{"report_id":"9675a2b7-98b6-4d07-bb76-32a7bbbf554a","version":6,"status":"done","tags":[],"date":"2025-10-27T22:22:17Z","url":{"schema":"http","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.118","port":0,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"title":"帝王会所 - 优质网址导航与视频美图资源","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":""}},"submit":{"url":{"schema":"http","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.118","port":0,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-01T22:22:17Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"ddza-h3.diwang13.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"tongji999.sbs","ip":{"addr":"124.66.208.200","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"domain_registered":"2025-03-08","domain_rank":2225787,"first_seen":"2025-06-12T06:04:10.496156Z","last_seen":"2025-10-27T21:48:41.535817Z","alert_count":0,"request_count":2,"received_data":68100,"sent_data":1406,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"daohhh.tutu1599.top","ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-10","domain_rank":0,"first_seen":"2025-09-09T02:53:14.661053Z","last_seen":"2025-10-27T21:48:40.726864Z","alert_count":26,"request_count":26,"received_data":86035,"sent_data":11733,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ddza-h3.diwang13.top","ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"domain_registered":"2025-10-26","domain_rank":0,"first_seen":"2025-10-27T22:22:17.924872Z","last_seen":"2025-10-27T22:22:17.924872Z","alert_count":4,"request_count":4,"received_data":162953,"sent_data":2019,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe10200c3b2424d4281696391e76bc43","sha1":"789dfe8b04d895c39d342a81144e3e77693c8b2f","sha256":"95653a0f25b11a43fc1516d6d32e92d1f255f05f2082531fdb3cdfd72ab0d73d","sha512":"2d53b9a764527fea9d660348df2833b9e49e6327274f23d31cbe5b805c9e6246a57cfd26ecf042fd078eef8de0d62a5bb0946edabdd6c7e66dc94d6501175a20","ssdeep":"","tlshash":"13c02b3c055c45f0023fb22c239d8940363300c3e00dc9203e0d1e450f50888a2d0645","size":134,"data":"","first_seen":"2025-07-25T13:27:56.922875Z","last_seen":"2026-04-05T01:17:19.632158Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1c6ca19b3cba8d0b988a35e288d1f978","sha1":"0693b3316bf373d5756350577752b5e2cf152ae1","sha256":"a2debe321e69f42fec9a71a5e6bc500e21057178782389ef9ea3c63c811906e2","sha512":"8a139e55865a0793daca070c63897463dabc8cb9234185cdfbdcb2a3d257aee5e3ab16dcf3d5e80aca5b5ba9548149aa706a70aff224f6ad61fcd3457b278138","ssdeep":"","tlshash":"d3d022f736f046b90273b16faa02f714f933ac4fbc99c84336181e254c281b99268182","size":209,"data":"","first_seen":"2025-10-12T21:56:38.384976Z","last_seen":"2026-01-04T00:15:24.137586Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c6ffbc354665e7c934e33707f48b87f","sha1":"bf4e176262def196716966682845d1928324c4f0","sha256":"7e95e231d060979d69c782da9aecc9a3cb317a3bda81da3c7a1e6cf23b9e46f9","sha512":"45058e5b8555d90660fb7224aa8c79f88e4e7fd8edffbf3029159a15f08b2d71359d8f7ed6096f8bfa3ee00764c8af0f00006bed6f1a736af9cc80126fdcf988","ssdeep":"","tlshash":"acf09e215def1dfd613a627f7d7e8d2d73ab2c19a0a0c0447e80d8195e72a8586902cc","size":504,"data":"","first_seen":"2025-07-25T13:27:56.954138Z","last_seen":"2025-11-20T13:35:00.302626Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tongji999.sbs/matomo.js","fqdn":"tongji999.sbs","domain":"tongji999.sbs","tld":"sbs"},"ip":{"addr":"124.66.208.200","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"97d28a3aefbae803f17013706da83e1b","sha1":"2aad8740afe4a5d49c2de29a52b886b2be5bc94c","sha256":"89e35b18e2ddd93f040839eb32f71a22a7781f27fca6e294f9405d5fb0ea2cc3","sha512":"874c1431370e533b59d4377b21110802c7dd63ae40c56d092bfbc7cb482f7a2d52a922a57f53007b30a05972f45ee80f055bfe9500e2fb4d40c6d5bf606ebc6c","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXL0+XzsyWbuds06Vdda8EbdAAOV4ITzvBCQaFLa:AT+Z2fu7dzsyWbbVdda8EbdAA0XvBv5","tlshash":"2163d5ca72c275398bca2074603f1187b17aada7144cc4a4f56ac4fa3c3891e957bf78","size":67498,"data":"","first_seen":"2024-12-12T23:54:46.369205Z","last_seen":"2026-04-05T12:49:32.686008Z","times_seen":11681,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/yinmu.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/yinmu.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2162\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-872\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xrlsjEzMPR1tID5uCWXGrWqRTC6y%2BTVKq%2Bhf9BzVyHAoN2BlOah7UG1V3gJfGPflX1mfXLekqq0kj0TEuI7hC4diwpgLaX%2FXDpKwkDJUOZBTg0E%3D\"}]}\r\ncf-ray: 995596d70be9a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2162,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b0be41111866be2871e4a909c022ee98","sha1":"874891844859ee240f4bad33183a6897ae6ef606","sha256":"e444c90abf6c35e7ee19c014ffe023fb0a799f9efdb3e41a931d1a4ee40b4078","sha512":"2efeea52ef6cf70e6113720b10bd81153951be6eab11b6b724b80e65bf3b3b9a007c3152d2dfe2dc88542e18b8cdaebeaacd20f9c39480831ce35d699b10fcb7","ssdeep":"","tlshash":"a4412a0553a26f39f00406b2585c9f50decabfa08fef6b634355433a0f21ad0821e34a","first_seen":"2025-09-28T14:30:39.265067Z","last_seen":"2026-01-13T03:26:05.731065Z","times_seen":33,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/mfpz.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/mfpz.