{"report_id":"97f21972-3988-453d-95a4-06c1c8015dbb","version":6,"status":"done","tags":[],"date":"2026-04-11T00:48:08Z","url":{"schema":"http","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":0,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"title":"嫩草影院一二三区入口首页 - 最新热门影视资源在线观看","dom":{"size":218118,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (39633)","md5":"66f39b44b83242c3689f9a1cb5dc68e1","sha1":"9d01f469caee119f181701f06fc271abf33610f7","sha256":"b6ae65b0c528c9c85a80ec1416e66561696979f9f4bb79ec86dba7777f1b3947","sha512":"9147f58ed2dfda7067de3881de671751e35b126b51bfdd727a44890e6c813a07d30a1a6eaaef88e49e38746924b02369ffbbc173d9e60cda3a902491bbd38df3","ssdeep":"1536:YQgd1E7baukBztYr/hizxdUDr5+GslH5ms42a+5+LUXQQXXQXB0nX+cCXQX1HkXx:YQdbaukBV45WSB210UVjsA2h","tlshash":"8e24b52254f124398153a1a4d9e0bf0d7a208307c826ce55f76caadeffc6d9255b7b8c","dom_hash":"domhash6cff2909779ede81e268d289f19168b3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":0,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-16T00:48:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-11T00:47:48Z","timestamp":1775868468,"ip_dst":{"addr":"172.67.198.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42926,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-04-11T00:47:48.706043+0000\",\"flow_id\":1473176369670673,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.3\",\"src_port\":42926,\"dest_ip\":\"172.67.198.174\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"drft.hbgt8pf.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":918,\"bytes_toclient\":1654,\"start\":\"2026-04-11T00:47:48.698897+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gogo17.ubyt4z.vip","ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-12","domain_rank":0,"first_seen":"2025-06-18T05:29:36.952687Z","last_seen":"2026-01-26T08:55:23.193928Z","alert_count":0,"request_count":2,"received_data":4909,"sent_data":983,"comment":"","tags":null,"fingerprints":[{"name":"PHP:8.0.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-04-06T05:04:06.615629Z","alert_count":0,"request_count":1,"received_data":362,"sent_data":476,"comment":"","tags":null,"fingerprints":null},{"fqdn":"rtnsgs4q39p1vh.kfrse64990.top","ip":{"addr":"156.234.139.98","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":1285,"sent_data":532,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ftgy.drvhg2at.icu","ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":63,"request_count":63,"received_data":17637610,"sent_data":29334,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:8.0.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Gravatar","description":"Gravatar is a service for providing globally unique avatars.","website":"https://gravatar.com","common_platform_enumeration":"","icon":"Gravatar.png","categories":["Miscellaneous"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"sdk.51.la","ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":347679,"first_seen":"2021-03-08T16:03:51Z","last_seen":"2026-04-04T18:18:07.273245Z","alert_count":0,"request_count":1,"received_data":76178,"sent_data":476,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cnweb-nencao.com","ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":35,"received_data":2032963,"sent_data":16732,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-08-30","domain_rank":4073,"first_seen":"2019-09-24T14:34:56Z","last_seen":"2026-04-05T22:43:44.876774Z","alert_count":0,"request_count":2,"received_data":63084,"sent_data":1024,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-04-06T04:32:17.512298Z","alert_count":0,"request_count":2,"received_data":30876,"sent_data":1302,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"stdpk.17cgdl.vip","ip":{"addr":"172.67.130.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-19","domain_rank":0,"first_seen":"2025-10-12T17:21:11.889167Z","last_seen":"2026-01-08T15:57:54.513784Z","alert_count":0,"request_count":1,"received_data":2454,"sent_data":532,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"rtnsgs4q39p1vh.kfrse64990.top/","fqdn":"rtnsgs4q39p1vh.kfrse64990.top","domain":"kfrse64990.top","tld":"top"},"ip":{"addr":"156.234.139.98","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab8b1e51f0c3cdbf5bb3a6218a7cbdd2","sha1":"8c0b5abd48d5acff65b5cfd7f194c42e1b06c45e","sha256":"8aae0cae6e9f99daef2b11ae8a73989c1454e259ed8c421ff95b4db21c6681ae","sha512":"e39c6f37da1887edd2faa2e3307e32bfbd19b74b1c4a8185a20c7db7cfb91bb76b4793176d4b287a86a959f11bc2a425dd0558dc9897dfc36b5f46e86229613b","ssdeep":"","tlshash":"6701d6aec1e0663a2212184da10d385d7c9358cfdcccc962ac2cddd7593486707ebaec","size":807,"data":"","first_seen":"2026-04-11T00:48:34.436139Z","last_seen":"2026-04-11T01:22:54.731598Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/jquery.qrcode.min.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"05f0b1d7d4b9b0b4975870606d650e3c","sha1":"f424bd339870510d1160d1c5da5d698aedbb452e","sha256":"f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d","sha512":"34551c0e59b857e6b6b233d7ee04442178024858daf5c1ed28f38bd738fa4219c4d2f718ebde4c3837a1aa46866132f22f6c317bfc2daf8678f52bea5ead7651","ssdeep":"384:ILEsd9QYYAA1TRjjrlqgbHH/sgDZUnEbBIg4:wIFbVg","tlshash":"b452c8d1f39142b7b1466cd9681f289e98e8a4a3ac14955cbfb8c0e2e674fd16478f30","size":13995,"data":"","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-04-11T00:48:34.281279Z","times_seen":3638,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"94d5360b3c4e74ba446ee592940dc0c3","sha1":"d2f56a29ef92b577885fbf52690cd0cc6794048c","sha256":"5d069cb1373812e23ee42f71028979f803c4f52985ded53262ff93e4198f2e65","sha512":"1cb93ed272260904143a11bfcb6b972d7d8cdd956f0115372affd2ec3923ecd38132a437986baccc3acbc4c128961baf11a95c173d1c8e3729166d45272f5e63","ssdeep":"","tlshash":"d3f097cea38acc8438e3beb46826281c20ee0f21cd9e88ac9cd4545515d58f302c02ef","size":491,"data":"","first_seen":"2026-04-11T00:48:34.440709Z","last_seen":"2026-04-11T00:48:34.440709Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gogo17.ubyt4z.vip/?refer=stdpk","fqdn":"gogo17.ubyt4z.vip","domain":"ubyt4z.vip","tld":"vip"},"ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c26eb5fcb13d60b8070cae63ab5a4ca1","sha1":"9d480249714d9eebf540b64a2a037185f0f17ff9","sha256":"a10a52a04061a6dca22d628318587e0a377f34eaca80497e9138d28281b86451","sha512":"157d783374fcc5aa54993e9a048dfa71cf220f9bd06c67485880c6b3a50b0a22a42f28eb0b4499f9d9c3a92d3b3775b68539eb60df734093f275bb5d04abc1f9","ssdeep":"","tlshash":"5e1179483aa73953067e70d3557a48b753f121096d7b0550f044dec5f9d99d2413bd3d","size":1066,"data":"","first_seen":"2025-03-06T22:22:44.622222Z","last_seen":"2026-04-11T01:22:54.72246Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"bae5f721a16f9ce1b2f2847890812957","sha1":"686ded694e4f0fed2926a81389c23279818677d2","sha256":"1459e0960eb32c0b215f5a7daecb327b03ea18af4151be71e4be98d507c9d99f","sha512":"8c07013092716ec0a9b562a8112618def1c46867f34ed82f304de08f51d84c74db328a2547496d27a550a3a1a3edd3d96d1b93c069a415dceb53b59e7e05cca6","ssdeep":"","tlshash":"d85176a64c0b921576062078e50dea4537cb9217bd6cf301f2ec8f045f6fa2da478dd4","size":2993,"data":"","first_seen":"2026-04-11T00:48:34.442533Z","last_seen":"2026-04-11T00:48:34.442533Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"b9069b3d72fc3150ebe11bf8dbc2159b","sha1":"0b1b46e88559ee00b6cae2a5730e29242a361141","sha256":"aac4b776368a8529d37beed77322529d95bdc31c4e6bd0065671f333eb6a2c79","sha512":"9c4efe11a9e7506fa4b6eb7aec4a1c831b9f8eea4c0231e9867830df67812942a707338b97b4fd2b6af122f315f1f03fc904e556107d36db848a6939ccf526d9","ssdeep":"192:UDKhafGfAG/QLgVa5yvpLkq4mDycdJH06ycVYT8WRqh9fd5gMlpJSVHxD:Uehm1EBz9b9pu","tlshash":"2af1dc189ef35079b117703e576f23083269d2139608cf153e5de290bf70966aab6bf8","size":7977,"data":"","first_seen":"2023-03-13T14:43:10Z","last_seen":"2026-04-11T01:22:54.708593Z","times_seen":104,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"bc102016899b24c77e9c95a22f063c13","sha1":"8c020ef51e507f0af8d6fd4bcad8c9457a4dfc6c","sha256":"3913329daf0872fefe111917f6584d602e95744e75d57208243f4698ec1f93c0","sha512":"226679eb8092047ba6fc32939662ee86baf76f91fed7f3b72407ae24cd1f004106edfddddfade06562cc52abd1133312c074eae7e9cb5063b6345a1c50ed945f","ssdeep":"","tlshash":"dd900202882b1dd82ca00009817d3c88f381299b01f0d4082804f056ce9008e0a081d0","size":55,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T03:48:07.309247Z","times_seen":11882,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"3db5dc81f7402a7c89c09c7aaa8c3367","sha1":"dade57d7cbf3010c2641653ccf8b14ad9d8a00e7","sha256":"c8a3681e0ddac9a1422d9ad40800e29edb30abc874d4c23d01191cf9a17280e9","sha512":"bbbac16644aa90bc06d5447103ddecca176973a5bd91328012979cc96a3a801ad4e296ce5e1a112e5b9b03ee462c3acf178c9962454848eb51d5f814037beef2","ssdeep":"","tlshash":"4190040041cd4151dc7500141157050404000c533c57d411310d05075f455dd4174541","size":41,"data":"","first_seen":"2023