94-F295-4C80-8C50-57A0930E568E\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119892,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 10 tables, 1st \"OS/2\", 30 names, Macintosh, 2005 Albert-Jan Pool published by FSI FontShop International GmbHDIN Pro RegularRegularAlbert-Ja","md5":"028cefac160ed3b006f47106fbc68d1c","sha1":"efcecac09684435facd7397e4f6163a5069802c2","sha256":"fb841a09a82787982ad1774bdeb45e8e06ff4909161a9ce33fd42f8822c5ddc3","sha512":"3a5a284d0c4da6593b857ba785a4ba7d5f2e2b73d22a2ef25435b9558063d2486228d76a3cd5d3a59b5abe4c0da696a75373111b3569a94a9dea1516cf16091f","ssdeep":"3072:YhtN/CZnt1tbtKtHtFNgz1QZt0tbt2ktwtNstAtqNaEctWpy8TLtsIb66AUeo:YhtNGnt1tbtKtHt7t0tbtxtwtNstAtqV","tlshash":"5ac308c153e8fa4ad83996388511c7434226ff2de65d4f36ffd94d8c688e8e9064e6e0","first_seen":"2023-05-08T18:58:40Z","last_seen":"2026-06-06T17:12:00.519905Z","times_seen":3748,"resource_available":false,"data":null}},"time_used":904,"timings":{"blocked":36,"dns":0,"connect":0,"send":0,"wait":227,"receive":641,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_392325e1-efd7-4953-83f1-410dea55a03c.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:07:29 GMT\r\netag: \"92b3d49a96dc94a10e392c26db991989\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ze0Hukb9Su8h5ComEvo3UIsMDFTAt7ey7%2FjWu9yWZdSpHxiUhAOp8MCPwt55F08hAo28cjsDDX3L4IPFN0Vytf%2BGEWUnqh%2FIHnTWJVNqKKs6K3pMyJSK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9fac8a055-FRA\r\ncontent-length: 13178\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 9571828983691263165\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":259,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":173,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_f26e0b0b-19a9-470f-90cf-ab38984671ab.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:05 GMT\r\netag: \"a57d29baa7610d858c61b10cbd8aa72f\"\r\ncontent-type: image/png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=falYLJ4FRsNOqpUkUtpg3Ks9%2B38DjtaiizPUsm1WH1EJJpOgKTuSFS7DIqKi%2BftpqjjrNLL%2BwPBpyfe9stHampHYra4dleehauWg98apqE9eqCg8A5gG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebad8803eae-WAW\r\ncontent-length: 163087\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 8007086637679231812\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":315,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":236,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/gpmaster/_enc_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /gpmaster/_enc_size328x442_fc0e1468-bc71-4d42-9849-b6735b50978a.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Tue, 02 Dec 2025 14:12:19 GMT\r\netag: \"2e0e15927b525879909c42380e89ef9c\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=90V3Y0oW3A2QMlwGKwDH96T1bF822W2bCcxKMM5yXIP2gxNkkCFpDNlCsEy3xWtRnNKYlk1M4FQhzKSv8uIQojS2aiiJWu7c%2FqsGY3g6D5d%2BzEqoLY9i\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fcebaab1a1cc1-FRA\r\ncontent-length: 11120\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 18040625644317081847\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":190,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/e013d3e0dce04436b2ce33c52da1567a?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/e013d3e0dce04436b2ce33c52da1567a?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 99666\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"e013d3e0dce04436b2ce33c52da1567a\"; filename*=utf-8''e013d3e0dce04436b2ce33c52da1567a\r\ncontent-md5: g6qCbjxF1QR6jJF/sLQaXg==\r\ncontent-transfer-encoding: binary\r\netag: \"FiCHa-itoj4gA3FO6v_z5iLeaJyu\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:15 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: 4XTYnoVWQ\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: V-MAAADd0Ax92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":99666,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"83aa826e3c45d5047a8c917fb0b41a5e","sha1":"20876be8ada23e2003714eeafff3e622de689cae","sha256":"72f0e217b62b13723e190540cb265d51869d197c0bc4ba679577211852ea7ba8","sha512":"20a3af231a3183eaaf0eb17448b3ad071bd058c28d69661cbd0cf3609e2bce9880b0146e57e9eeb1a6a17cb999ba1df4284584d174bcaae6d49636f12ba72dc3","ssdeep":"1536:B9bkigjqEHAHUt8CcAqxvPtmLyvxLy8t6bj4S9Y0SSoXdskKmWLBPmL/GXwxsIjJ:bbkigjjLtFR0Qwft6bF9mMBPmqunIbE9","tlshash":"79a3027f94a1a5b217007e3f30d86d8be76437d36b29b847924c43315247594acb876b","first_seen":"2025-02-22T05:14:38.114462Z","last_seen":"2026-05-10T18:47:01.90438Z","times_seen":80,"resource_available":false,"data":null}},"time_used":3173,"timings":{"blocked":958,"dns":0,"connect":0,"send":0,"wait":1208,"receive":1007,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_07a2d840-d1e1-4217-9d3b-badf80b88abd.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:20:22 GMT\r\netag: \"e394e5209a888f9ceeb17f8fb9ce91e9\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ok2EcuNcNpL4hBqjWyvhexZ0IfYAKjc6dh1PkNr%2Bq2i9F7RYkq0IS6hpV3LMkLrKTkqEQSnbxEes40pR%2FgOnzNOzbMniUQ6erVK56ZYZbObnlS66kBnw\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9dfcf705f-FRA\r\ncontent-length: 77072\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 4314357328815019637\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":507,"timings":{"blocked":93,"dns":3,"connect":20,"send":0,"wait":273,"receive":21,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a611637affbc4027abdf62911359bb23?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a611637affbc4027abdf62911359bb23?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 78832\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 89428\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"a611637affbc4027abdf62911359bb23\"; filename*=utf-8''a611637affbc4027abdf62911359bb23\r\ncontent-md5: ilH7f3d7D8B/nus8wgwMsA==\r\ncontent-transfer-encoding: binary\r\netag: \"FoAkTt7vTOBEGUnjiLwv0UnXyObZ\"\r\nlast-modified: Thu, 05 Mar 2026 19:15:43 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: CjbGqlr13\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: MJkAAADKJ_p7yJsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":78832,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"8a51fb7f777b0fc07f9eeb3cc20c0cb0","sha1":"80244edeef4ce0441949e388bc2fd149d7c8e6d9","sha256":"d507dff6b7474578b15c826b0b9a29cdfb557e9677565a4dca2d9b815de2616f","sha512":"cdb5dddc68ba17f69591b43812324d939a4e8847d1e74a768fa15e927be9f69cb543fe0e3e3e6ead2180a700eb0792e5bb787587e000cfb4c5d54e0094801338","ssdeep":"1536:fIsAI8V+grgRRjHaHkwh6e1UuGX1xwsYjUmI:wIpg8/GBhdZGX1LYjdI","tlshash":"837302f513cfa095a64729d27df5b392fb6312e0d0cac89a9555cb407affed29031884","first_seen":"2025-04-01T11:41:17.802043Z","last_seen":"2026-04-15T00:32:41.953624Z","times_seen":81,"resource_available":false,"data":null}},"time_used":4757,"timings":{"blocked":1003,"dns":0,"connect":255,"send":0,"wait":1548,"receive":1044,"ssl":901},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/97df58620ea240118e24177ca062c2b0?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/97df58620ea240118e24177ca062c2b0?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 16966\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 45314\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"97df58620ea240118e24177ca062c2b0\"; filename*=utf-8''97df58620ea240118e24177ca062c2b0\r\ncontent-md5: xSMolmNDcTJkLrkm49UcVg==\r\ncontent-transfer-encoding: binary\r\netag: \"FpShJjcI6FHr6cJDYJ48MiFt_oe5\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:12 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: xThQjNYtA\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: kfUAAAAFgEWb8JsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16966,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"c523289663437132642eb926e3d51c56","sha1":"94a1263708e851ebe9c243609e3c32216dfe87b9","sha256":"aff0b91e8c316db0df3546c6c7ce84a929076a8c1df8971fa36750e59cdbb413","sha512":"0a82cca27a105472309f202c1a7b7c0ac9095355b834f35a81c8e71545ed68b7853091c65809fb3316362ba0135ddaca5e6c2fcbe738076bbc6b734f9dc32e80","ssdeep":"384:fKwc1JK+3T0pujE37nz3XfTCelEc+Ar+zl9uUQVFg:SwcTP3Y337TXLhlEc+D","tlshash":"9f72cf8cf5228dacd70618c4c5dd1e1f4e7d373a68aa2709e1a43424552caf572aee1e","first_seen":"2025-09-21T04:12:33.87118Z","last_seen":"2026-05-30T17:21:02.250802Z","times_seen":202,"resource_available":false,"data":null}},"time_used":2167,"timings":{"blocked":190,"dns":0,"connect":0,"send":0,"wait":1549,"receive":428,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/a9bc4dae463b4a05993636f96ba9a63b?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.943Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/a9bc4dae463b4a05993636f96ba9a63b?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 18642\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 18316\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"a9bc4dae463b4a05993636f96ba9a63b\"; filename*=utf-8''a9bc4dae463b4a05993636f96ba9a63b\r\ncontent-md5: 4Gj0JzZNp/fAVN9iq/XwhQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FkJmy7gRwmxfm3pfujsXT_e3jyJ9\"\r\nlast-modified: Fri, 06 Mar 2026 19:16:54 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg121;QNM3\r\nx-m-reqid: NiGJrbWsN\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: XaoAAAAsvxIpCZwY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":18642,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"e068f427364da7f7c054df62abf5f085","sha1":"4266cbb811c26c5f9b7a5fba3b174ff7b78f227d","sha256":"205fcf0720dc678907db9b6b8db86a7f86aa45737879edabcb9c5f4f8cc5acc6","sha512":"37c823d3b5049a4a8640bc719acdf326cafee4c4a603b59be12c459150a752d9b4d2f6465f2d0a119f5f7ad6ba198a9eeb6951452e4c7e6da25ea2e2007f483d","ssdeep":"384:DvS3s9IhDK3/Ge6x4wizCC1tOI/4iI6g5rfKPODHEyXo3wRh/7VDFhl41c:DvhmDK3/J+4waJ1tdi6UrKmXo8/7VDlF","tlshash":"8f82d081d124148caa8f02ded5cc72e9649a1b8a6d136a6d2d59c6f804fff0970f933b","first_seen":"2023-11-10T19:11:59Z","last_seen":"2026-05-24T05:41:01.387497Z","times_seen":131,"resource_available":false,"data":null}},"time_used":2210,"timings":{"blocked":187,"dns":0,"connect":0,"send":0,"wait":1549,"receive":474,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/home-bg.1e09954b.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/home-bg.1e09954b.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 4014\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-fae\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338388\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 0A14A733-5B54-43F0-B6B1-D88124807C65\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4014,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 278 x 80, 8-bit colormap, non-interlaced","md5":"ed0eb6c81f949885511fbbe4d666a2f0","sha1":"d74fb98c3b01727753bb182eb5ee5d6eedf3da4a","sha256":"7fecf4ed61ab1535aafe2800474ac643b49264b83f54fc1da596d7334868ae75","sha512":"dd2f749e24e6b35f80fa77856c9c8b1cb1e0cacb9250b947403283e152d8bb9e7bf539df00ca6743d4162aeac014e47ce82191b62847fabe6cbb5693b4cd7fec","ssdeep":"","tlshash":"1a816c7eb31a4997296ff194138b387d74b0709d0b546934388a9c31a4791fcf39e526","first_seen":"2025-08-29T11:05:53.155399Z","last_seen":"2026-06-06T14:57:21.013741Z","times_seen":1516,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_95e34ac6-aa0b-4d3f-9ae0-451b7e2983d6.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:17:09 GMT\r\netag: \"2fcc54486b2179e536ba332abd714c28\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9EjPVLy%2FeJYyf14MaAkfCW93AuzDmgv9ohZtex5MqSWUOVRUGxXKGA05RVYr%2FVXbCf6%2Bqup30BDIujDn8Sh%2FCFgqEOKP6QaHCQAjJplTPbVNlELoN0mq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceb9d9d8d346-FRA\r\ncontent-length: 72760\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 1583782835541836977\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/js/chunk-common.1766990974022.b20784a2.js","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:35.