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1050\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-41a\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h%2BnoayvBh%2BOXVXQyBIeHm8i34deAGmCZm%2FLNjVlQnDGHWbSKHtwsr6Fu6%2FTil2Kt5D8V%2BUw7Q0AQY6mt%2FbXI0wFTUHVSrtlG0sSy6KoZI8VI9Do%3D\"}]}\r\ncf-ray: 995596d71bf3a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1050,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e17dead4c76058a01f10c8b87ea7456b","sha1":"60370ffeaf9c7640fd28c3cb3c3ba741442a1f42","sha256":"229e12f48f1592e34cdfbb58116ca4a11d84a30dbe3bdbcacec7498e279d7113","sha512":"a3fdee787d990296304a8fdc7ef7bf1bd22992d0860fc5caabd3728ad620bdc119b48b20aab14e287c1a9868d0ef56e1a68310ad790d9a128c368a8971fa054d","ssdeep":"","tlshash":"f311967573120779f4022bfd80541f72f31d3d2282daa275808903369b396db39ad6cb","first_seen":"2025-09-28T14:30:39.23487Z","last_seen":"2026-03-08T18:07:35.109633Z","times_seen":34,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/zz.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/zz.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1068\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-42c\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DKnP0G2TVNRuMGlLWJZkuxUcQz7cDMz09eFIo5aYM9MHUHjqhP9wYMT975JiaiXV9b6nfHn1qV70Bu7OOBs2vT8T%2F6hySAlcCrspLnADPwVE9HE%3D\"}]}\r\ncf-ray: 995596d70bdda0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1068,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"ea2cc1ed654d7e1c475bb87389bc33a9","sha1":"53566b6954096e4c95f43bc1e2db1537336b56cf","sha256":"b8b58cdb172790bfc50f9ee5902d08a20bc0a21a41b57b43c68cf651c1100475","sha512":"21dfd974603479e5a022ede147ccf1941d1015d9edd98709b6b8c55625d2191d2d2cd5c78473973b1b23be0d683d5e8cc05df3e138220eca52e073b98664d049","ssdeep":"","tlshash":"d21188645734a7ace542467100739fd2e3fcbf1a4a59d505f28404676b0ebc6341c5a7","first_seen":"2025-09-28T14:30:39.27327Z","last_seen":"2025-12-23T00:11:47.216083Z","times_seen":26,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/qingse1_files/xin.css?v=1.0.0","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"diwang13.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 12:48:27 GMT","end":"Sat, 24 Jan 2026 12:48:26 GMT"},"fingerprint":{"sha1":"46:45:42:27:67:16:2F:29:48:E0:60:1B:EC:30:51:64:F0:92:3D:C6","sha256":"26:DE:4F:55:9D:E6:FF:45:75:F3:2F:49:EA:30:17:03:A1:6E:67:BA:6B:14:09:71:5F:FD:46:FE:54:B8:52:14"}}},"request":{"raw":"GET /123/qingse1_files/xin.css?v=1.0.0 HTTP/1.1\r\nHost: ddza-h3.diwang13.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 27 Oct 2025 22:16:30 GMT\r\netag: W/\"68b41ef4-1182\"\r\nexpires: Tue, 28 Oct 2025 10:16:30 GMT\r\nlast-modified: Mon, 27 Oct 2025 22:16:30 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1641\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4482,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"19b9425da56649cb381f9423b8bbaaf7","sha1":"63a947df6937618e613b94584a81d4665633365f","sha256":"ca6e46a2f0a280180541e7ab54c1498fcde7083bb42dc6ff1503d4ed10a48a16","sha512":"c529edf444b6fa53541f4e33ed0fd222854082383533dd65eb8122ab9f7f17a37341d870cba498a2571ab6ccd66fffed0c6c594b0267ac93b079f33a48231f5e","ssdeep":"96:YtEub48owzT8Zugs8SXBIHtrScYOBizfJGA/onL:Yxb48o6VYyJGA/8","tlshash":"c991541a56522448f11f89667ed81795172f4067be0a4fbdf5763e3cc34a4e500b3a8f","first_seen":"2025-10-05T16:49:51.421483Z","last_seen":"2025-11-12T10:44:26.092481Z","times_seen":8,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"ddza-h3.diwang13.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/51dm.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/51dm.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4280\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-10b8\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2NXF7WRSo8525pzJNIEUqMQzwyW9%2BKlJgzePtOBqJgZrwjw7utpm5YodheGt6pBOr4oqO7aSvEMl9YJI2F3QGftfuKmZQ0oC%2BWMcwGDK57Lq09c%3D\"}]}\r\ncf-ray: 995596d70bd6a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4280,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"68131b6ab20c7cadeed49e04ced3fdd4","sha1":"76484d4a450b78c6d3e0d3985d567ac39192e869","sha256":"062e62780fa767418d0dc2271272be4962f116aa621fea12e96148e1b05fe405","sha512":"dcf0e62f5578719acb5de19b0f924c302c08187d89f583769cc3821ff576d1c795e6e2f83162b4f7ca63922fde3ed035c304d3a259908a46d702a0785d63f01f","ssdeep":"96:FElbw+ibQmkB72aAxJg3sPhSL2Nn6LmcV6S1Hg7vKUkA5DQfEsfjj:Iw/Li7zAxJ2/L1KcoS1ArKUzQ88j","tlshash":"86916e513b390d9cc8e55fb010924f54e3687592574f0ed089674de19b68e79acccbca","first_seen":"2025-09-28T14:30:39.244099Z","last_seen":"2025-10-27T22:22:20.9633Z","times_seen":13,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/llm.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/llm.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2172\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-87c\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i3oeQmvJiwpQyN332qWPHghZIkbW9Dat2Y6hre9%2BWkv%2FgQFb6Fzn%2BAE2IsrLrTRYkOvZD3%2B01WNWcqCyD7oUNnyehzaeqHcZYH%2Bk1fHaoRv%2F8zg%3D\"}]}\r\ncf-ray: 995596d70bdaa0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2172,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2e33f8212729335aaa555c3b246bb17b","sha1":"887b30639e1eb4134cf9d7ce4fcce4cbe0d8c053","sha256":"9a4f59cef955d32cf1089d87b0fd4a9c14bbc0956f4f35a11420d2f6dfe69627","sha512":"450114b398bf5c47cb2b362f498980037ce5e7579e8568e263c1c596273d5e3ef1f68b61cfcada6b3014009357f215510e1c99645c2d601b10cfec4857977b16","ssdeep":"","tlshash":"be41f80923851b1ce0944ab0a5ee8690de1cef26872be7a4818871a25f444811920fca","first_seen":"2025-09-28T14:30:39.278035Z","last_seen":"2025-12-05T19:22:37.282566Z","times_seen":25,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/aaaa.