-07-18T22:31:47Z","last_seen":"2026-04-11T01:22:54.711576Z","times_seen":182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f93555578c70da3485862bd311156ca","sha1":"da60c13adec73febfb4eab8f27ed0c09e351d241","sha256":"ef4b58c96904159e111dcd3aa962cc3d3498e8748c61eb9b44fb0b4d64512b1f","sha512":"5d18f1b44b5c0102d15b4198b6aeab01c15fdec0faa341fe8bb7deea8010103c94761681ba19b85f22126b711b38c948f06c2aeb7158eb087d312f34c02863e7","ssdeep":"","tlshash":"821148cd845346bc15ab1adb1ee316c42352a4cbe445c62732edd74e9fc42d458397d0","size":1103,"data":"","first_seen":"2023-07-18T22:31:47Z","last_seen":"2026-04-11T01:22:54.712258Z","times_seen":105,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"badc375a245bfd5b500141110ecab1dd","sha1":"1d6cf5f15e810c7f9cce9bbaa7a92a86ccf37044","sha256":"0a55a14a6c6dbb708db317f4b47023d498314c42b935ae16db8c793a4c7d9eea","sha512":"d20f68bfcd4fd2d87a0bb384c1b64bc774773d809bfe9d08ee58768046a6d5e1520d7e1198b4b9451992c40bc8521a07b72ae1d387295df1b4e1b9259b965471","ssdeep":"","tlshash":"0601a2718e63106674231267e61a02c261f31067d540d505796dac646fd4e12366e7f0","size":842,"data":"","first_seen":"2026-04-11T00:48:34.445581Z","last_seen":"2026-04-11T00:48:34.445581Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"55b5da809b5fcab0fdf4783113bf3fe8","sha1":"d7b4bd51f3308a2a66bbd31e8a67ae98f612cd44","sha256":"f5751b54f00b6a9a16a33bfe15335259e6d2f2486952bc09b87120c0ab1e843e","sha512":"2b314bbfbb3ebbfaae7fd0056f1163aa3984fe811504c8f512bbe1872fc452b422395c55aeaf6ff535d6e090f286ce2c211a19c3897337bab921886830a02961","ssdeep":"","tlshash":"63e05b3215948c7dd09bc18fa57047ceec96144f7459e456b25d0b4dff00c6621719d5","size":326,"data":"","first_seen":"2026-04-11T00:48:34.446768Z","last_seen":"2026-04-11T00:48:34.446768Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"d54409fb04ebb259caffe687e23967ff","sha1":"871fb3c4834a7f69583faad318789c9a471fc9c5","sha256":"6aa72009e4a5fe61b4fbda1329126365d59b1d2f598d77daf7c1841caba933f9","sha512":"8877cc673ade2f9eec41040f67008010b36225d1937c7b5a40a385677e5be87cd0d42dff00986f05bc16d0f72f3538a0c87589399d14394ebd08c544122dc5fb","ssdeep":"","tlshash":"02e05b1149d4a87ea05b458f956147cd9d91144bf516e005335d07cc9f00e663161f95","size":326,"data":"","first_seen":"2026-04-11T00:48:34.45298Z","last_seen":"2026-04-11T00:48:34.45298Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/assets/DPlayer.min.js?v2","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb63026b360044089dd358de915798b","sha1":"da044d75af8eb325dd106bfb16853639a023d1a9","sha256":"8da0b14d55cea5beaafd7158373a7ae56149ecbca87aba7d3ea761c07cd58a41","sha512":"5ba32793b1ea13321e1810e29ab5f4e74c6976a615f206ceb54635a787751a7ec12aa707cfa64e66a3f07c99d89f9d5b516d6e8a54a28c92c9c264a83f63c93d","ssdeep":"1536:z+J45mB2BeDaJgotYr/hizxdUDr5+GslH7ukBbeLwVm2VBXl3PQ6DkbilY6G2wcQ:m4IBvI7ukBbeU13zcvF3","tlshash":"06f3f85522947131029366e4c58ba70c3235a326e9028b5ef13efacd8fadc8d2577f76","size":161234,"data":"","first_seen":"2024-01-03T10:49:01Z","last_seen":"2026-04-11T01:22:54.700254Z","times_seen":198,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"ec88733930e2df9d1c5eca90b9f3cfd8","sha1":"66156b889c56c4e49444dd0f51e1db3a52a2ccfa","sha256":"fa116053e3cf72c12d33fcdf61553deffc3359d9509e134ab2b19c30f210c804","sha512":"b46ddaad3a237da219e90038a97264abfd347ce1462a770d7dafdba57f3c9ea0722ef757961af98df46f21130041684377e7534857eb048ff70accc3c4e76681","ssdeep":"","tlshash":"afe0a5530955947e805785cfda3147ce9c56340fbc05b045731d47cc9f40daa2165dd5","size":326,"data":"","first_seen":"2026-04-11T00:48:34.458462Z","last_seen":"2026-04-11T00:48:34.458462Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"f915e0e9062ef621b46a3169803ab77f","sha1":"03f61e531f4b86a860750372ecc12b3b42f58517","sha256":"9d1ebf6a9d23796c91167093384c4e9f290056d1fbd0af43da38b4f615ee69eb","sha512":"dee2f5f1f5d661ae999b6ac7ee90af5f41e308ab97a08884cea2e06ab54b02dbd2c5f672135b397a851a53088b509de74ef886fd24fd3c687e42fea247fb767b","ssdeep":"","tlshash":"6de05e2315d5a87f801b858f96308bcefc97185bb80aa01ef31c0f8ddf00c763265995","size":326,"data":"","first_seen":"2026-04-11T00:48:34.4666Z","last_seen":"2026-04-11T00:48:34.4666Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"3be5b2c43cab5a25955360e6b6351755","sha1":"fe461e20159f882cf3d810c6a7d03652167eba9f","sha256":"d76107d6304951b8662757667797273035d316273e249457756e83d14f85b569","sha512":"a4eed6131d6e44c2e9a6731a4c84ac25efd40206f90e058cc6f3e68676b1adb18e45faa887af3bb956d9f76141165ee3a7b78b97c6aca1a0f7bf3d25b43ab22e","ssdeep":"","tlshash":"fee0a772095a947ea15782cfda3047ceacd2281fb416b006331d0bcc9f21ce61361dd5","size":326,"data":"","first_seen":"2026-04-11T00:48:34.467696Z","last_seen":"2026-04-11T00:48:34.467696Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"e60f61beaf98826ea06b82bb18f3b9ef","sha1":"b15745795f6285e60aa56e0d1477f496f1782175","sha256":"d575a193cb5df5ee468e4cb2a3c7678a140779417863098bc368724099091466","sha512":"6b3f6e1562278f38e01ade93622c78a65bece5b2dd2f707f91d7fa5a56b514a6d49288b306da85c01488454c85e2abb74f84cb708f805a1afb659652042fe5b5","ssdeep":"","tlshash":"aae097321874e87ea06781cfe23043deac9e280fb002f006324c1bcc9f20c661261ec0","size":326,"data":"","first_seen":"2026-04-11T00:48:34.468719Z","last_seen":"2026-04-11T00:48:34.468719Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"e5412bed4e73f3bda046740ba52e06b4","sha1":"3724d553df4a9d6a53822ec9a09760ebeb0075cd","sha256":"ff7c47fa13238cb8255cecf0be66dfb72d0b5b28352cd40e19a1698962a17664","sha512":"b40088a57c4815839d08d7e2de8d4b0117156f86457dde31aeb10c22d9269930b1f1e74e725c782ca066d1cb666b48a4973a7a804fe739fca6abdb6d986758a8","ssdeep":"","tlshash":"abe05b3546d8843d901b868f95716bdddc6a640fb8166207365c074cdf08c561372995","size":326,"data":"","first_seen":"2026-04-11T00:48:34.469654Z","last_seen":"2026-04-11T00:48:34.469654Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"c08b21efaeb22f56b2a96130534956f3","sha1":"89305781f69a1c8cce340b79df00d69b37b9b475","sha256":"2c747496a7a0401fb7333711e72e2553ea6b629e81d5a612789c4d64ee2ff9b5","sha512":"40315bea2d215b41beb52aa7fe133ae212f5de56374e859cbebd14da3858ab24c608258cc38d52d005c4a9406073dfd6dd21ed81679e2d31db89281e30520799","ssdeep":"","tlshash":"e1e05e320998947ec45b82cf963557ceac92a88fb456a006325e0bccdf80c661262d96","size":325,"data":"","first_seen":"2026-04-11T00:48:34.470552Z","last_seen":"2026-04-11T00:48:34.470552Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"bd7b3456f876d29d618023bcce035bfa","sha1":"b8f1d5c2925f1f5e0e28986372f9dbb98698017e","sha256":"abb8243c447318aa56efe8130a35a3f939bad8ebafc9c44a03cc104339574fea","sha512":"96b7ba23da07c2c9d008c2f5296d66bbde086bf8531d2eaeb716071b8c7ffb32967ee70475962d57c078174dc7f57e62ee5c4127e80d9c3eefb1361a9d7f810c","ssdeep":"","tlshash":"c8e05e320d6894be916782cfd66047ceace2280bb456a006721d1bcd9f14db61361dd5","size":326,"data":"","first_seen":"2026-04-11T00:48:34.472946Z","last_seen":"2026-04-11T00:48:34.472946Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"db795cf3a1a6f3314d553d22edc7fac2","sha1":"cd04b3ea6b3ed134fa9884ff86be0c69589f14e6","sha256":"4ba9e9fc173aca222843a09fbf6d53b98ca1cc6730f995e3180723e9ab377089","sha512":"d35652ac2d0a18bf6cb576e139c68622e9797e99c0d82ed85c2487a9e6307cf6269dc380aeeee6764fa49247d2f3f6f94fa66fc63f7b22bb11b409dcf4c36985","ssdeep":"","tlshash":"26e05e3205648c7ea82f81cf9a714bcfac921c0bb806e006321c0f8def01d661261ed9","size":326,"data":"","first_seen":"2026-04-11T00:48:34.473921Z","last_seen":"2026-04-11T00:48:34.473921Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","size":31169,"data":"","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-04-11T02:58:41.195339Z","times_seen":33883,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/index.