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /js/chunk-common.1766990974022.b20784a2.js HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:36 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:17 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"69522599-27046\"\r\nCache-Control: public, max-age=31536000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nContent-Encoding: gzip\r\nServer: Nginx\r\nX-Safe: 1773320736=vJwEyZl2IdjkBjNrOhsuCC6iDrcJYXrouO8+GvFOH1/bbZ1WCRBAHHXzNNCh1+F91HFXrCJZO1HkidvhE7Lf5WZ7NzZKrF14N4CQgoPE7feS0OxN4yeuFBXSDzXHnwraM4cRjEov6/KOsU75GzN3spf0S/oQjZSbiagUhwwBEj9CQaGX4/V4ANYl28QQD9ES\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 3EAD233E-D9D2-4102-B3EC-E8F651B454EF\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":159814,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"657da8ba15087307d0d3c8f94f4392c5","sha1":"73912284b1ef5da9d41bf0ec9fbaabb80cf9ef0d","sha256":"399994a82be137a3b34fc0f3cc83467eebbbf17246f9d80ea2f2a3b13e439181","sha512":"26389c01730921e461d276ae09f9b75fccc8b2d10670b734ae5356dddbbe0e444abd440fb1f7409f8a9c16f24c4d52a9cd845ccce89de4eb31321aa1f98f48b7","ssdeep":"1536:KZVB2bnNcdWUa2UTo6oryXHuLmbErF/G7D1dMI59HLui7TAN/voVGAClVbGD3tFZ:KZVBM/To6yjFetHLui7T4/voVGAcgD3t","tlshash":"78f3e8c5b3a0f07e9a1ed53779331499b12f758278c87c60f1a1ade6bf19704a436ca8","first_seen":"2025-12-29T19:25:01.969149Z","last_seen":"2026-03-18T12:35:38.951063Z","times_seen":773,"resource_available":true,"data":null}},"time_used":2446,"timings":{"blocked":989,"dns":1,"connect":367,"send":0,"wait":444,"receive":1,"ssl":220},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1884x434_8953c3b5-a3a1-4b97-a677-4b5efb3fb94a.jpg HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/*,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nOrigin: https://u95f.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 12:24:50 GMT\r\netag: \"3744da426a390f82778503dc43cd0007\"\r\ncontent-type: image/jpeg\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3UChNAUAiFhTAB9rVrFgB7IfzoxqFdDfdFsR50zC0jb4YGx20BkEEGsi6ckUTp2Ibu0mqbL7gSamoEKA%2BEPKfEB4vhtDZ3kEueXfr5yMn1ssKsZapJNd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9c1fcf3c5c321cbf-FRA\r\ncontent-length: 359196\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834444\r\neo-log-uuid: 1884400212916942059\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":359196,"size_decoded":0,"mime_type":"image/jpeg","magic":"data","md5":"3744da426a390f82778503dc43cd0007","sha1":"24afaa27882ed170e969e82c4602a1c36f8ad3c6","sha256":"ad876fd90297b8219e140f0045e92294f4ad6b37c0fc5d23995d3d08d0210ebd","sha512":"2e26fa0c939f872b64d8ca47f18f8423f06bfe7572e3bc67f6a500415671865956849ef1bfb90618cd3a54b0d0e8f2f455693de13fc368ef5890309b2ec58d51","ssdeep":"6144:vqJy3fkqKTt3/vdG/ZHOMjOUZgO1EjSa+6V4IG1ukzX+wPpoSLB/ON:QwstNGJZjhu6EL+sGIqJs","tlshash":"6a7412e67e777d4b86b68fb6f3d02e4811919b02dce115487854f42328eb0ece89ec59","first_seen":"2025-12-29T19:25:01.993662Z","last_seen":"2026-04-22T19:07:08.834015Z","times_seen":846,"resource_available":false,"data":null}},"time_used":687,"timings":{"blocked":306,"dns":86,"connect":21,"send":0,"wait":52,"receive":22,"ssl":190},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:07 GMT\r\netag: \"b449cf372f86058b08a8d60b64464df6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ChYEXT1G8BaBZle2kAfw2tJ6NCPNqUsXqzX1QzDxH15zVIXwZi5kKS6e1D0%2B0W0JUHZqe9mSmG1OKsshOuW9mdD3vpDO5ODGW%2BORxsqrhyDQOOt5cKcd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8ec6d24e-FRA\r\ncontent-length: 54466\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 5568619690745146556\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/img/vs.21f89f73.png","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.179","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /img/vs.21f89f73.png HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://u95f.xyz/css/home.1766990974022.971c3723.