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/aaaa.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1580\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-62c\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NbayBFpOxUTuC051uKf9Im%2FW%2BpJjRRB%2Ft0t29nVSVW4hgQqVkyiDDNTUrmnXGydEVeN%2FUDCr9uCsWAmHG0GaY6XCgyzgr4SZd8Fz8NTCOfRL%2Bsc%3D\"}]}\r\ncf-ray: 995596d70bdba0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1580,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"201c5b0f063d413a2a711e1dc685ce34","sha1":"eaa24008ece3cc25e8c9114daf6b030a4c8a960d","sha256":"9d218252ce1bfff72fbb76b0191ff338ead920a0a15cf93af53d0428224f6bea","sha512":"b1ab105ae1c874c82b6f5372a7de640b5138003953862087c79473ea901a0c6074f33b361dc0a6668fc4a04b04b7e6a7cf8bef93a4a2dd34bb8ce95ee1df2f8d","ssdeep":"","tlshash":"d931e936235d5b7ce464797e90b12f02a7ecbe2705de3612111200100b112e33ade2af","first_seen":"2025-09-28T14:30:39.232517Z","last_seen":"2026-04-05T01:17:19.6217Z","times_seen":37,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/bd.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/bd.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1482\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-5ca\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j55XkCQ1Lm5gWnDn6jZv2wqqG32wQl0HA7%2FUn8v%2Fpheu2vzhJLP9Dyu%2FN1n4LsCWQ1Q%2BNEnADh1J5reFFsRZBLxNp%2BYLUdrEXh%2FUZTgbCebe5zg%3D\"}]}\r\ncf-ray: 995596d71bfea0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1482,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"19f29f39182b2679e0de4159ba7cb03f","sha1":"b1688c8b58c6599dedcfff4cbcce32fe2848eaf2","sha256":"14e79424de471c04119d88d24a4ee8a0f09339d252bdcff8aeebda4cc89987bc","sha512":"b6cccb42ca3097312e6b476fab6220d1d0ff4178ca9d122dddb23f630ff3d53637d99eec99ebcf82d83dd21b30507bd34b82b4fec735b86bcbbafa3d8aa08d12","ssdeep":"","tlshash":"cf3188791bed4f95f0406fb490b42f23e759bc37c7814631d19246e207176c976982ca","first_seen":"2025-09-28T14:30:39.245973Z","last_seen":"2025-11-04T07:51:44.129223Z","times_seen":14,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/diwang1.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/diwang1.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 8730\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:13:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f1f-221a\"\r\naccept-ranges: bytes\r\nage: 2562\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fJsoHiXbe%2BTkP%2FsGSunjCm9d1JD%2BFzZArMOq6dhGRjWtZ%2BM6KfNvfSMKc4OANJ3KvJWLQVtoRkJhBitCMEtmTga41QQzydpbpz%2B8ZYuweUApZDc%3D\"}]}\r\ncf-ray: 995596d70ba0a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8730,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"af4f86acfa38223acf6e551b2bdc499d","sha1":"b451f075915e9abab96896bd922a2ba5f7591fb4","sha256":"24e0f117e082ffa6d3805026c749b9419f25bd924076f74135e229124b9fabe1","sha512":"f7ab2c679a198369587dfc9c3f77b451cbd619a300d37ef995eae56a9649a5d1c76cf272ef7ad72c903ff978710d1e4945d32019d37280408a5db3d78d25f22b","ssdeep":"192:uwT/4QLNymHNHp/4pNoEpjcZ3n9uB18r/AA/+pHN74:uwTQY4pvs39uB2r/AAYN74","tlshash":"1702bfb463a3f538f19f607dc13c4b39b86fbe530e175656844f48266f5e804235608b","first_seen":"2025-10-05T16:49:51.443063Z","last_seen":"2026-04-05T01:17:19.620258Z","times_seen":21,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":9,"dns":15,"connect":1,"send":0,"wait":23,"receive":1,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/mfsp.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/mfsp.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2486\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-9b6\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LcObV%2Fo%2Fh9sN0nq%2BkauTFHu0S2Synz3n4k0bSuoyP6DcHlodvHD0gV2V3esCyANHH8iCsSz1sUWaliH7OIaay8i%2BXwWKG3F8yATvydx%2FBB2jl6Y%3D\"}]}\r\ncf-ray: 995596d70bcfa0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2486,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8f7a3535d2d5f152fecec6cef394eb72","sha1":"a94bd9e2f493ed245981e3d0cfe55d5f28250432","sha256":"3b98b94058b58af2522f17b2bbb2a7bb8fe6ee1e7fc6073dc79b79480728def2","sha512":"5148fba4897d30f8d72e7769efb7bfb0aae817ebb3e481ebb87c2a9c928792f107cb56560efdfe66123582c86cfc6f2b5d78e385e9f06e1c384f405912d89e26","ssdeep":"","tlshash":"51511a760340d64ce2812bb1a8990b91cca5f7abc89e4876e04486b92fd55d330adab3","first_seen":"2025-09-28T14:30:39.270767Z","last_seen":"2026-01-13T03:26:05.737971Z","times_seen":33,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/haose.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.722Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/haose.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2644\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-a54\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yXOI51uQ05a0yYL6fFj235UYRqJ0lHj1Zz7Pfp9%2FZQy2p0l5yd4G8Ril8WLVG%2Fa2DfQXyP6Nbz0pqznFFPCgFXalGjNK6gVew2F7ZeR9wDAZBVQ%3D\"}]}\r\ncf-ray: 995596d70beea0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2644,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c0f6614e07c7758be2618b71a9449e7e","sha1":"3ec301873a9344cd47f699074b567f59de15da7f","sha256":"ec221dc304489224ab14381a7b17637b1eda8eb3813c0d2c75d3f4e0da252056","sha512":"57805e47a1eef74633ea26286ddaf2ae13e375e13baeb18a49c90faece93ddcb69f00e057f50259797741aa27e879c5b4059eca2acedfa3e72aff22c9b7f388a","ssdeep":"","tlshash":"e3514c2363405365e7508838f4219f9adadc8c2f938c556ef30483118906edf5e9cde4","first_seen":"2025-09-28T14:30:39.279443Z","last_seen":"2025-11-04T07:51:44.153266Z","times_seen":14,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/bkmh.