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf8b4867659cecf54e3a0f63c73c8ee8","sha1":"3bff7b4f6d94ed4b9b1812685619b95db78dd357","sha256":"62097362adbfbdb1915c33571dd24ec67de0e62609ae83215b942c4002606504","sha512":"3a313fd628ef8904fe6104656c03e7ecc0997c714ecab6d8ae2bbc2e78d0c7c1c85c04bea9945b334885b414ddbb1322d4d3ed9ceeabd24fb2e8504298309b6d","ssdeep":"","tlshash":"72418844a500106c2177d37f4e3e5200ea63125bd08acc6ab4bc69946f715258b9eff8","size":2270,"data":"","first_seen":"2025-07-01T02:08:25.02874Z","last_seen":"2026-04-11T00:48:34.358824Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?ce95a5f143b18a92f5e2abde1ce8f8f6","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"110e6071bd4bb5a22ac3c635a7f381a4","sha1":"0ca7ed7e56511fc464674c94e899659b155d28d1","sha256":"a9ac246be9a17c9e3b7694dc2bdcce6601d776c29d6f7126677f3e4739fabc79","sha512":"911756b7264ac5f017482befe520be54294ab563add70653ff270fc780eca1610bd3b506445d9f23d76b5dbdb5e6769615a4c275967612bdaff2d336b3199688","ssdeep":"384:PsJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:Ps4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"18d2d9a9b282713293a324a5153f324ef07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29894,"data":"","first_seen":"2026-04-11T00:48:34.283751Z","last_seen":"2026-04-11T00:48:34.283751Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gogo17.ubyt4z.vip/?refer=stdpk","fqdn":"gogo17.ubyt4z.vip","domain":"ubyt4z.vip","tld":"vip"},"ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"05a02dab5d07934e4ef26adc424b35bc","sha1":"a58673c79cfc045593c522a9a9e86053f09b8c2c","sha256":"64d4481a7bb06c22246017c07fd4457f15a742052bffa1edfb166f8afd83b792","sha512":"845f5cd9d2813563e10289c69b42791a64a38ee2d03f5bd9797ae18f2c3cdb249c0625d842b558561096bd3d2a4f51a7bf0a55948f504ad21278a242db4ca92f","ssdeep":"","tlshash":"d601100cbda2c503805d295b79f3e4b945702234ed36842079cbddc8e4319d24927c2c","size":714,"data":"","first_seen":"2025-02-06T04:35:41.00133Z","last_seen":"2026-04-11T01:22:54.765488Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"d3c2c489eec48de236f0e06ed65fa3d9","sha1":"50351a1561c8a0f9f3fd8cb54aba5ca002c5e15c","sha256":"5e273d1562ecf373ad420d2387f21e23bebcf87642a900785eba2a507d4c23ee","sha512":"7902af1c0abf30ff248d356de56be45498f4f7b6767e9fe360d3b6dc6723a146c2cb20e71ce97ab1a247bdd59b08fc31c36d160c5cc0de3f9317b0823cb4bc05","ssdeep":"","tlshash":"06e0a7260964987e895785cfd63447cead92284ff916b006331d0bdcdf10d6e2266dd5","size":326,"data":"","first_seen":"2026-04-11T00:48:34.475654Z","last_seen":"2026-04-11T00:48:34.475654Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"a756dffe05bf6e1f495a6e5f80df91be","sha1":"13e24d84546e2296b2bd1af3fdcfcb44f11bf7cf","sha256":"39f832107e0253a2b6e6616132a82038a818c587e691e32c3836e63d14e08eb4","sha512":"81c099b4e8732ce122cb53fdd75dc96949b56bdb65b34c3d1da5c11e17aeb1891314c243baea4b61f14c7b59bc4202fde31c70572a240badeceac1c63827ec5d","ssdeep":"","tlshash":"7ce02b310e54857d8017418f992407cd9d91740fb4117002325e07cd9f00cae1251ce4","size":325,"data":"","first_seen":"2026-04-11T00:48:34.476777Z","last_seen":"2026-04-11T00:48:34.476777Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"16ecb8f3aa38c6d49141c4427884f527","sha1":"a37ba609542709c6ce12ef39eebaa747545d917b","sha256":"3bb09be130154ff297feaf6bf63a06583d5139cb275b31ddad3d2c002ef97246","sha512":"eb9121f177320ef6bb3d6ae76cf2211cdd7fb33f32745140ce7b70fa7c147e279436b9eb8de9e1015674dc5eb0b479d1d3efff59aef7c1acd4a84396c173f925","ssdeep":"","tlshash":"c8e02b225858a4bd9017438f893003cf9d91144bb8137006320c17ce8f10da61251d80","size":328,"data":"","first_seen":"2026-04-11T00:48:34.477705Z","last_seen":"2026-04-11T00:48:34.477705Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"a366a63f1c52d7f4ab0c67e254c6be41","sha1":"97376087e4828017862d868ae6d66f2f1d803d6a","sha256":"482e89e2ebf3c3d65ae3ebcf159a348c01b9d21ad53be3fd812f5a179225d2c2","sha512":"5d400d654eee6ec8203a34698ce6811936b5a324f8d38ba21e1e4c89b19bb52c9108cfa9dde8412b325f01df2ef5da000c011b4008e7edfe9648db3b459c982b","ssdeep":"","tlshash":"9fe02b11089ca47e8057418f9a3003cd9d95389bb8026006720c07cdef00ea71151ce0","size":329,"data":"","first_seen":"2026-04-11T00:48:34.478563Z","last_seen":"2026-04-11T00:48:34.478563Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"523db71b96be1f887b139feccd347778","sha1":"aa0c83288ba1a1e1c16b6960409ce26f31326ea5","sha256":"9022213ff961d74fce4aa43000830a736d94e2bcda6f36f1c17359b4905dfdb2","sha512":"ec4d2ad0a11752cd86909f4738869c60f353b8a03f955b0d808fc50e837ca5da64214cfb92315097c6ec835bcefaf798a5ec8b2079935c7da9eb13dbad5ae848","ssdeep":"","tlshash":"bce05b114d5ca4fd855741cfda3047cd9d55548bb4156046735d07cd9f00d671151d95","size":329,"data":"","first_seen":"2026-04-11T00:48:34.480638Z","last_seen":"2026-04-11T00:48:34.480638Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"ec9a25523a8cdb90462349c4a64b66da","sha1":"95a5098581b4f5d8e049230f3a4d7208898e9be0","sha256":"cc7bd8c25552959dcea86a8b03bfc4658a2c427f03b9fd11bf101536064c8c94","sha512":"7257a91a239c9b7a74e60173c035793283b5d0357fe2fee3cd299ff4f6963551ff24ecc4f5b9653f159bf8ece2749112649feaf47d198d09a19a6eae6b02ebcc","ssdeep":"","tlshash":"28e02b2148a8a4fd855741cfc93003cd9da5344bb4117045330d07ce9f10f662151c81","size":329,"data":"","first_seen":"2026-04-11T00:48:34.482014Z","last_seen":"2026-04-11T00:48:34.482014Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"8b81a231325e9d29ebc92fc0a77ebd94","sha1":"fa977c1c07388f57a955af82c7d05dfe70f31e08","sha256":"6950ad7a178592db7d6a5974796b739e4a9eb4a0b144b393005ff7777ac91d34","sha512":"1ea04df35f915ca97359b28b065a0f12e7bd6e240f3807051539b24a2f72fba38a6779e02dcc037fb3e24d8e999571cbe519ed791964c3f88d7be7dedfd09df2","ssdeep":"","tlshash":"31e02b220858a47e905741cfaa3007cf9d51184bb111600d322c0bce9f00e661171d81","size":329,"data":"","first_seen":"2026-04-11T00:48:34.482937Z","last_seen":"2026-04-11T00:48:34.482937Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"db19448b4a5ff8a46ea351a2d27d5741","sha1":"d66191a87f4c8d5013d4ff3bda0002ca4033ac7b","sha256":"2f6e429b0655d9b2f2f33be734d5aaaf0cab7cc4375c588dc12c3f3772e580bf","sha512":"914a33b264eb90d01c49282d0aea6de3cc98aa329b433e82b78f0e5df796d4455f24a77ce7124b2bfbfe07ff4616fd8ee49fa6161870a23e422b0b3f1f87599c","ssdeep":"","tlshash":"a2e05b1149a8a47d9157468f997047cdbd91788bf415b005323d0bce9f00e6e1261d95","size":329,"data":"","first_seen":"2026-04-11T00:48:34.483864Z","last_seen":"2026-04-11T00:48:34.483864Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"37b830a43b7c86d2e27a8b6ba8872faf","sha1":"4a8f7435f6c3f37a89e9de7f4ea860791c63ccfc","sha256":"f4a9d3d363551ccd2de9572436cd069209943b6b8f72264fe2ef9526c4ed17f5","sha512":"ccc1695f7182d58c00edff5a8693daf2a0dd9145d4e49c41ad642d64cd0768a7b21da4592ab2a7c37ee40352851b0979f8e6290fe7e8fbdf1a1ff86415bbbee6","ssdeep":"","tlshash":"08e0951108bcc47e801742cfda3003edbdd2144fb1017081322c074d8f50c7a1151cc0","size":329,"data":"","first_seen":"2026-04-11T00:48:34.48477Z","last_seen":"2026-04-11T00:48:34.48477Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"f79f1fd1d5db2c347e66ff3e45aefb1f","sha1":"d44ab2bfd39b9570f7aafc52968b6462632054c3","sha256":"6baad05958e511e917f7466f4a21fca50cf488eb18bf90f9ebc80d589b96bb20","sha512":"ea2c9d6fe89a934295715a757d5ca31d31505c1dde3eba0f1ab465a62b234db1774b5b095c9eefe892565d1b59855dd47b1b0812ff444544a2cce07291cda5a4","ssdeep":"3072:yCClH/SBvwbU5kjO8lkfpIwBHjPz4JgG3w3bxy:yCCNSxwj3lkfpIuPzGX","tlshash":"d9242ba837d5b0264683b168543f22063236bc2d6488d09cb77bd9e65fb594db03bf78","size":219867,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.574413Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"d81c78541bab4bce2bf9be359840703a","sha1":"5df74ea9b3dee656b0d4d36ed5d036d1fa3b2392","sha256":"5f3cd964ea67a4f691cd16f47d4be530a5993ccf2011c160b0f1f977b6b0df75","sha512":"3af14a75183a0aa6a1cf3947d0ed76ec31b106dfc0cba0798191a3d400dcd8fcfbe7c0bed1f49d28e8a3f970028b281bd9609470a4958a35d7cb33db94c4e827","ssdeep":"","tlshash":"20e05b32096c9c7d922789cf9a7147de9d52140bb4176405325d075d9f00da61165dd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.4857Z","last_seen":"2026-04-11T00:48:34.4857Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"e8cbb4474b1784e197f7f6244ba4d16e","sha1":"0ace4095fdd6f7dd57140ee378a1f3ff0ddf0be2","sha256":"5efd8857ea6b567b9bed28b5c44a8be3665f384fa3f99dc77e68be822b324763","sha512":"833238e8beddc12542eb1f9bc0c1b58e77a6a5f2130246c72a9c2f3ccd323c1f95c67940ed45a85a92b7642726fde8c67e40b94ba67581272203e084ad09a014","ssdeep":"","tlshash":"9ce05e22096d947f801bc18fda3087eead92290bb51ab006761d0b9e9f00c6622a1dd6","size":329,"data":"","first_seen":"2026-04-11T00:48:34.486599Z","last_seen":"2026-04-11T00:48:34.486599Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","size":31169,"data":"","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-04-11T02:58:41.195339Z","times_seen":33883,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"9dc08cee5366760f39e95a4f8a256e93","sha1":"2a7afeb90097281deac65dc5b44c934ca64d88c9","sha256":"e01fb64444c1c04222aac8e838b60ae2c51b87676ea8580c63825bb999a57195","sha512":"a49bec233623573ff5dcb8d098f9953e6ef69b7fa3b804700e4d06eb438393ab1d184434819ac8d37cd92055f191856b4282a26c98e8b3517ee2ba3dc903d85f","ssdeep":"","tlshash":"a0e05e2209a898ff801bc18f9a3047deaea2380bb416a046331d0b8fef50d661261dd6","size":329,"data":"","first_seen":"2026-04-11T00:48:34.487514Z","last_seen":"2026-04-11T00:48:34.487514Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"8ce6a209e7f5a62296f8da7a2030e8d0","sha1":"3aab7425a8fcb215312e8b6ee7fae47a5b99c2b0","sha256":"10fefed11a8c3f99b5828777644acceb07d36c1dbca370d97d10fb6992d514a6","sha512":"e880d089177150ac828e7887623dd79f594fe3bc756827d741e08af0d4ccdb03d091072c35ac6b8894370d4ce2d976be4a38f831e1c13fcbecaa6460c5694b8a","ssdeep":"","tlshash":"dbe05e260d6c987ea017818fda7047deadd6680bb416a016729d0b8e9f04eaa1271d95","size":329,"data":"","first_seen":"2026-04-11T00:48:34.488396Z","last_seen":"2026-04-11T00:48:34.488396Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"35acfb3bb6ec8a7bc2bb4ee2dbd87f77","sha1":"251d1a3152442e59b40e68a001c89aac1a4cd848","sha256":"3b95588188da08465c3244fa5513ade8e568f463a8b