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 1306\r\nConnection: keep-alive\r\nLast-Modified: Mon, 29 Dec 2025 06:54:16 GMT\r\nVary: Accept-Encoding\r\nETag: \"69522598-51a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 346769\r\nX-VIA: l1=CJR9oEa4UnlD0OBR\r\nX-VERSION: 1772869158\r\nX-Request-Id: A536838E-00D5-4996-826F-C7642C326360\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1306,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 70 x 28, 8-bit colormap, non-interlaced","md5":"41cff06a80e61ee3fcd32f7c29a6493e","sha1":"bb70bb0a3a0fde7a132788777aee629392c756e9","sha256":"3240fcea2e4168dc863b8aea602750e6a1fe11a557c18ac6a381781ef487746b","sha512":"fce7ff9f62b51c4f8994f0a8ec4a56f21570d0cd163471d99b357eb0a9a735c800b389c4a8a611ba441b208cea7eb483140042f5d11ef110b591c1c1898bbb8d","ssdeep":"","tlshash":"e921eaffe15b2c75ccb59bb3bc6c12656809582970866b137125e7588c539217f0c461","first_seen":"2025-08-29T11:05:53.184813Z","last_seen":"2026-06-06T14:57:20.996553Z","times_seen":1514,"resource_available":false,"data":null}},"time_used":469,"timings":{"blocked":33,"dns":0,"connect":0,"send":0,"wait":436,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:42.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_e50c5112-b480-4217-95c2-f187843fa431.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:22:07 GMT\r\netag: \"b449cf372f86058b08a8d60b64464df6\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ChYEXT1G8BaBZle2kAfw2tJ6NCPNqUsXqzX1QzDxH15zVIXwZi5kKS6e1D0%2B0W0JUHZqe9mSmG1OKsshOuW9mdD3vpDO5ODGW%2BORxsqrhyDQOOt5cKcd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: MISS\r\ncf-ray: 9c1fceba8ec6d24e-FRA\r\ncontent-length: 54466\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:42 GMT\r\nage: 1834446\r\neo-log-uuid: 4714165262664664827\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor_nav_web_1.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_nav_web_1.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 7821\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-1e8d\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338392\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 3697DB32-5D5E-4B7B-969C-5C895997C219\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 206 x 332, 8-bit colormap, non-interlaced","md5":"0eb441aa3c30cc3c92da984283938f90","sha1":"74a769808afa9b87ea483a82d47958bf05ab9b87","sha256":"146f45de163728bb850c9a8e6c1693dd4c82caf7b6e1f58728395003b84f286c","sha512":"d1c9c8824c4f42f71db8ce2b62955647aa55bb590305765cd931000d0fc6023f7d57cd3daf6992094365ca6ecb42f02f93d606d79f6643a2f89d52f71200461e","ssdeep":"192:AnUYZGCj89cpWsWKE+hAqF7k4Pk7KJw7OjF57HUNuvs7alaUd:AFEijWKE+hHF7kt7857HU/eRd","tlshash":"20f19f3eececd52cd1a745f68caf47a6142c5031ee9d7929b82fdc728649a409d403c5","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:20.976955Z","times_seen":1563,"resource_available":false,"data":null}},"time_used":2997,"timings":{"blocked":2788,"dns":0,"connect":0,"send":0,"wait":209,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202503/_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202503/_enc_size649x578_d991353f-39ff-4552-be18-848fc3fabfb2.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sat, 06 Dec 2025 06:30:10 GMT\r\netag: \"347c99272e6b5f508846832209fba77a\"\r\ncontent-type: image/webp\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bhAmPYI92AnYaqPp5kV8m6EzoZPQrtqY0aDv3HWp62leqENJyaQAfk1hMWqhRP7xyq8EkG%2Bk5QzkpNWQS8MLKYmzIye6w4Fe%2F0%2FCl5QjaS%2FLxsGFvQpI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d040a3fca5291d7-FRA\r\ncontent-length: 47886\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1717505\r\neo-log-uuid: 8448979866147390094\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/webp","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":327,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":234,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/f319b2c5d94648ab9e10cb2502ea291f?