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/bkmh.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3736\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-e98\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=86o2cx410Jcb9iFHZMVOXSc%2BndjzpBNrooMcj8gZijlT2RtkmQQkTQeCQkKij8G6d7UBgFjynuZTzEXyrU99R3BhjsuCVMo2Ho5rxXMSoSx7WSo%3D\"}]}\r\ncf-ray: 995596d72c1aa0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3736,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"44207092e151a2d5963bfc780caf147f","sha1":"1c856c0bfbab5de0f3432bfe86462f84cd338f27","sha256":"544820654558d060d99ec48e0834d081454f4fa9b98b2ca96b326f0fbba8ef01","sha512":"5c2a3d1f73b33a871977b7e36785d11adb604ec39ef4caaa43ed72077f23451cb88d1317cbe93e7257aa3c638207c41769055364d4f081c9b03364dd96934905","ssdeep":"","tlshash":"ac714b3c23b555a9e8500ebd74a113c195dcfbb8453385fbb091915bf801cc68e448ca","first_seen":"2025-09-28T14:30:39.252408Z","last_seen":"2025-11-25T16:18:46.007432Z","times_seen":22,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/31.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/31.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1836\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-72c\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JsjZUwD3NWp90zn7pekPLp3MI%2B3d3royB1N5euYCI7rbzQtWvNSnx1YI9oGngvRtPkoTZeSPVz9gT9O%2BzKtsdjlN%2FUtQGm3EdQEuignalvevwv4%3D\"}]}\r\ncf-ray: 995596d72c16a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1836,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"362d206bad6ccefb885e119d33e030db","sha1":"3ff2951c4d8c90f1bd2cc0020208d2446a7de51e","sha256":"c71c71396a4c1dd1a78ccd3376cdfdf976fdc15deea76775d6738f37ffda485f","sha512":"57f6a35936edd6d41ca07cbd01b320abb4971cb965bed9460d29a83bc2b1361d48ca92a97f0af3b9b152f8b5d26e971705609b9ac68a13b3a4cb3c262a0f7734","ssdeep":"","tlshash":"6f311db5af2a1b1cf4d2177490d52fe3e6143c130116d6f053cc66531954cc91d0d6e9","first_seen":"2025-09-28T14:30:39.210093Z","last_seen":"2025-12-23T00:11:47.219176Z","times_seen":21,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":13,"dns":20,"connect":1,"send":0,"wait":9,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tongji999.sbs/matomo.php?action_name=%E5%B8%9D%E7%8E%8B%E4%BC%9A%E6%89%80%20-%20%E4%BC%98%E8%B4%A8%E7%BD%91%E5%9D%80%E5%AF%BC%E8%88%AA%E4%B8%8E%E8%A7%86%E9%A2%91%E7%BE%8E%E5%9B%BE%E8%B5%84%E6%BA%90\u0026idsite=4\u0026rec=1\u0026r=691501\u0026h=22\u0026m=21\u0026s=57\u0026url=https%3A%2F%2Fddza-h3.diwang13.top%2F123%2F%3Freferrer%3Dhttps%3A%2F%2Fwww.yasetube.com%2F\u0026_id=1c867fcd4759b5d7\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=SXYy7Q\u0026pf_net=447\u0026pf_srv=161\u0026pf_tfr=154\u0026pf_dm1=1124\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"tongji999.sbs","domain":"tongji999.sbs","tld":"sbs"},"ip":{"addr":"124.66.208.200","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:57.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tongji999.sbs","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Sep 2025 11:06:21 GMT","end":"Sat, 13 Dec 2025 11:06:20 GMT"},"fingerprint":{"sha1":"55:CE:8F:74:BE:47:E2:1F:D8:32:3D:9B:F1:89:D9:03:84:6F:7B:21","sha256":"39:C3:E1:12:81:57:C9:08:56:E7:89:17:C5:53:5E:BB:82:1F:95:1C:E7:A5:1B:46:64:D0:3A:DB:CA:B7:E1:AA"}}},"request":{"raw":"POST /matomo.php?action_name=%E5%B8%9D%E7%8E%8B%E4%BC%9A%E6%89%80%20-%20%E4%BC%98%E8%B4%A8%E7%BD%91%E5%9D%80%E5%AF%BC%E8%88%AA%E4%B8%8E%E8%A7%86%E9%A2%91%E7%BE%8E%E5%9B%BE%E8%B5%84%E6%BA%90\u0026idsite=4\u0026rec=1\u0026r=691501\u0026h=22\u0026m=21\u0026s=57\u0026url=https%3A%2F%2Fddza-h3.diwang13.top%2F123%2F%3Freferrer%3Dhttps%3A%2F%2Fwww.yasetube.com%2F\u0026_id=1c867fcd4759b5d7\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=SXYy7Q\u0026pf_net=447\u0026pf_srv=161\u0026pf_tfr=154\u0026pf_dm1=1124\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: tongji999.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://ddza-h3.diwang13.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 27 Oct 2025 22:21:58 GMT\r\naccess-control-allow-origin: https://ddza-h3.diwang13.top\r\naccess-control-allow-credentials: true\r\nstrict-transport-security: max-age=31536000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T12:47:03.387186Z","times_seen":13375311,"resource_available":true,"data":null}},"time_used":649,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":648,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/favicons(202)","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/favicons(202) HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:56 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 492\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:13:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f1f-1ec\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SOhDYXNsRhAcLpHiIXv2fSmdoncF8usTxuZ2RDNk9MwxnJN3bHB7GlCem%2FRH9cJKXD4XtA2pnrjpmwuGA2Pa99WMUnBH4EoBINBJS4mZzXZJ5Tg%3D\"}]}\r\ncf-ray: 995596d72c11a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":492,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"3ca64f83fdcf25135d87e08af65e68c9","sha1":"b82d0979d555bd137b33c15021129e06cbeea59a","sha256":"2e30ff33270fd8687b0eb4d12652bfd967f23975f158bf8da93bece2ba4ab947","sha512":"7675a8c4e6146e62dda019340ef95e477aa3d14364b5a773114ea1110c38233f5d8d9b08f6c83bf7664b33695aac7254b25d727a15ea6a9ded2ec9d1ea07dc0e","ssdeep":"","tlshash":"d9f05453331d749ac78be5007052334e6c019194a0e9204b553998f6024f68d3e63adf","first_seen":"2023-04-15T07:55:15Z","last_seen":"2026-04-05T01:17:19.624338Z","times_seen":2646,"resource_available":false,"data":null}},"time_used":603,"timings":{"blocked":15,"dns":18,"connect":1,"send":0,"wait":487,"receive":0,"ssl":60},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/mf.