92568a998bc49faef5cca","sha512":"afe67af0b5f01a83c06569ad1cbc52be7909bd56e442ab13b2733c7cf94084e169535c0583b31320a70ab47c843e01f49c2cbbf1fa2df0418d8b457cc9244c52","ssdeep":"","tlshash":"cde0a722097c947ec01785cfda3047dead966c4fb516b056321d0b8e9f50c6a1261ed5","size":327,"data":"","first_seen":"2026-04-11T00:48:34.489375Z","last_seen":"2026-04-11T00:48:34.489375Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"073cdc210f3fbb7ad2e7322610579cec","sha1":"44097b9598ffadc3bd0cac8735ad8757e6c2a492","sha256":"9a552cdc6d96c00fdfa015d45eb28754e657a7e957765623aef41fce4c6036b9","sha512":"0d4ab45594577f24067a6492f732fe7f0e5d15f5128b45466b15d7a77a57adfa3f3120f031abde6c352fc7794d9e738c7a18a8e48c3fe916b23cd71bbc896fbb","ssdeep":"","tlshash":"f9e05b21096894bfa01745cf9a3047ddad511c4fb4256016321d574e9f40d661253dd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.490464Z","last_seen":"2026-04-11T00:48:34.490464Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e99f696d439840c7b9b22a462b24d7d","sha1":"ec4a1eae61d33677e199549b1642e860af703077","sha256":"a0562b5a69f4ddb58e43f62fb561cb340a8491f58c985ca921e7d8d3010e1b34","sha512":"c537336cc5776feac562ea4906cab6b263d11aa5d223280230838d564ce4ee039aec78932a2727b9321abc296e23756b5f586d0ecf51ae74545a6864a42810f3","ssdeep":"","tlshash":"4ee05b1609eca47d902741dfda3047dead51344bb5176005321d474e9f00da61151dd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.491331Z","last_seen":"2026-04-11T00:48:34.491331Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"9945bdcd86147f73210697824295ec15","sha1":"8a3965d56540cfcb2dbd2e2659a9ef6b869b9d1b","sha256":"a42d390f54489e726d29fdeb501b89e25a84e886627353da712a688bf5779b2f","sha512":"153aef8488bf96254372c0bddbebe74da74b4309b8deb637a1a63b8f202e07a93c0931ebca37159e954a27bea74f3d0dd01c0e3972168377e5e5d35092d97383","ssdeep":"","tlshash":"c3e05b110969947f9017c58fe93147eded95540bb4156045332d078daf41d661351dd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.492191Z","last_seen":"2026-04-11T00:48:34.492191Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-11T02:09:32.96013Z","times_seen":83296,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/main.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb2b1544c956afd1cf2351b3bad90c68","sha1":"2211051990325a5c1488d95d10a06fe1fc9f0500","sha256":"71fbcc8b37e5c0955d7c48e73ac979522f1667741a1a0543505f057856640393","sha512":"17ab72066a4d6de54ddb3f95faf4ad3d680eb701c3b12426da95855545f8ee184bb3bed8eeb9e1d692469d7d7e1791b16cd1925b1ef334722f953dd89ce3e2bd","ssdeep":"48:CdQv5Zi8eibF9rQB4NrQd0Uzw4CCu/1yK2X6GqlkUuYt+A+p72VXQqKxY86Otl7G:C2lF6mqqxPwKhkH8Vn122zdKYGpzbK0Q","tlshash":"71a11dc9b105917404f33222dbb76548ff9922ab8b565201bd2d5af02fb024be365fec","size":4638,"data":"","first_seen":"2025-07-01T02:08:25.04701Z","last_seen":"2026-04-11T00:48:34.417611Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-11T02:52:01.412861Z","times_seen":104257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"d6c2c8f545e27c665c368a246968c8be","sha1":"f25079d81ecae4eb8411c3d837e81f09a3917d73","sha256":"4abd79c3d38b13803765abc7947a1f7529180f842bbc3d66af351966b4e163f2","sha512":"b6990c341a9547df0256e60c4a07702878f2d66e2fd39f20dc3cc790a1fc659c569520f51ee9be3d3742f5b72ed6d77abed5465d379c95a757ba94fb52f72750","ssdeep":"","tlshash":"e3e02e222c6c88bea01b818faa3007ceade2680bf422a002320d0b8e8f00c671261c81","size":329,"data":"","first_seen":"2026-04-11T00:48:34.494075Z","last_seen":"2026-04-11T00:48:34.494075Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/assets/player.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"92c350574e6ee1c047ac07112cfd84de","sha1":"9f746d0ff574167b6039a263a974f63f60b9a04e","sha256":"22ff157b8298b56b2afee6a550acbea96d707b31235a502965114f1ccb734460","sha512":"8e1d7d8b68ec74c3f06e3b55c3c2cfb0562ef3a142cf26af27ec10ae7b7039354df06ea81c3e69572bc52b899525971ea83c5eb355cabd2d784ac842eec58683","ssdeep":"","tlshash":"49f05c1417be243860132968731f361475740b031028c90af61cf76d8f98d7c65bb0cd","size":478,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.623008Z","times_seen":159,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"2cce3744200dcf9eb1943d974210f817","sha1":"8b9cd30fd3ee0590fc4bb4c2ec8a5d88d4be8feb","sha256":"64dcf884d9fb1e00979256721d0ff595a8cd91c42804d2fcdd31b4c335ee0843","sha512":"b79d894b593cb39db5061efc0b6dbdee7e4a64bcfaa52ea83bbc0f6589e0a8c1a99ec43696131ca830783c253b9b5967d3d668f4a13b87a1d95f48b85a053174","ssdeep":"","tlshash":"16e02b32386c887d8017558fa93007cd9d51380bb4226001320d078eaf00d673151c84","size":329,"data":"","first_seen":"2026-04-11T00:48:34.494904Z","last_seen":"2026-04-11T00:48:34.494904Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"242e1ddd7e58e5cfb3020c0c07f3e598","sha1":"c096c84806627bb5202ca9e3cbf657ad845af7ca","sha256":"937c9b9567c943b3ff00c72c7c087cda59abe3a1ee2f45a1183aa9ad9ab56d2b","sha512":"f7bec1e4570ca99b833818e571980504bc2262d7e5ebf5efa4389559ab6256ab52f0cc345ed7e12c146b5bb34b850479138c1458ffc56a0965dcc725faa4b61c","ssdeep":"","tlshash":"e2e05b1109a8947d9017458fd9314bddbe51144bb416a005321d0b4ddf40daa1152d95","size":328,"data":"","first_seen":"2026-04-11T00:48:34.495659Z","last_seen":"2026-04-11T00:48:34.495659Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"893aac30c86de46b95ba09f2db60bff2","sha1":"2fc86c905f97fbf5b19e0ceaec979416ec6378e5","sha256":"9f70809dac1a9d35348e8e13b5bf9281af45c3a3f39fbb06f16b04979696277e","sha512":"0c74b45eef7130fba53c3c75acca38aea74e04a1212ce3dce627bfdc9cf0b96655b0edd8205615292f93baaf2f2eb0ce7042e1159c6e4cfa3f723e311481cf50","ssdeep":"","tlshash":"44e0a5224a5c9cbdc01741cfdd7047deadd16c5fb515b006325d079d9f50c761251dd5","size":328,"data":"","first_seen":"2026-04-11T00:48:34.496516Z","last_seen":"2026-04-11T00:48:34.496516Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"f20cef8019c18bc979861a8035183b24","sha1":"f9014574db417b1b92db30341c3603bde886940e","sha256":"cfa16e4e362c2749795fe63a26709197b2b8d53006216c9a24c81aad786686df","sha512":"ca453bfc8aee4df40fe52cddb6ca4d8358e5f912a6808676e6b164f800b9d10b206be04fc1b3948364f2874351ce8851dde89b3d831e8447932bcb466ab5d7f7","ssdeep":"","tlshash":"32e05b224a5c987d81174acf9a3047cdadd1540fb4156055b25d075d9f00da61161d95","size":329,"data":"","first_seen":"2026-04-11T00:48:34.497407Z","last_seen":"2026-04-11T00:48:34.497407Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"e49777e9fba5938f5fb4f56c22d420f1","sha1":"c17936a7c33cab4083e05b8769df52a577ee51bb","sha256":"2301460465ffc32afa2cdd3045aa5453bd09a0c336612acc4e77c4f9c3fe6e6f","sha512":"84cc69bf1fbaf893f046094ccb55fed52da571d2b17abc5a3c26681e3bf19a16542b7bf6fe395605b347b9f8898ee94a4bc7cadbbde4ffeaf597c9426cd593d6","ssdeep":"","tlshash":"c5e05e225a5c98fe9017858f9a3097cfadda282fb416b006321d0b8eef00d661262d96","size":329,"data":"","first_seen":"2026-04-11T00:48:34.498263Z","last_seen":"2026-04-11T00:48:34.498263Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"c3491f9bc94c38270b20e75333b088a9","sha1":"9434bd02bae38ece3419fe1878f305c2db4baa76","sha256":"24aa742334676abe551614a39ce14deef356fecf223fce2cd2b7d27d3f99c85e","sha512":"dc6a4356905525f550bd5dc770722f5d77a8219b5ba88e406c39b17d18b7675d4191f21e0706a65fe6457a73a3632025e1e091dbf2f3aae8d1b8baddc4c8d553","ssdeep":"","tlshash":"62e05e224a5898fe8017858f9a3147ceadda3c6bf416a006731d0b8edf00d6a3262d96","size":329,"data":"","first_seen":"2026-04-11T00:48:34.50018Z","last_seen":"2026-04-11T00:48:34.50018Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gogo17.ubyt4z.vip/?refer=stdpk","fqdn":"gogo17.ubyt4z.vip","domain":"ubyt4z.vip","tld":"vip"},"ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"93fcb70c3b5fd620b5519e19b8f040e2","sha1":"b21f45e0df87bcc8031617503fdecd08bf69b8af","sha256":"63398d7b9373c3f9c4ecde2740d072012ab59b3f2cc06cf3cc67017a68586a9a","sha512":"95fb2af93f83eb9e07f97ec063a38070ab27978374400eda4942976a726a316998078a152205d52ea840a0002bf8fc5963ec9bb5bb6797e5fe1a620b61d2d31f","ssdeep":"","tlshash":"0e2132fb422cc1b29ab642dfd51f2324b0231b8f1e58a0554455cc32a6bcf07853a9d1","size":1228,"data":"","first_seen":"2026-04-11T00:48:34.501077Z","last_seen":"2026-04-11T01:22:54.818545Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"1462fe857e015a4d01555d63582873fa","sha1":"975451e8f7cf47ba23cad6033eeeb4728e3f8e51","sha256":"5c621c0c136b8aa515561878899064f1123e19be6b40195b607eeda7e7586fe7","sha512":"0f8fd6d3953b50cf3a346bb95ffe5c3f21280db183b2a113e1dee2175af43c3b0143f07c3ab1a1b4b81816edfcb72150cb7e6ee2a2745daaf3a16c41814e8dc5","ssdeep":"","tlshash":"19e0a7224b5c947e841785dfda3047ceadd22d0fb556b056335e0bce9f00d661261dd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.501995Z","last_seen":"2026-04-11T00:48:34.501995Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"b53510c781ccbead57f6fae9744669dd","sha1":"7c4226f8f5b7b0544aa3b4b45ed849c5d13201da","sha256":"0840f95d642c4a24c10f5ba32a9f6dba2ffc2f568ec3b482edf27c440661fecb","sha512":"56414f96e6f3750d410d17427871c9c42df77a281de70a5b5ef4a61571cb9