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/f319b2c5d94648ab9e10cb2502ea291f?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 133456\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 61519\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"f319b2c5d94648ab9e10cb2502ea291f\"; filename*=utf-8''f319b2c5d94648ab9e10cb2502ea291f\r\ncontent-md5: 2YbxIiiKa9nX5QjlxH2ugQ==\r\ncontent-transfer-encoding: binary\r\netag: \"FqLJmCrz18fDRCNxmCLvVB6HpW0q\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:50 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: UJh7588lA\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: EvQAAACrXxPe4ZsY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":133456,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"d986f122288a6bd9d7e508e5c47dae81","sha1":"a2c9982af3d7c7c34423719822ef541e87a56d2a","sha256":"9a7f91d612959c47d9e05489f53c479162127b154da2ecca0f22a1c9bbc27b4c","sha512":"d05643d719d56a6950effa42a216a46b05cfec0cbdaab3f9b718784c37bf491d042b4f04a0e3ca58f0d059026e4a9777997c80629d45af24a083bebfefa7245b","ssdeep":"3072:bgvbFHfkhFymw05C8jMJe/asK7cLv32juK9jC8xyh:8vbFchjBxM9s5DmN9jC8ch","tlshash":"bad3016644e22af9c10f47be125a4f035be5efde14adc9382a1109de967ad2452f2c83","first_seen":"2023-08-17T12:39:31Z","last_seen":"2026-03-12T13:06:12.750169Z","times_seen":31,"resource_available":false,"data":null}},"time_used":3418,"timings":{"blocked":755,"dns":0,"connect":0,"send":0,"wait":1254,"receive":1409,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/download/download_nav.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:41.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/download/download_nav.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 180314\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-2c05a\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320741=sLjBMoPIYH/ZklB3a9DMghOf/GLYneRWA/bPl8Ur+HATmzTMipGsv9cFAj7S6AGoBEvP9t7LDlkhG69eTdMx5C7AMrfxLMinA+t4+yjip00/Rd1lP/N9xL19gYhZJIwg2s4LmxUnKlUGQ8zTw0nmn/lVUsLw/3OAKnPJesV9axf34vXzTeOzNybsr1bspTHN\r\nAge: 338389\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: 0E88D8A1-822E-4B19-931B-F9FA649CC574\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 820 x 600, 8-bit colormap, non-interlaced","md5":"87eaffe415a7eb41b7b4b8a868bb3b32","sha1":"575618003efbf8dc8ea781379aeff463cd0cc498","sha256":"4264138e0c015e52e3efa14e34ce9c52490316935b4667756ea631b96eca64dd","sha512":"2b06fbacffed6de2fb1d4a6db2cbd0d9c5c790f9b5a10a6dceac64ff69d300f20628c465a720102da9bd857c80be886ab0a37848929741d2bdef6eddbe0de8bf","ssdeep":"3072:iWlCRQlVF5aSW/mUdJSu3405ovKFzkRKcZjF9Km/mKg/hPFsQBhXRU0K:iWM2I405oCRncZHL/mKWBhXRU0K","tlshash":"0f0412cc23773ffbf8a0865a83fbc1599c3bfd0824e56722ea1662b5186053145a59cb","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.009145Z","times_seen":1450,"resource_available":false,"data":null}},"time_used":3333,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":347,"receive":2986,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/api/sport/match/list?sportId=1\u0026client=web","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:50.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /api/sport/match/list?sportId=1\u0026client=web HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nx-request-source: https://u95f.xyz\r\nXign: A7DxvAxo2UdoIXTETV7cZV4Qsjt/8Y4/hSj7RCgXaWUfZBYykXftwu9csjPsc02tPrcZS/tX3N4/1UnQBIGHt60IveoP0F8+fd2vycKEcS7mXu8KSauyNsgakpAK4LnJhKnHq6m6Mswh8Gk1/SJ3QLSCnyjc3Ae4ffGxvVH+5lk=\r\ntimestamp: 1773320750002\r\nsign: 5v11391p756j5m40\r\nversion: 5.6.9.4\r\nclient-type: web\r\ndevice-id: rYtHdnihQD85imaGAFAinMxefGSPBmCJ\r\nlang: zh-CN\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:50 GMT\r\nContent-Type: application/json\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: no-cache, no-store, max-age=0\r\ncontent-encoding: gzip\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320750=fMuVgBQCY9pwzfCE84mxbel8cVMh7Jae4G+bYwQo2WRg5BJqekAIz56WuE8TRMFqyF0t2eswne4TjGnHtq7YXWflMvq2mHmWy4QYMOEZg2zfdmeqR0TxfZCHYhKZdXDViV1L0SB2D/Q8ibhb2GwN+zWDcO8BNR1YeC7g0e/b8kQ8GtJqWxEZ9nfnk2NaJNZJ\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: B68F3418-6E18-4318-A644-EF61CC84F20C\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16795,"size_decoded":0,"mime_type":"application/json","magic":"Unicode text, UTF-8 text, with very long lines (16099), with no line terminators","md5":"6bbf7bf8e12798187c96e7af5e4b16ff","sha1":"ee7763f2d23727a28f45c0c94b556948283819ea","sha256":"9b558a550d0fc5816b7adfc4db81911be3952488d09ac8b2052f1db355a924e3","sha512":"ec545a334ea5a714555626be28fcd76d1b6934b400415751916dbb1a83162edfe12b859df55fd86fd33c91aa2308d6cca01a59d446e9a138e8e116639e80b345","ssdeep":"384:eAuwS1KpZFIQhfaWk91Pz5YqaSSyjDE00dhhNMuGwZWoqzyLMNcq8rcidrpgUnm8:eAuwS1K/FIQhfaW+Pz5laSPjDE00dhhp","tlshash":"5372bf9a81dd18991b8c61d16e5e3f4c847eb95b0a9eb5daee4ecf0820f83f75240c15","first_seen":"2026-03-12T13:06:12.648485Z","last_seen":"2026-03-12T13:06:12.648485Z","times_seen":1,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"u95f.xyz/kc523-1/sponsor/sponsor_web_2.png?1766990906506","fqdn":"u95f.xyz","domain":"u95f.xyz","tld":"xyz"},"ip":{"addr":"45.196.247.26","port":443,"asn":0,"as":"","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:38.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f234m.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 06:40:46 GMT","end":"Fri, 05 Jun 2026 06:40:45 GMT"},"fingerprint":{"sha1":"3D:CB:D2:FB:59:E3:B0:28:BD:5E:4D:A6:CF:0F:F1:C6:7A:95:74:A8","sha256":"40:74:B4:EB:CD:AF:65:FC:63:BC:7B:6F:6F:C0:49:6E:BF:6E:0B:FF:5B:F9:02:4B:CF:82:A0:4A:28:F7:C6:74"}}},"request":{"raw":"GET /kc523-1/sponsor/sponsor_web_2.png?1766990906506 HTTP/1.1\r\nHost: u95f.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 12 Mar 2026 13:05:40 GMT\r\nContent-Type: image/png\r\nContent-Length: 41033\r\nConnection: keep-alive\r\nLast-Modified: Sat, 27 Sep 2025 11:32:15 GMT\r\nVary: Accept-Encoding\r\nETag: \"68d7cb3f-a049\"\r\nCache-Control: public, max-age=2592000, immutable\r\nAccess-Control-Allow-Origin: *\r\nX-Custom-Check: true\r\nServer: Nginx\r\nX-Safe: 1773320740=UbyPGiMF6oMO3eNBMJExvACPDPz2ndpfMINivjYqk7cS189TdXtJfIe/QT9pwk6lKy9xR7X6sVsYLc7iEZjqMrWRTMzxP2YeeEEOiGX/fzmZ25GQfeI5TxMlxPIK935NtS98+8VYDgeb6H8Q18KA/+QUFUH+6DlyD8ADjapVtTX2Huqe9y56Q2jfSJE7at6d\r\nAge: 338390\r\nX-VIA: l1=4iaGgjza0Vwox8nX\r\nX-VERSION: 1772869158\r\nX-Request-Id: F73F0893-E76E-49F3-8291-58728B458D58\r\nX-Cache-Status: HIT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41033,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 428x169, components 3","md5":"66036fddf71ff69f45c146ca63883070","sha1":"4b3076a271d5042ef1b6cffc2ff49f421a819f08","sha256":"93c59a52fe04b0050dd4552a135177533afbe2dec54f10c516610b0dee857e0c","sha512":"29c2fc65e144e5d13c011e4897e0bdf771c7b4c249875eca4fa25589625696c71ec015e7e8ef3a5ee45f2a6ae9df3663da0bb736a6fb13c9628f0d0957827c71","ssdeep":"768:6eyNeN9huVfPKv0KhazApErcA6cFKSkS+pbTCx81TxUqIUgYWxDHc9wZGbYGniRl:6eXXh8KcQakywKK++tTCi6xD89HbxiD","tlshash":"b003f15c4c413e7777f19baae00ac84224d11fd4fdd5e3e61a8bc659a843a68bc2540e","first_seen":"2023-11-10T19:12:00Z","last_seen":"2026-06-06T14:57:21.001133Z","times_seen":1619,"resource_available":false,"data":null}},"time_used":2603,"timings":{"blocked":2174,"dns":0,"connect":0,"send":0,"wait":215,"receive":214,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-12","alert":"Phishing Block","trigger":"u95f.xyz","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-12","alert":"Sinkholed","trigger":"u95f.