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/mf.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2610\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-a32\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=89UUeYTt0VuXnLTzZ4GWR4MX0flH0f15ZRxJvVRPj2Ehhd%2Bnp4%2FflqOnjdT30fx2yQH9yEvqGzae6O%2BLsKmQrf3GnKIxO5T4WykjJ6xYPOOTrGM%3D\"}]}\r\ncf-ray: 995596d72c24a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2610,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4c34e9927372d033df0855d02d9275dc","sha1":"24a4098d0c05041005972f34b22ced370e03971a","sha256":"ff24d82514316170f9c108aca99c6e93aacec26adffe0d64bebf098c61158b6c","sha512":"934cf3b25aaa6c896f0320aef8215c34c32d27cd6802fb47e957948c8b56970814090bbfc39a46c925da9fe778ee32f256658e7725307913eb4525e203ba81f8","ssdeep":"","tlshash":"eb512af513764f04e6a12971954093c307245004fbcbcb29c448c0a79ff82d862ee1db","first_seen":"2025-09-28T14:30:39.22991Z","last_seen":"2026-04-05T01:17:19.628696Z","times_seen":37,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":15,"dns":13,"connect":1,"send":0,"wait":8,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/mfdy.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/mfdy.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2288\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-8f0\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hDFd8C%2FIXqwZGHuWZZn1dAtMNSNMri6uFm6SfAPrZjabAh6ZJMIaGITo%2B39r475f2U%2FPzaxJK61pFIlyUXowW0qiLfEwAlijr8BKaAmQbTToZX0%3D\"}]}\r\ncf-ray: 995596d70bc0a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2288,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c90010621c05701f4d22825a4e17d19d","sha1":"cb404a5bbb2093ff3c6da7a4692227634cedbd06","sha256":"59287ae764cb0aaf1bf4f5b79165fc794958789c2aff9de32931e567b4d6c9f7","sha512":"1851e89715d49f1e3439771fd4ea3f5fafa4b2de3f72bcfd5c2a051c28566efb824359461bc53c72d5c0e13340e53986d7371ea12b8a358e08bdcf649b10ac0d","ssdeep":"","tlshash":"68411a3c5328730cf7b0b779217d1bc0bbee7a12d9f26b51858846460e44c80299c6c6","first_seen":"2025-09-28T14:30:39.268022Z","last_seen":"2026-04-05T01:17:19.627406Z","times_seen":37,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/1234.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/1234.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1090\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-442\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mQZDMO6Hidy5m8oz0H9OK95m3iB6Q2wQmxDIgBh0EmOzO37BwJTZXoivT8gSQjeZ9ude98dyHUYJki%2FT%2FYG1mojoQNixMFdzzX99bQL0eIwN3So%3D\"}]}\r\ncf-ray: 995596d70beba0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1090,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4ca8e4bd8b34cbdd4242e550494b9aa7","sha1":"d0c368afd98d36f15815c6031a5606566e81703f","sha256":"61047217d257b9130ef2bd8c2ca311783cdda719ef21258b73e5a8e15ee0b5a3","sha512":"3f86759eb8de3c9aca4e685b543fe2cfc71718b344802de3c5c8517e33452c4665219d604f27f116b8a589657e4054ec22724795ecdaecea1f6b5f9451c112c1","ssdeep":"","tlshash":"a0115468a7206788f4175734a1051b01f3bd3e32c6e15a2aa344473a07586de784b29b","first_seen":"2025-09-28T14:30:39.23707Z","last_seen":"2025-12-20T20:16:49.392349Z","times_seen":27,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/diwanghhh1.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/diwanghhh1.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5792\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:13:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f1f-16a0\"\r\naccept-ranges: bytes\r\nage: 2562\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hlbjNzx9HOyAnrDQVMgQXKxeKFaK%2BdE0fZC7A6ZCMF0Pr%2FhTOrJ3CYblZIaA4LjGfbAi4lNiD10a11FIHtB04kCASwmXBSc0XoJfpLwRu4DlRZo%3D\"}]}\r\ncf-ray: 995596d72c2aa0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5792,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"800a7fcc094a1da3765517fda25b8c0b","sha1":"4c79bd52c2282f4131b08d4ea18e9855bf58671b","sha256":"772e2686c6b56e439523d2bafbed77568ac4edde436f2245e4093678c438cd98","sha512":"0efdeb985c6e3954ae322c6eec56fa78665fa548ae40711be33634c7570aebfd03b49c01108b01652ecaef86acd7f163c90ccd8c60fa623ec015495649360580","ssdeep":"96:qEElbw+imBpfqScz3CQ8hhJTcPoXoNmMuk/bnzMsS/L/6TBad7zp145E:iw9fCQ8/WoMuOzzMJ/D+oRzjUE","tlshash":"2dc18da8778a0b98fcca7c3590720b0eb5203dc612b65c6cc5a47b62651bcc34b29c97","first_seen":"2025-10-05T16:49:51.417637Z","last_seen":"2026-01-13T03:26:05.734203Z","times_seen":19,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/91hl.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/91hl.