662e444cbd49854d9dc26763b578a069d8cd8d1e51e8db57a204d901203d8e1ce72","ssdeep":"","tlshash":"94e0951f0b5c847d941f41cfca3007ce9dd2340fb4417452721d174e8f50c661151cc0","size":329,"data":"","first_seen":"2026-04-11T00:48:34.502757Z","last_seen":"2026-04-11T00:48:34.502757Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"96d414ab7ea84076c8f3a785fb8bed20","sha1":"a8281f3e5cca8b4e3abf6b8840a56474f56e318b","sha256":"a2604af824f6ec6c0f52bd8991df0f9e4514f3b9a0438a711c4087f7279df24b","sha512":"e572144d3ccd45b5329727c110036b212ca5d3f212a7b4d8e3618023f210d6b9d1149e9297f789db3f813b2b9bf9ecb9b2955eec00dbf6d2f0c331843f3d3aa5","ssdeep":"","tlshash":"40e02b151a58887e901f41cf893007cd9dd5340bb402600a320c174e8f10ca62251cc1","size":327,"data":"","first_seen":"2026-04-11T00:48:34.503574Z","last_seen":"2026-04-11T00:48:34.503574Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/event/js-sdk-event.min.js?u=3IWDrcHiXwq9j9RH","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"d8b86cb6f6c21e85b9c937dfdb9c2d28","sha1":"b4d1693de341bc8907adf4ce9c92ef81fded922b","sha256":"76321b4c7a653d40fb72e4e2501842d3b12f3bd2822e7d1103054eeff1a6a53c","sha512":"5557b2e594e8fa69722453a399c2b48335a241f01ab22c1ae151a98fa637139372d9105c7d48428d0af31cc9c7d70672fd0ad59f58823963e813d528434e3b1b","ssdeep":"1536:Mm/6jaOdXslehi41GvwsciNxLbxLcBXs1v3kjs+TTk1TVBSYreiMUGsnJ9+Saebb:MmDS8SOZ","tlshash":"3c7309de31c2b07253e7316a106f610bf13a5d556c0e5820f215d999bc78e8b82bbf6e","size":75730,"data":"","first_seen":"2023-04-07T05:45:48Z","last_seen":"2026-04-11T01:22:54.67324Z","times_seen":1549,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/jquery.min.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T02:59:27.912727Z","times_seen":61479,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"92fa18d7c7d54687ace25945d1b7312e","sha1":"3249d383587b0ecb257212380d3e2c3fdb435e06","sha256":"10c2e6bab5b8d17c858cd474286164a7577964b85b76a7743ae4e4562941be02","sha512":"beddbd867755cd2aada411a839c16a0aeebc3aa55c9f7b7bdb5dd3dc6900a9451d2b75b915b3e0250b1664793a32a0fc89f2965a4d7beeaae718938e793b901b","ssdeep":"","tlshash":"1ce05b114ad8947e9027458f9a7047cd9dd17c0bb415b046321d078f9f00da61255dd6","size":329,"data":"","first_seen":"2026-04-11T00:48:34.504526Z","last_seen":"2026-04-11T00:48:34.504526Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/google2/js/min.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"616616275f1743b28038105da6d3c9a0","sha1":"706210636efff6529a781dd3779219bc4ed55130","sha256":"aa5601bfb4e3a4e2a1ea51b41faee5d852e0dec7119768e00d64fa583608aad4","sha512":"5ef146120625d85edee5d83ba7da12b0217e7675d6611055184f23bc27267f5a161f1b70e9afa70d6ca779dbeb0aac5db798a84dc2c4f364423da772353a7018","ssdeep":"3072:CLD7Sh/61K95uZOB9l8tNgCj8evojon4i77YO:CvU595uZOrl80Cj8evZn4i78O","tlshash":"9c34b50eaaf218729153f0384a6f99043276401b6e49ec687d6c81dc5f1d83d76b6bef","size":246274,"data":"","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.663871Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"0d057fb734ae7ed41a643cf781d9ee9f","sha1":"0b350098495f4d537bd5d06274ce7148892ea746","sha256":"21524c9a584b6ed47078e956d0102acaaedda1d6cfdca41e02f517396d2919a3","sha512":"28d36fe5644e4b755df71438a188e191f626564d4f092acda79ae2eae1addda82c54072191bd46aef26ab55e5c4cb33aa62d65b5821c6482e153ee2325fac7fe","ssdeep":"","tlshash":"1ae05e664e5d98be8017868fda3087ceade2284fb816b106721d0b8e9f00d661265d95","size":329,"data":"","first_seen":"2026-04-11T00:48:34.505332Z","last_seen":"2026-04-11T00:48:34.505332Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-11T02:52:01.412861Z","times_seen":104257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"ce16926f90eddb4327c3d513dc48e259","sha1":"a88c749de912b789a85c4c384142556145e8f76a","sha256":"b2a36e81cf41ec6d69f7fbb35d1714394a276517e4d88f8998de81c3cbff6ebe","sha512":"68f7de73a37c32ac9e1e5cba7e9a568b206b72bf3d501576330b422e6f6266445c04d40e87a3d62ebff38cc9ee6f8962f393b15a3dbe15b8ade593bb7e5fd1e0","ssdeep":"","tlshash":"31e05e234a98987ec01b828feab147cfbfd6280fb517e05a721d0b9edf10d661261d95","size":329,"data":"","first_seen":"2026-04-11T00:48:34.506162Z","last_seen":"2026-04-11T00:48:34.506162Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"078c505c20283895f69d1e6243eb4c80","sha1":"de3e3ead610515521ef09141fbefc9638b9c50b5","sha256":"c54d61a4249c15479d7f5a88b54bb514859d05531ee249f096fea895eee294f6","sha512":"6fc291f18f79c034929046624a5bc370f337be386e1a58fde0411f7bc0ad1a529b6777f33a8ae5bc4cbcf5aaccbf9855396f03b1b06c84b9d8af4bed16916efe","ssdeep":"","tlshash":"4de05e264a5894be881781df9a7047ceadd2290bb516a056335d0b8e9f00c661262dd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.506979Z","last_seen":"2026-04-11T00:48:34.506979Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"4dff507cd9cc23e070af9cba707f684d","sha1":"560e58270f8af854e5e17dbbaeedafc7ed515ad8","sha256":"1bf64104e2b1983b5d5fed015958bee7f49364051901c5e5aaf1e7c2903e0e7b","sha512":"614f2cce5dfe5c3a8b3133a43595f32c932943780c0442d75fc5a58af290c84e1d3f8e8b8f73c237ebafc1898b25e2cb2356cbf71f5f2c5c85227b30033e6c6d","ssdeep":"","tlshash":"1be0a7224b9c987e901782dfda3047ceadd2390fb416b046725d0b8e9f50d661262fd5","size":329,"data":"","first_seen":"2026-04-11T00:48:34.508015Z","last_seen":"2026-04-11T00:48:34.508015Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"7623807914eb596cc816a4003fea959f","sha1":"d6dd9b6e7e071fefc1d1acf7c45e120546ce85fa","sha256":"811b1b9270d6ce0bdfc5eff59ca1e5b71a2011fc3192a68f1fd878431443b5b3","sha512":"a61c6bb53e252bd291fb9bfa5146da997352928c349a431fd927482a39d798bb8e25eb83f4476ef6eee4c21637ab6b410e15f972f05ee72cbf25f72a00f7a0eb","ssdeep":"","tlshash":"9e51d90c69e36181916770bd0e9f690ab9358917681ece113d0c51907fd4e2edbfabcd","size":3073,"data":"","first_seen":"2025-02-06T04:35:40.978505Z","last_seen":"2026-04-11T01:22:54.815698Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/maigewan.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"02bdaae1623f0922a12d1544677c57a7","sha1":"86ffb48a34af54cfae86333060efd4c5c38a68c4","sha256":"0353ba95a9f9b861cf9225a68efb90414755718a78f1e190939a70be46ce07d6","sha512":"ddc6b04ecb6c9ddc74376dc05727ee48db344369cbe8668770b4d399f352bbcedbbe55035f4cc6f62b2b7793df99351f807aa1def76633c75d1bf6bbbdc7b56e","ssdeep":"","tlshash":"d32112357ef7603c02364025ad5ed859b0f8e038fb6bce05a56db8105998f8818addd8","size":1254,"data":"","first_seen":"2026-04-11T00:48:34.408612Z","last_seen":"2026-04-11T01:22:54.639111Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/swiper.min2.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb13ef3e875ca3497ede35d3774be9d3","sha1":"ab0743a89d522438c17ae7eaf5943fd4590ee3d0","sha256":"4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083","sha512":"7b9fba1a93c724bc53e1dd4e27e59534430076346ddc73b24fcb71c9b7cb831321a70ffa38797185f7108ee64a18f1fa08cf2b7ccf2dbfc03e767b23187814c5","ssdeep":"1536:eyOkN3TklR3ZIFDJ+Y7n2L5ydUTq0tSQfCBTR:LTX73uTq/","tlshash":"0d93d66eb314f3e295d3214a675ac64122f21706b809dae870b54c4a68bcc5d03bffbd","size":96419,"data":"","first_seen":"2023-03-07T01:17:19Z","last_seen":"2026-04-11T00:48:34.344729Z","times_seen":3079,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"7012203e99093031041fb14241e594ba","sha1":"eb046a5a3802665130181e65f48ad2de0fc9e842","sha256":"2a2009ea6bb82bf3189e15b804739b7c664e3ed60c0bb088784d983f957399e7","sha512":"e8c38e91cc8a2f697ab7f0f3753ddfdd9c79fe4083cbc2606b7a6009bc7e6a45b5faed92d5c037cd79f97433ce34e43542b392878d5d6034e72c299c32ea43af","ssdeep":"","tlshash":"a18000380222200000302a0bec0080282f002ae0300be8c00a0cca82a088002832a000","size":29,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.816642Z","times_seen":3037,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"162a8fe0f03f18c3c6914ebfd37503d6","sha1":"da1618ca84eb142448a800d955635410480849b4","sha256":"52feb8bdb77384d10b2afb42a4dec99cd50a7a7a43230b60188147ec4ca58eb9","sha512":"393d928e92d8c4b95478fcdbba3ffe3b6da073e9d49d07c5074fbd2dfe65a7a88b590d3fc5a7c1e0e8962c9f79b867515c86bbb873f6f0a0232e8d9c10995508","ssdeep":"","tlshash":"9ad05ea572210d7c02f38906221e610a1310850381008b8cb62c44481fe7f9dacf0956","size":233,"data":"","first_seen":"2023-07-18T22:31:48Z","last_seen":"2026-04-11T01:22:54.817321Z","times_seen":93,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"b9222b9573fd4e53ac4872804cebcd0b","sha1":"4642bddd9940d4a490541434656f5a6f073419a3","sha256":"6524ef9c2e98eb60023d5e2e46544b7e1d414e03f7842701e717eb689e6aebdc","sha512":"14920ec820442794f5c61c6b9bc14e5419e07696aba13167518699f3580a87d2168a6943f6a087b268e2e71b42c12826ed9fee0cb24060b773ee5534848c8b96","ssdeep":"","tlshash":"6f9002947110497801e54906511e200916009906c6144bc88034514852a7f9e1cb0556","size":48,"data":"","first_seen":"2023-07-18T22:31:48Z","last_seen":"2026-04-11T01:22:54.817917Z","times_seen":93,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"fc33860f0af94142fc82b91d38f537d7","sha1":"4dbd4d1520b644c02457d7a77636459ca155e8fa","sha256":"292b47d90a35a3d5190cca45516f037f7feab4501b53bec0ff7fb41c28d0b3b2","sha512":"fa1b97d643dad1296169d5199544694ee9d86f95cd039bda7ee4394ca545a99329b3a93355e7a3431357486cb81476efbe600db5e79d5d4dde7a7d0c602b4a51","ssdeep":"","tlshash":"ff60000000030c3303c0030f0300c3003c030000033cc00c0330c0c0c000003333000f","size":13,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.819426Z","times_seen":2919,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/jquery.easing.min.