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rtt2-img-cn.hb-zpod.com/202508/_enc_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png","fqdn":"rtt2-img-cn.hb-zpod.com","domain":"hb-zpod.com","tld":"com"},"ip":{"addr":"43.169.13.143","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:39.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rtt2-img-cn.hb-zpod.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 22 Jan 2026 00:00:00 GMT","end":"Tue, 21 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DB:2F:76:DC:CC:B7:AA:D9:FD:DD:6B:C6:C1:75:9D:70:66:51:EB:64","sha256":"0F:4C:C1:2D:4A:AA:B5:C0:B5:37:E3:33:91:1D:76:E2:DF:5A:0F:B6:98:62:3B:02:8A:60:E5:21:3F:B7:E9:F8"}}},"request":{"raw":"GET /202508/_enc_size1298x1156_1d28b817-0c00-4339-b666-213943a7b1d3.png HTTP/1.1\r\nHost: rtt2-img-cn.hb-zpod.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Thu, 18 Sep 2025 11:24:08 GMT\r\netag: \"0708bff7e21e2f2e72951bbb2d9d3504\"\r\ncontent-type: image/png\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mSRk3NTx2LVf6fIaX4P1SniZEIab8pr7hqunia%2FF%2BYENBm49CytKsZ7PVNZxEa4Ms8WAzGF6yABuqFDFEz8qizsqEKI6CKvUky5jpiSq49cpgRAqVgD%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\ncf-ray: 9ca7464a3f49d2c7-FRA\r\ncontent-length: 169448\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ndate: Thu, 12 Mar 2026 13:05:39 GMT\r\nage: 1834443\r\neo-log-uuid: 7318441639380976018\r\neo-cache-status: HIT\r\ncache-control: public, max-age=2592000, immutable\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T18:09:48.345789Z","times_seen":16186679,"resource_available":true,"data":null}},"time_used":318,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"photo.365live88.com/img/fb/team/8d77fa4156764c379acc4367331282fe?win007=sell","fqdn":"photo.365live88.com","domain":"365live88.com","tld":"com"},"ip":{"addr":"154.41.93.240","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://u95f.xyz/","date":"2026-03-12T13:05:40.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"photo.365live88.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Sat, 01 Nov 2025 00:00:00 GMT","end":"Sat, 31 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"45:76:43:9C:31:C5:89:A6:99:FD:9B:D8:6C:A9:3A:E6:2F:D6:E9:80","sha256":"73:27:CF:D8:8D:AC:95:46:00:5D:67:05:1E:70:22:3E:17:F0:94:78:CD:6F:A6:9C:C8:5F:B5:3B:75:60:3D:C8"}}},"request":{"raw":"GET /img/fb/team/8d77fa4156764c379acc4367331282fe?win007=sell HTTP/1.1\r\nHost: photo.365live88.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://u95f.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Thu, 12 Mar 2026 13:05:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 15680\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\nage: 69633\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"8d77fa4156764c379acc4367331282fe\"; filename*=utf-8''8d77fa4156764c379acc4367331282fe\r\ncontent-md5: 93BmbEBUNyMCqIzSepJxqw==\r\ncontent-transfer-encoding: binary\r\netag: \"FrwE3g7fBdjP3hGHHuBePBM590zF\"\r\nlast-modified: Fri, 06 Mar 2026 19:15:18 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:wldsg119;QNM3\r\nx-m-reqid: 6E43PzFa3\r\nx-qiniu-zone: as0\r\nx-qnm-cache: Hit\r\nx-reqid: Kw4AAAAkowx92psY\r\nx-svr: IO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":15680,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"f770666c4054372302a88cd27a9271ab","sha1":"bc04de0edf05d8cfde11871ee05e3c1339f74cc5","sha256":"addb6b90b150f4829af906ba194fbaf61e674adde37bc4c75c86957c1f8002c0","sha512":"22391ca97e399f3e6c2a769d09d3b629968cf6ddba060b620269b358d03179a17555690e9e25be39f4088432be480c42b65cea507d424fc6048f2033a4578b57","ssdeep":"384:EmyaF2s00LL7nMtQA+1EQUAqrNgux5h0uuM5Hy:WaFX8tQAU6r5IR","tlshash":"f162d04b4a676ff593d196d46b63c2088d07c820bd82be46ffb387d1ed41728a6e6020","first_seen":"2025-01-29T13:39:14.609204Z","last_seen":"2026-04-30T19:39:49.730865Z","times_seen":37,"resource_available":false,"data":null}},"time_used":2455,"timings":{"blocked":909,"dns":0,"connect":0,"send":0,"wait":1208,"receive":338,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}