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2812\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-afc\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HjzjKr3LLFMkEGshlE26RE%2Bpat9Klxq7xkdO8Ni95mM7ur5rgoXf6ec9Sp2lE1gxyooEDR64tv3Ks%2F%2FAaC6hiKJEGxmGmsI23dyEWpiqMou797A%3D\"}]}\r\ncf-ray: 995596d70bd3a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2812,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4bd43cd40375c2fbebdb103a0bbaf67e","sha1":"042843b971b129ee56e37c5d275e808c19d83d08","sha256":"6178a22bf8a011167b7ed37d568084b4b8ca077f9e0265b5f5b66d21839cdd68","sha512":"8563e405e0f86bda58b7424a9e8fec7dcfaef4b27ba093d64efa41a59b690608b453fbf139f5ab13641ac0561e4d31220abbf1aa51907f891ae721cf3d7bc5db","ssdeep":"","tlshash":"8a511a236bb43a1df4996936c1c58b4cff5db93282b63503915141394f1dbd61cd88c6","first_seen":"2025-09-28T14:30:39.275205Z","last_seen":"2025-10-27T22:22:20.972073Z","times_seen":13,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/favicons(201)","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/favicons(201) HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:56 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 685\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:13:03 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f1f-2ad\"\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JOiv6aUcwU9q8sMNtYGllyRH%2FUQxz%2Fr2VCDtq05catC3G%2B1bhJcglwIc184feaYT%2BrfhCaj0Gcbakvd2UKooDP%2FRoXNDOy4eXhdPUySZmBlcqPk%3D\"}]}\r\ncf-ray: 995596d72c22a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":685,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"d5bbc0a8fd1574fea14ebf4d1f993ced","sha1":"5ba3247503bfe34ca899401ddadc2723f1de2533","sha256":"1b3dfb016017f62d2e2721a4d5c625b3fe9cedcbf3c2bd266ca47d706fa60bfd","sha512":"564e4ca2e96bcd891f25538343cc84cf3886b4e522f1533b62a857f4c72edaee85919c25a25ed9f6cdced2042389e7cc60b082526b59b38411fbaa1244e92c5e","ssdeep":"","tlshash":"a90188c6224731b2e96bc474de162648d87435de42415f6c1e1e33fb9380304dafd297","first_seen":"2024-10-13T06:47:23.781646Z","last_seen":"2026-04-05T01:17:19.626003Z","times_seen":25,"resource_available":false,"data":null}},"time_used":598,"timings":{"blocked":21,"dns":17,"connect":1,"send":0,"wait":474,"receive":0,"ssl":64},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/ai%E8%84%B1%E8%A1%A3.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/ai%E8%84%B1%E8%A1%A3.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1630\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-65e\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qI0D9FpCTD85mlsPzKcOArQg7UJg9pwSCOj%2Fb9mXLCT8guMEXLaLOlnJP81yrlEpAQ8p6o0z1Ke5SPs3n3s5nNoTXTPX181j9k8sml7RNQU2%2F94%3D\"}]}\r\ncf-ray: 995596d70bb8a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1630,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7cb9a6fc75d1a68b8e4433b27ed4724d","sha1":"7d41eaf8ae41b9eee0e47fae5a17f05f9dc14461","sha256":"f53deea8ffda09aa2f317f59191435d7fc532d792ad721636030f85ac7fc06f0","sha512":"09823d38f83633b6d600d02b31153e96b289b3fd8aa1402cf65867dcf3cc686bdb1f25035316e751bfe9137160e6a62e4e0ceca8a499a2f67cd56b6c873ab660","ssdeep":"","tlshash":"5531f772d7408a36c40927fba0d00e96d7a7bc32c5af5ed6804926024bf09d16cec3ce","first_seen":"2025-09-28T14:30:39.254433Z","last_seen":"2026-04-05T01:17:19.629696Z","times_seen":37,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/ysqd.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/ysqd.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1960\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-7a8\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Aga3hNKwhg1QPZrdSpljFzCEq8dMGyTRESOn0zcgXGV79UwBzS54LFNzV9BGoz5YSAwHpKI0BrHxeHMO7jCW5y3IP9cXpvvIJk7LxEz%2FI7c7ukg%3D\"}]}\r\ncf-ray: 995596d72c2ea0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1960,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d087af65547854b8bb28e7e3fd3dfdfe","sha1":"62796314921452e049642391bd328365c79b6b98","sha256":"7a9aaf07203c40bfc5a8de71ef263784a765ede445e2821942399053a99bb3c5","sha512":"690fe03b7597639d2df68dcc5354c3989462458e497875ac1da08173ee812675fe8c28a30592d8bfaee164ebfa6d00f7abb7b734d2b356b46a3c9d527e1859e7","ssdeep":"","tlshash":"f5410b3d83282f4de912177874d2274cd7e8b41927db550fa99e0373162d3d67a90341","first_seen":"2025-09-28T14:30:39.240235Z","last_seen":"2025-11-25T16:18:46.003202Z","times_seen":22,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":13,"dns":12,"connect":12,"send":0,"wait":7,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/dwang.jpeg","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:56.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"diwang13.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 12:48:27 GMT","end":"Sat, 24 Jan 2026 12:48:26 GMT"},"fingerprint":{"sha1":"46:45:42:27:67:16:2F:29:48:E0:60:1B:EC:30:51:64:F0:92:3D:C6","sha256":"26:DE:4F:55:9D:E6:FF:45:75:F3:2F:49:EA:30:17:03:A1:6E:67:BA:6B:14:09:71:5F:FD:46:FE:54:B8:52:14"}}},"request":{"raw":"GET /dwang.jpeg HTTP/1.1\r\nHost: ddza-h3.diwang13.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Mon, 27 Oct 2025 22:21:56 GMT\r\netag: \"63b72cbf-1df\"\r\nserver: nginx\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 479\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-04-05T12:14:50.053226Z","times_seen":2952,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":288,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"ddza-h3.diwang13.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/912.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/912.