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3eac3c72434a0945b92dd4a01f7b6b4e","sha1":"7767b356530e39cd76ec259320b0b2774b4097a8","sha256":"ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b","sha512":"6a199264a0294c335dde056ea8be534373014e3f2d2f9a76b58574e57c7371fbbafde72fb750348fab5fb9d486055bad792a1344ca8c9636df754d20d9e0cd50","ssdeep":"96:uBm7aaOr8uroJzDV6u3R3zd4j6zp4tSZCHjuwE9nCDTVpWR:p+aOr8ur83V33R3hq6+uwLvy","tlshash":"f1b1108a71f17719539133f011ba205b729dace5260e5804e8b9a9897c7b27c87bbc6c","size":5555,"data":"","first_seen":"2023-03-07T01:07:08Z","last_seen":"2026-04-11T00:48:34.343931Z","times_seen":4961,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gogo17.ubyt4z.vip/index.js?r=7ycjEc","fqdn":"gogo17.ubyt4z.vip","domain":"ubyt4z.vip","tld":"vip"},"ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0224ff86cec6e4e654bdcbfad7dd7c2e","sha1":"6e5ba9a221199f37cef0fca63406ede8752a42a2","sha256":"6e0f7bd7ae5a102b06d8cbcfc73129af74ba139b207fd9ddbe6c0f38aa377ea7","sha512":"be2accd0820598227dc11401e24037ade5dc2517d9622ffc556cc5f5a93c9a6193ec467b9ba65556da1053137f035b5b25a360db7b63d84496dcc72350ac93d7","ssdeep":"","tlshash":"b72175d97095a0e30756f11a012fc12653f1124c3e4f4274eb88b07be9b5d51c867b59","size":1285,"data":"","first_seen":"2026-04-11T00:48:34.313549Z","last_seen":"2026-04-11T01:22:54.473452Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-11T02:52:37.363911Z","times_seen":270034,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"392d8bebc09a9536791334711236398e","sha1":"b49e871fb0938090b5c884230e92347722e10c00","sha256":"1acafa9f973613f45eb61edbb744477774e027f9b8087ce4cfbb4aa8266d4164","sha512":"169265b8cdef615d999d1658aa367fc8da92c785e092b3f3ab1d5869ff51c3226b43aa6500f93189b506d712c9248627cc66fdec1f483210c53a7a9eb4d66ea2","ssdeep":"","tlshash":"5cd04c4d64db550282eb70ac7f6b51193871139b124de9487e4c4de09f6553c1a63f4c","size":210,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.82007Z","times_seen":2724,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"ac5041479a3bca8864f7880c901d94da","sha1":"0a19a317e15dac07c69be644852f0f1237d0128f","sha256":"74172b1372c15dfc3dcee50f3faa2d3e0884e8c55b7064a91c97b8abb87cacf2","sha512":"f63bcd49083a165301c75192f726f44c598dc363bdeac04d36c94929c37f34c69c0baba26c7db7e159c0a774fd41a49dcd2a630a3e6ba2a954d613c36c9cd5cb","ssdeep":"","tlshash":"4a012448a4d6259666f3307a0e2b5f0d342b40938806ce58b92c7ce02fe4986a57f7bd","size":813,"data":"","first_seen":"2025-02-06T04:35:40.989046Z","last_seen":"2026-04-11T01:22:54.820582Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"626da8a618573408775e3b10cb3825f7","sha1":"7a7c3e0764875b47b22bcf627b348bdce85a84b0","sha256":"8f2e8df35193becf1e462c60cb854570a12145d4d5ab77072490edaebbe5ed55","sha512":"bfb35f3dc50ca72e044e92c8a90edc9bdc531294f48bde6db280ed19e0361ede577ef374c890527777971331739203349ec7aec4bdb323d6d5d5d79e3f502c63","ssdeep":"","tlshash":"03d0970f2c001d782fa902ba103ee68cf062210ca0d3c51284cde4429e30eee482a6cc","size":241,"data":"","first_seen":"2024-08-29T17:43:56.147676Z","last_seen":"2026-04-11T01:22:54.821205Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"9665b2f3511c0432add70986b661c242","sha1":"273984b40b43029f065df792c0adfd71ec8d2651","sha256":"1ef80b5f3b78f48c2538743bc9e3742a23c3b0694b7831a8ffb78ab0bc77ace3","sha512":"27b1db8556ecd7272fe6bb842704724ef9428b43953854985bab50d0026a21f8fa2c1e81d78349725783b51b550fd2e8ea9825a0d6ef2be932f3862d0cff6930","ssdeep":"","tlshash":"53d0a91f2dfb8621b0bb32080f3b96803563405a4029ee2ef98c21a68f09800e02e1a6","size":228,"data":"","first_seen":"2025-02-06T04:35:40.993053Z","last_seen":"2026-04-11T01:22:54.821853Z","times_seen":68,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"978ad2326e4b27e9e8eea65bf25c6203","sha1":"74c2a6012519db00dda69456f8f50e2a381c5507","sha256":"7f345953fc994d698fe998e3c4147b0668192adb3e1249d47d63966f342f1e87","sha512":"1aaca66ff6aff9935ba6ac07d713e3093d89171df30cc32f62e746b5fb30840ce799348f25d252d52e5e318ee16d3d62b35230d0fb3b4f786a598ae847c62fd5","ssdeep":"","tlshash":"47e0ab2998e706384cf63a441039ca3930f83ca0aaa3d017525cc86ccd39fc50c00aec","size":424,"data":"","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.822467Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d8792486f6835258c2b913eda4d3740","sha1":"662a453c2ab62fabb9b47962cf1ec447a1bd284c","sha256":"ddc2dbc09ffd56f6e6fdf94b3a9c513ccca8fa4f89840b0133b2ca0ae79ccc1a","sha512":"014d6bdf705a731e63bb90036505201c8853f5a360e796aea5c0192d0c33c07befc04027e9de60337f590f5c558e6248f3daccf13fff37431c666c01d0da7e81","ssdeep":"","tlshash":"0ae02b391977061165a6212e37eb13aa31f100532028d68bb46cc75a7ff4e2d562aa88","size":400,"data":"","first_seen":"2024-08-29T17:43:56.150681Z","last_seen":"2026-04-11T01:22:54.823064Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"78ac2aa5ccc29c90a345c90aab40b442","sha1":"cac604932faa4add2955602b41de8a8bff362ebd","sha256":"53db339b0b80637f13dfc63813d7366c899cebe0db896602886ece619163d82e","sha512":"5c76abfa8f4091277643f4dad57c37d9eb71d33c9691f0e85bc82ac5f303d4e3da4937cbc2354e4d5c5d0022746d7c06f975f209067df2cefa55bd3827d892a7","ssdeep":"","tlshash":"31b01242d0575c0e0170c236ec485418474d4a7d9fa708010dc6ab5c0c99f1405e549c","size":103,"data":"","first_seen":"2023-03-07T01:06:53Z","last_seen":"2026-04-11T02:04:27.208171Z","times_seen":11291,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bcff1a8e7a2b6bd2867aa8567dddf43e","sha1":"0074268d454c84654038a5637295d323922a2800","sha256":"53acacc8744a764dc6da079adbfa88034895e6c4b762b5fd829e97506d36b1ed","sha512":"ae69b280cc98a3426dbc4394ec5e10cdfe8aa196e3fd5b8686d6d638f78cda2f8eb3b6d566c732c052b89024754a4f9bb037c06caa7ef0b70b1fadfcbf4f11cd","ssdeep":"","tlshash":"eda024350473f034d4150d1034c355cf7305c41043504d0d5f333d70c03c00150710d0","size":75,"data":"","first_seen":"2024-12-01T01:09:32.769051Z","last_seen":"2026-04-11T01:22:54.825238Z","times_seen":974,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"374ff9457908b59bd93f3cabab31d8a7","sha1":"a2ebbbe5cae2c2833ca869397ed833ba31a9c6b9","sha256":"5486d8649f3c21c69012528522270f1d016c2fb56b6e090077a2501af48975cf","sha512":"9a0038c79b917a648fa99656872a057c1adb42e901a510bf4c274d839ae5d9d1e9d9a386b0f86a1152c6eed4aefb5dea6af7aace401b0fab9db2e4cee99aa4ae","ssdeep":"","tlshash":"83b01270c45af474d132f0429540cb8f26b8510af7bb5f0d453879e2908e5482cfd6c5","size":99,"data":"","first_seen":"2023-03-11T16:14:26Z","last_seen":"2026-04-11T01:38:58.077656Z","times_seen":2663,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b5be51c94343df3edfcf472ad82b5cd1","sha1":"4d6244087b36e310217bed165ddd64398b1feeb1","sha256":"12d910da4666e1a2f0a834204072bc27e2a13facaaba33afd4bf81e54ce59ed9","sha512":"dee197cf9f5526fbd2b44f56ed0bb906657c7a916385cc53a1eefa51b7467f1f2936c1e827aa7bf9c33c1617c1e599783a46a63c69cba9b06f29936ed1bb9545","ssdeep":"","tlshash":"04b09bfb6505641d4a1480a4a0451484510555cdf7549915d9b43526251843514e128c","size":118,"data":"","first_seen":"2026-04-11T00:48:34.518835Z","last_seen":"2026-04-11T00:48:34.518835Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a3a0b592b9c285e050805307cee87c2","sha1":"125a168e24b2bd38aadb84cbb5f87f316b073c41","sha256":"aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23","sha512":"4097f05a9ce819914160aeba71fa11524f6b291a39b7c948509d756318b600934f1d195980df66bc7731e327979135bfcbe0e9ff3758d779a72481ed623cd3a5","ssdeep":"","tlshash":"a34000000000000000000000003000000000c000000000000000000000c0000cc00000","size":6,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-11T02:16:33.574322Z","times_seen":230184,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2850112522.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2850112522.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e9664855885c213-LAX\r\nContent-Length: 225972\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:51 GMT\r\nEtag: \"69d6e9db-372b4\"\r\nExpires: Sat, 09 May 2026 03:23:22 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:51 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HwN5IkfMlpReaVadiZ7lETX%2FvKZsqD3xtx8Bm%2FXBNGlweLZwtckf6I9rNqRE7sAI4t8YueWi57To%2B5Yzf54Rg%2F%2Fb11ane%2B60BNmLoWpYYQ8BCphnLbJJs7W994x%2FgzTXGCv8\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":225972,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"45343d704af1b286102e1a6c0bf56319","sha1":"d6829e78787ab6edfd505e580162d7ff1b9f6c3a","sha256":"5fa6d37f76d542d3be92caa866310df72ef950d76eae67f7836a10f5d5212851","sha512":"7182a452c22202d33d750d43cada469b80814eb35519de03dbac22ea0c8ff016a97bd061a655a4c1acf4701c4211757beec859fc0fd84ce015155fe070ff8502","ssdeep":"6144:eELRrh9IoRsrzakmsNmkb0qUJXRfXReGZ+DPlnc:/LlhaoCrz7msNd5UFRvReGYlnc","tlshash":"952413a0f4421d3ade794460d48716e44357cdcb73ac7cf48b81aab4ee8e2c5b52227d","first_seen":"2026-04-11T00:48:34.259557Z","last_seen":"2026-04-11T01:22:54.693887Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3159,"timings":{"blocked":2920,"dns":0,"connect":0,"send":0,"wait":233,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2285446730.