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1890\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-762\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MP%2Fi8%2FWc9n19tp3pfwD8c9n9yL40C6y5An4IcTJJ5maafFdSMQqUfFuXSTg0Hv2rNdnritKxUlD5OoCzojAyj7qcVCeGAVdLh2zJE%2Fc%2F76n2gXg%3D\"}]}\r\ncf-ray: 995596d70bc8a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1890,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2f44af897557c802bacd81b7d8e7b4e3","sha1":"9868ec5153a99f39fd6d2320b9995fd4bef06450","sha256":"d9beb44333f549b05d362a49538b38c8c29f965f7187965d1c0b846c2986576f","sha512":"0e1c30310fd285508477d9634b6e61e37832fb1849bf50fd01b72eb2733a639f40d099bc51a97213f8cb1ab97e5d494b103176426450c67d82dda132c13aaebc","ssdeep":"","tlshash":"5741c9786328372ee22757b1a4111f21fb7d38028ffb852a0384a6323e1c0ce5d9c5c9","first_seen":"2025-09-28T14:30:39.283297Z","last_seen":"2026-04-05T01:17:19.623006Z","times_seen":37,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/mfcrq.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/mfcrq.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1284\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-504\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v5q3VF7UtumcYcoCEYsJhfHo38lqnm54FE8%2FEZcy4MKet%2FBOUnOKyeWKJhhrw1G8ET9dLszX13a4T8O0Aw4Va5lbPzrEFR6bKdGlS5iHy7cDvLg%3D\"}]}\r\ncf-ray: 995596d70bc2a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1284,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"df4601f5c6c031daff326e0d003a9c21","sha1":"793c67fefaa0be7cf2018e1c29ad4129f93ced5d","sha256":"f06b6a6e75a2e0b949364aba607655d89f4747fe218d24e2ffabbe8ed58e1c0e","sha512":"0ad50dfd7cdbc55a924973b101a83ee3c0e1dd2094582ae498b481b67e5fa25fcbfdba9b6c500f12d5f8190bee01c11d3cebb7a1bfda1b6dd2373aed1dd004c2","ssdeep":"","tlshash":"50219678734e5b8ee80da3b894e15745dbb878178ed752bec0884146cb855cc1c6d3ca","first_seen":"2025-09-28T14:30:39.218824Z","last_seen":"2026-01-13T03:26:05.738482Z","times_seen":30,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/qingqu.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/qingqu.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2822\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-b06\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X3lEPpZLURfqN0BasKxqeF%2BgZ1S%2BSdnMw95N7O%2F%2FTMvFn45rNJwIrZYRH%2BlG%2FGO%2FwhL4gH7rwrFSUtieBFtn%2F8KoKud4wCrsn5Uh%2FhtCpQy9mwg%3D\"}]}\r\ncf-ray: 995596d71bf8a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2822,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2989b7c417100342805fe629663c17e3","sha1":"84ba6fba347606095a1a7ea420f686d90aa6db8e","sha256":"837ecdfd641195d76727154a23b99310ee0c43fa88748ea689a2246042bac352","sha512":"2b210da5c3f140138b3b363aa31c284861780af2a109962cfaafa4c3f38658baec83b0f83198d87fe4e2505b1c7f6d7f16396a175829217a1df9f3a3e13ac2f7","ssdeep":"","tlshash":"7a512bb423686715eaa9037328d06702ffe0ae079a85634dc2dac13633204d0ba4e7d7","first_seen":"2025-09-28T14:30:39.262669Z","last_seen":"2025-11-09T02:54:25.017594Z","times_seen":16,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-27T22:21:54.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"diwang13.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 12:48:27 GMT","end":"Sat, 24 Jan 2026 12:48:26 GMT"},"fingerprint":{"sha1":"46:45:42:27:67:16:2F:29:48:E0:60:1B:EC:30:51:64:F0:92:3D:C6","sha256":"26:DE:4F:55:9D:E6:FF:45:75:F3:2F:49:EA:30:17:03:A1:6E:67:BA:6B:14:09:71:5F:FD:46:FE:54:B8:52:14"}}},"request":{"raw":"GET /123/?referrer=https://www.yasetube.com/ HTTP/1.1\r\nHost: ddza-h3.diwang13.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Mon, 27 Oct 2025 22:16:29 GMT\r\netag: W/\"68ffc342-26361\"\r\nlast-modified: Mon, 27 Oct 2025 22:16:29 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":156513,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"80c6adef1045d119d67dca37571be4b3","sha1":"61ee6cad0667f2b534cdda6ac8ba2f3604bcae0f","sha256":"a17f44d71540688b7e54148c67e0acd6ea74099bcf5114d43f38107a6b408839","sha512":"563c3e9a075f49d9b61bc4626254a41c350daab4f3872923f454f97f6d95b4c65af88655cfe969abc22cf7180081e99e97bc425dab64f87e7b28f2b66584f549","ssdeep":"1536:JVjFd0G4ns23YahsRcUBFevAF5ZYnEDZpoRJI9PXB4dnq5BpfaKSSzec9CXhdxtQ:JV2BM+Pa9zApFY","tlshash":"c2f357b3c9d9e6273313d4c0a9257e2dc45b208fcc6b3672faae19c77a05d75892284d","first_seen":"2025-10-27T22:22:20.977535Z","last_seen":"2025-10-27T22:22:20.977535Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1047,"timings":{"blocked":442,"dns":126,"connect":153,"send":0,"wait":161,"receive":0,"ssl":160},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"ddza-h3.diwang13.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tongji999.sbs/matomo.js","fqdn":"tongji999.sbs","domain":"tongji999.sbs","tld":"sbs"},"ip":{"addr":"124.66.208.200","port":443,"asn":138195,"as":"MOACK.Co.LTD","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:56.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tongji999.sbs","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Sep 2025 11:06:21 GMT","end":"Sat, 13 Dec 2025 11:06:20 GMT"},"fingerprint":{"sha1":"55:CE:8F:74:BE:47:E2:1F:D8:32:3D:9B:F1:89:D9:03:84:6F:7B:21","sha256":"39:C3:E1:12:81:57:C9:08:56:E7:89:17:C5:53:5E:BB:82:1F:95:1C:E7:A5:1B:46:64:D0:3A:DB:CA:B7:E1:AA"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: tongji999.sbs\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Oct 2025 22:21:57 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 18 Mar 2025 12:47:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d96b73-107aa\"\r\nexpires: Tue, 28 Oct 2025 10:21:57 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":67498,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2878)","md5":"97d28a3aefbae803f17013706da83e1b","sha1":"2aad8740afe4a5d49c2de29a52b886b2be5bc94c","sha256":"89e35b18e2ddd93f040839eb32f71a22a7781f27fca6e294f9405d5fb0ea2cc3","sha512":"874c1431370e533b59d4377b21110802c7dd63ae40c56d092bfbc7cb482f7a2d52a922a57f53007b30a05972f45ee80f055bfe9500e2fb4d40c6d5bf606ebc6c","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXL0+XzsyWbuds06Vdda8EbdAAOV4ITzvBCQaFLa:AT+Z2fu7dzsyWbbVdda8EbdAA0XvBv5","tlshash":"2163d5ca72c275398bca2074603f1187b17aada7144cc4a4f56ac4fa3c3891e957bf78","first_seen":"2024-12-12T23:54:46.369205Z","last_seen":"2026-04-05T12:49:32.686008Z","times_seen":11681,"resource_available":true,"data":null}},"time_used":1820,"timings":{"blocked":620,"dns":37,"connect":289,"send":0,"wait":580,"receive":0,"ssl":290},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/diwang2.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:56.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/diwang2.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 27 Oct 2025 22:21:57 GMT\r\ncontent-type: image/webp\r\ncontent-length: 5166\r\nlast-modified: Fri, 19 Sep 2025 17:13:03 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XhuzOfWS%2FrRI5baklATYfHvSHi6rgwvphvzrlFPO1sevjAqrTNt%2FY%2BPOZh2iWR8kVaoGVIfrzwud6Ye7Mnm4UZ3kbjbZSrrQIyp2r6q%2Fv7eivBc%3D\"}]}\r\netag: \"68cd8f1f-142e\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\ncf-ray: 995596de6e7023eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5166,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"25c880ab45d737dd151cab9b45382a5d","sha1":"e0d1a3eae4eab1862df3ae70e7d0ca9be02b8f7d","sha256":"a01730ed7c9002dddd535de14a3d633840eedfb104be6df363d7ec85d235f8b8","sha512":"1e31fc197f696b41be0663b00e35a4c253aa1dc6ab5ee3632dc59c87ecbc86f09ab0c138f12639ebee07e35fe16fea5dd44a330eea750cc7edc2f6036b3de10a","ssdeep":"96:d71oA9subYjtmRXy97QwXSKvna7lVi7OemfodNn5pFpsdSbnxjxxp2RwrO2Ww:dGA9SkRC97riKvn6qqHG5pF20xXMGrOM","tlshash":"81b19e4da5d14e05df81f889c535526b54353a9a2f247de9c8caed913e01e2c318b8bb","first_seen":"2024-10-11T09:03:11.896544Z","last_seen":"2026-04-05T01:17:19.618822Z","times_seen":100,"resource_available":false,"data":null}},"time_used":493,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":492,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ddza-h3.diwang13.top/123/qingse_files/translateelement.css","fqdn":"ddza-h3.diwang13.top","domain":"diwang13.top","tld":"top"},"ip":{"addr":"194.147.100.135","port":443,"asn":201106,"as":"Spartan Host Ltd","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"diwang13.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 12:48:27 GMT","end":"Sat, 24 Jan 2026 12:48:26 GMT"},"fingerprint":{"sha1":"46:45:42:27:67:16:2F:29:48:E0:60:1B:EC:30:51:64:F0:92:3D:C6","sha256":"26:DE:4F:55:9D:E6:FF:45:75:F3:2F:49:EA:30:17:03:A1:6E:67:BA:6B:14:09:71:5F:FD:46:FE:54:B8:52:14"}}},"request":{"raw":"GET /123/qingse_files/translateelement.css HTTP/1.1\r\nHost: ddza-h3.diwang13.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-type: text/html\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\netag: \"63b72cbf-1df\"\r\nserver: nginx\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 479\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-04-05T12:14:50.053226Z","times_seen":2952,"resource_available":true,"data":null}},"time_used":286,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"ddza-h3.diwang13.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"daohhh.tutu1599.top/img/tu/yuepao.webp","fqdn":"daohhh.tutu1599.top","domain":"tutu1599.top","tld":"top"},"ip":{"addr":"104.21.3.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ddza-h3.diwang13.top/123/?referrer=https://www.yasetube.com/","date":"2025-10-27T22:21:55.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tutu1599.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:44:12 GMT","end":"Tue, 06 Jan 2026 17:42:53 GMT"},"fingerprint":{"sha1":"06:1B:72:02:6A:3F:AA:75:A4:B2:0A:51:77:66:F4:0C:94:39:F7:7B","sha256":"9B:52:FD:C7:33:7C:BD:55:25:43:F3:E9:31:D0:A2:D9:02:70:64:AE:DD:7B:09:9D:2F:90:8B:6B:32:4A:4A:5B"}}},"request":{"raw":"GET /img/tu/yuepao.webp HTTP/1.1\r\nHost: daohhh.tutu1599.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ddza-h3.diwang13.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 27 Oct 2025 22:21:55 GMT\r\ncontent-type: image/webp\r\ncontent-length: 3508\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Sep 2025 17:15:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68cd8f9f-db4\"\r\naccept-ranges: bytes\r\nage: 2661\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=awe1YzcK%2BADrXxaa%2Bf6KZrTeGaVmo5uJ%2FF5uXMa0fEI1nID9r1ukLeOkT9hPOYRiUmAtob6zQc5otSVc4JqVsXYvuqFzR%2BQ6KfmkID7MU3EaWJM%3D\"}]}\r\ncf-ray: 995596d70ba6a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3508,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a794b7ba73116df0f8c93744ccb101f8","sha1":"af145e737a8c878e348ae2c5d9d695102067328e","sha256":"ab8e323300912744f739a2d23dfba89b06105d377786f5cdce390f7b8ff8d5fe","sha512":"d8689fca9445651a36581072eaf9d308cd116f0b499877bfc82594f9a4a7ec5d44ce5ecf336a980d4702345b90746eb7a5e63ca12478350b24255e7cfed2f5b0","ssdeep":"","tlshash":"8a714bf833219b08f78469b2412073b3a92561101377b61215569a72eb0e9c62dece0f","first_seen":"2025-09-28T14:30:39.259115Z","last_seen":"2025-11-09T02:54:25.066236Z","times_seen":16,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-27","alert":"Sinkholed","trigger":"daohhh.tutu1599.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}