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2285446730.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86cfb0e9e1-LAX\r\nContent-Length: 432475\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:45:52 GMT\r\nEtag: \"69d5969b-6995b\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:45:53 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vuXUIC6xdxt9DueYHZJdFP%2FnSWZSiQD9bNjKgHHHrGtry68dWzgqQOPWMOjKLIZIxz9DDTq%2F%2Fw%2F0Ysix11zRXEbN8H9L8Msz%2Bcl3DwSrKk3qnhOMUfwwkw7EHwSAFXgLlb6k\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":432475,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"7993407a66bcd7a47678323dd67d880e","sha1":"9a0d134dd879cee6384a3ea55694ae97c9edbde5","sha256":"b947603d022d6e69a69cb974fcdf6090d55665761000d213db7ae984cb3b28ed","sha512":"1f5894f311818af4262eb99d9a793a15e5e4039bfbf56d675833a6fe0381b7ea6054bd9b430ff1782664f3cb9a8e64486a4d4427f8e34d270e595bed91bb9843","ssdeep":"6144:vf9AqW8JbChGymS52nry6sBiMcr2oSP7KvIclJrYrrakS1sG1D5iDa0665KtOjeG:vFAqHpX+BiMcr4ziKraf9WKcePY9X","tlshash":"9994230323a06f6b5b34187a31db3bbc1a613655c9ec657d884344668fe12b725c8fea","first_seen":"2026-04-11T00:48:34.26335Z","last_seen":"2026-04-11T01:22:54.618778Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4233,"timings":{"blocked":3985,"dns":0,"connect":0,"send":0,"wait":236,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/css/7.10.5/mirages.min.css","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.5/mirages.min.css HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAge: 21667\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: HIT\r\nCf-Ray: 9ea50a33da9c83d9-LAX\r\nContent-Encoding: gzip\r\nContent-Type: text/css\r\nDate: Fri, 10 Apr 2026 22:03:08 GMT\r\nEtag: W/\"66002863-2f216\"\r\nExpires: Sat, 11 Apr 2026 04:02:01 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:03:09 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M3B%2BFOY7scsivuzsDvN%2FJgPiXZQ8tzzoMM5xSNVhnBZynO1l8Z2p0AfdY1%2BxVIJvQ6ngqhR7pnG3c%2FiU8Cpw%2BD9e1nS9Xr%2F1ePVwwMt2JO6IaUwKqPCwQUeIGc1vXmnF3bb6\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":193046,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1228), with CRLF line terminators","md5":"e985cbde64d3927dd111c3e453dffd67","sha1":"9565d8ecf7b02138f14d33a8532a9db8ad1ddb4a","sha256":"a0c1f861f8cfea8f5b75219c7f34b200e41df59d81171fad085fd13e3d871944","sha512":"e56de7add653f32a949c9fe449eb2d2c091e7884d132222025e1d78415430c3c552e42beb0b73238f8031649cc7ead2751784b52a3ecc9021bdea0cc56e80fbf","ssdeep":"3072:K4bDZ4hDsu73zpFNAP6U10goBl4fVBl4fNHLvt8CGu8T50Qu5U0QS/:ApFN80goBl4fVBl4f9Lvt8CGu8T50Qu9","tlshash":"d414427c954511d46333cb1aafc4b6481e3cf225fd412eadf13726d8dac2b9a2292b4d","first_seen":"2024-08-19T18:51:49.225332Z","last_seen":"2026-04-11T01:22:54.553323Z","times_seen":81,"resource_available":false,"data":null}},"time_used":1593,"timings":{"blocked":457,"dns":1,"connect":224,"send":0,"wait":225,"receive":451,"ssl":232},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/3005870178.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/3005870178.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e5cec170ec92b61-LAX\r\nContent-Length: 195811\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 23:08:04 GMT\r\nEtag: \"69cd4d7e-2fce3\"\r\nExpires: Sat, 02 May 2026 03:59:40 GMT\r\nLast-Modified: Fri, 10 Apr 2026 23:08:06 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LtvBJpIh%2FPM83dtXkKaZX0xK1RaTury1dJTxP5DkC0BRhId1ETjnD9IXwuTgnP0nTx2WUj5C3bQyXflwd%2FDTp9DkGBX5NFKOrSYxdQeVR3PSaF0u6iajCid%2Bj8BXUOz7e9WX\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":195811,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"06c7ce206d6fbe3cda577db3526c2161","sha1":"6b2c361b46c9d0dd437aecc33fcc4b6be0dfb75a","sha256":"3f0b7b37b8e113c069725014aad9d595bd5d27770e4cb9dde7f27b20e749aaa9","sha512":"ce5314d6f187b8d17fd06b9706a9ee80a9bc82f5d1aa99067cde8b5cae9491e2ae9e07b85ec9dcabad24c302238be72e6144f87523a2d0b846aa8048d74b2352","ssdeep":"3072:vkqV7o5EJbLDOgsV3qy0s2QKJy4X2/0pg/a5ZAEEnsJgRLG2EX6GfjKabA3W2ygb:vkqjJbLDpECs2tJxULSczAgF5EbKIA3J","tlshash":"dd142354c5dab7f8c6a912f911a80110befc15f9d6dd1e203ef8221a6b1dc3fc45678a","first_seen":"2026-04-11T00:48:34.269014Z","last_seen":"2026-04-11T01:22:54.575282Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1302,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":238,"receive":961,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/48387.html","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /48387.html HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With , X-Device-Id , Content-Type, Accept, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\nAccess-Control-Allow-Origin: *\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: 9ea550c2dd695730-LAX\r\nContent-Encoding: gzip\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Fri, 10 Apr 2026 22:51:18 GMT\r\nETag: \"1775861479\"\r\nLast-Modified: Fri, 10 Apr 2026 22:51:19 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6E5T35qMxxyBBZ6Rh5RtXuVpCPfYS53%2BKOZHtGI86XPCytb%2B8h0DSYCx1QR9%2Fsd8JW%2BJh4KRbTlmvKHnz95U1nbrP8Mtt5wRVPmfJrah7FVH6tzCFvX%2BiRqp3aQEWdsDL5h0\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: PHP/8.0.28\r\nContent-Length: 124\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.0.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":118,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JSON text data","md5":"95c452d46a6aa6b7b30e67cda06a5f57","sha1":"35d677159b4cf8ece16b104aa40d6c60277a29f5","sha256":"163d6830321c30ab55c277e622e8c4f9c6b1af9bce2a03676309c143145635ca","sha512":"8bf3fcac2d126cc61bb007483d69c76f08568a7fb58770b55c54f73aa489734f28d8f384ea5e9972ba8b59c962d03f83934327a8b05d8974186175c77682eee1","ssdeep":"","tlshash":"5ab0223c0acaa802a2a8ae82800308088a0020a2c080800abec08fc8808808a3a0ee8c","first_seen":"2026-04-11T00:48:34.271612Z","last_seen":"2026-04-11T00:48:34.271612Z","times_seen":1,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":225,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/2.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/2.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-41641\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":267841,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"64007f83b93eec7766d0346f6f73e92b","sha1":"cdf93f0eae9c30ad8ef72140bab407ba6d40de20","sha256":"d8924aceddead36d467bb89129de9565a9364a0f8bf416783941fcf892035919","sha512":"be57d97debd0245f388e3b9db71074f5ca8bd389e16d694932632fad58d848ba3a37b09b5e13a79297f516bc807232d5a45b351b49b9e18f2683d495e3bf8649","ssdeep":"6144:OsMyHfRyanwFdKFn21SqQQPwumCB6z2WhqYY31dosCqI/by1:OsNJpwF22Aeeic2WhqNosCqI/+","tlshash":"d2442345159ad5b41582e2364297c3d210a3d07a71c47e0fc39c7a4c6fb2e3ebf27a9a","first_seen":"2026-04-11T00:48:34.272847Z","last_seen":"2026-04-11T00:48:34.272847Z","times_seen":1,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/549044510.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/549044510.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7779c4ecbfdbc6-LAX\r\nContent-Length: 225813\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:05:25 GMT\r\nEtag: \"69d1c1e4-37215\"\r\nExpires: Tue, 05 May 2026 09:20:13 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QPTT24wn%2FP6yQ0y2G1I91LjrVkj4q6Jh4NAGXNCY81zgUFLh6wueLMflQvNoxn8ciR2otsuU1whnQaREeS3sWORf9ES9q2qPaGjHJZowQcBlZPint6LmpoP%2ByGXpJQTWS2%2BT\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":225813,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"81dc6a4bc0b883547b0e28720042c5eb","sha1":"71673a6198db682980e2a22ba8a18c893e0c3d92","sha256":"6df764f5acac40a5cc69f095f95093769c2c75c60f557f86fc7ca8247915a253","sha512":"3403fd0a3e15f6cc77009c301085f024de71749316a29b5c21eb6f29761507a65799af79d03fbc3be20730640416a9bb5e4571d759542cd3780222d638364c1e","ssdeep":"6144:i6inytn9ovN5uKq5ZZE2a8j8sy7E0ZNv8kvC/:Ayt9oloKAqej8s503v8r","tlshash":"f12423727622bbb440151ff42b5755a94287ff258feabc0c32171dc776fe9a0660e824","first_seen":"2026-04-11T00:48:34.274607Z","last_seen":"2026-04-11T01:22:54.57688Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1031,"timings":{"blocked":788,"dns":0,"connect":0,"send":0,"wait":236,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1636383305.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1636383305.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff5e832ae3-LAX\r\nContent-Length: 544910\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:48:50 GMT\r\nEtag: \"69d83c1b-8508e\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:48:51 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FSyXA9j%2F6MuYaHH6KtmA9wazyiVX9jfP0MjOnhH1KgUD5fGcR2Ri5cge55sb36rqNwxk3Rjvs1Z8VTO%2BAqAWFZ1fdEhv73DpmMcuzRjxMUdNva9xn%2BjYEiUEzG85P4%2B03%2FTs\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":544910,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"f013eff19d36bf28182dee93980a77d4","sha1":"c34571ebcef4b6c3e6eaf8b2ea1ded97b8ff82b9","sha256":"3d4106647fa7f371bf01ef58481daabd8cb12c3e87decf4b82ec8fbfe90da579","sha512":"7207ed8657f53fda8b854a4f6cf7ebf3ba1e149475f1e535cabb812a5e481a064868e477980b60f18484b2cf1f2a74559acfdb87b2f5e0dd53b064909389b7f8","ssdeep":"12288:5oZpU8pM0Er/pVOpN6eKaq1Bv03d//NX1TipsoG0gcDrHXAGUYJ2r:GZpUWupQ2BY/nXoocDrHwns2r","tlshash":"bcc4239401f96481f389cd3d645e684c2de51b1cfbabd069c9e9aed2eb8ac0177f4702","first_seen":"2026-04-11T00:48:34.27618Z","last_seen":"2026-04-11T01:22:54.489204Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2271,"timings":{"blocked":1585,"dns":0,"connect":0,"send":0,"wait":225,"receive":461,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/34221979.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/34221979.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e96648bbc1dcc16-LAX\r\nContent-Length: 775628\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:40:03 GMT\r\nEtag: \"69d6eaeb-bd5cc\"\r\nExpires: Sat, 09 May 2026 03:23:22 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:40:08 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PYLSMdTnA8eCqMIYVt%2FHOkUysJAK8%2B3dY6zRmkPLM6SSLU5G%2FStgZrIh20RmZ8ETBrg1aQ4tVXbr7BbpPPofrAJxO7VB6l871jUygomqZwysJlfq6WGUhr3TUSaAGA%2FP%2F4WT\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":775628,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"fbfcf5ad76f7a519d47854ee73800c1c","sha1":"23f9a63b5ced9cc3ca8b875ae59e67b707a2584c","sha256":"53a75273debd2dcecd622738b3e7f789c719ea75071bfc4d8d96654ae4709f2b","sha512":"c7d96e1a4f60bd96393988f2a022e362e6863e24278c3859c55377a17c9f74d06dfdc64b3356b9a9f4cf020f4f09311ad7bd8ae38dbf51bb6091c83f9db07615","ssdeep":"12288:KF2mk77Fr+So3cJ/DKBgPI3DIKeGcW+y80L4I7ftHHEhqYBLx1LJ+x9Fuf1ifa60:42mORrwm/hPI3ubA3hxHEh/2tufwfjta","tlshash":"daf433985c2e7bb7d27cb7e779c822475dd2bdc9ca9ef42a1a0416701250d1eb8b00ed","first_seen":"2026-04-11T00:48:34.277512Z","last_seen":"2026-04-11T01:22:54.652134Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3152,"timings":{"blocked":2646,"dns":0,"connect":0,"send":0,"wait":238,"receive":268,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1335691973.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1335691973.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e96648a0c4e531e-LAX\r\nContent-Length: 421623\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:51 GMT\r\nEtag: \"69d6e992-66ef7\"\r\nExpires: Sat, 09 May 2026 03:23:23 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:52 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a%2Fs8c5Bh4%2Fr%2BwMO%2BKTj0l2u7zfmjBy2avf4rgMC5IA4CNEPXAHQEUjFAxAVSEsz61o33eErYVJjTMlO5JKw3KZOYVRW1Xb7rhxH%2BziTJWWE8rE67cQAYz3V2yh5mL%2FksaoXa\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":421623,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"68c380cd74dbaeb5037898dc624b0a79","sha1":"00d3d1b79faf48fa39ddf1478da2e4b61de4e399","sha256":"5644a14bcf270ceb0b8b2e71433828e150ce9a6e223f70858fdf6e200cb1db69","sha512":"96d628ac5f9e55adaf26ba5d15c5f35b4db4c186e00366d052330b8d525d80db0d609d3ca03d2dc4134a0521b9ac13b901396ce302910e13b23d2801503eb0ab","ssdeep":"12288:4MJeD3pUjTlP5oVfsvxNPKy/c82+xGMYPvVNG:4fUB5oCPj/H2+x6dw","tlshash":"b8942357ed51108f9a571240f7e32293af1623edbcab362dc12464c7e4ec5aec3865a8","first_seen":"2026-04-11T00:48:34.279144Z","last_seen":"2026-04-11T01:22:54.668832Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3315,"timings":{"blocked":3062,"dns":0,"connect":0,"send":0,"wait":236,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T00:47:41.724Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T02:55:44.128416Z","times_seen":13603936,"resource_available":true,"data":null}},"time_used":507,"timings":{"blocked":0,"dns":45,"connect":225,"send":0,"wait":0,"receive":0,"ssl":235},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/jquery.qrcode.min.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/js/jquery.qrcode.min.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-36ab\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13995,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (544)","md5":"05f0b1d7d4b9b0b4975870606d650e3c","sha1":"f424bd339870510d1160d1c5da5d698aedbb452e","sha256":"f4ccf02b69092819ac24575c717a080c3b6c6d6161f1b8d82bf0bb523075032d","sha512":"34551c0e59b857e6b6b233d7ee04442178024858daf5c1ed28f38bd738fa4219c4d2f718ebde4c3837a1aa46866132f22f6c317bfc2daf8678f52bea5ead7651","ssdeep":"384:ILEsd9QYYAA1TRjjrlqgbHH/sgDZUnEbBIg4:wIFbVg","tlshash":"b452c8d1f39142b7b1466cd9681f289e98e8a4a3ac14955cbfb8c0e2e674fd16478f30","first_seen":"2023-03-07T01:15:08Z","last_seen":"2026-04-11T00:48:34.281279Z","times_seen":3638,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/more_icon.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/more_icon.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 993\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\netag: \"698ac7a0-3e1\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":993,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 11 x 9, 8-bit/color RGBA, non-interlaced","md5":"706d86fafb4b582cc9f9da91c614f2be","sha1":"4a15f4b512151ceef881237453525be46aaf7913","sha256":"857684b075a34745b1e2301c3163502c7af88c7c73f186c4b8decc439c7ad092","sha512":"8b3c85e01ffa67b6617001de79e75d6979123dcbf2e928ad635516348d67c9506aba5773d92c69b19f2bf8029bbcdc7b4445b662b5351e5f09c8e1008cb8fb75","ssdeep":"","tlshash":"0611610abb52b840a7dce9e128e58033aa13054099e0e0b5becbcc678da83b505089cb","first_seen":"2025-07-01T02:08:25.034315Z","last_seen":"2026-04-11T00:48:34.282075Z","times_seen":6,"resource_available":false,"data":null}},"time_used":581,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":580,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:29:28 GMT","end":"Mon, 18 May 2026 15:29:15 GMT"},"fingerprint":{"sha1":"8B:A9:51:50:78:B2:5E:75:31:54:23:BC:80:D6:CA:53:34:E5:CD:8F","sha256":"AF:D9:FB:4F:B0:E1:BD:80:DF:22:93:A7:4A:99:5B:50:0A:BE:47:59:37:98:C6:BF:C5:DF:8D:8F:F0:8D:FD:23"}}},"request":{"raw":"GET /beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ftgy.drvhg2at.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 00:47:50 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2026.2.0\"\r\nlast-modified: Thu, 19 Feb 2026 17:45:24 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9ea5fb732d575696-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31169,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31169), with no line terminators","md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-04-11T02:58:41.195339Z","times_seen":33883,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?ce95a5f143b18a92f5e2abde1ce8f8f6","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?ce95a5f143b18a92f5e2abde1ce8f8f6 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11288\r\nContent-Type: application/javascript\r\nDate: Sat, 11 Apr 2026 00:47:46 GMT\r\nEtag: 8b47764d35a3c6fd27095765eb8090d7\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=5C0CE7D781C29B7D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29894,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (618)","md5":"110e6071bd4bb5a22ac3c635a7f381a4","sha1":"0ca7ed7e56511fc464674c94e899659b155d28d1","sha256":"a9ac246be9a17c9e3b7694dc2bdcce6601d776c29d6f7126677f3e4739fabc79","sha512":"911756b7264ac5f017482befe520be54294ab563add70653ff270fc780eca1610bd3b506445d9f23d76b5dbdb5e6769615a4c275967612bdaff2d336b3199688","ssdeep":"384:PsJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:Ps4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"18d2d9a9b282713293a324a5153f324ef07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-04-11T00:48:34.283751Z","last_seen":"2026-04-11T00:48:34.283751Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1950,"timings":{"blocked":808,"dns":1,"connect":266,"send":0,"wait":331,"receive":1,"ssl":540},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/assets/player.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/player.js HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: REVALIDATED\r\nCf-Ray: 9ea50d56cdb7cc16-LAX\r\nContent-Length: 478\r\nContent-Type: application/javascript\r\nDate: Fri, 10 Apr 2026 22:05:17 GMT\r\nEtag: \"66f6be08-1de\"\r\nExpires: Sat, 11 Apr 2026 10:05:17 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CVmQv3OBA6XID14RWDRJ22QGk0iwz80aaaBiDU8Of3gcdZ3Wc0erlVifoQIA%2Fy5sBTb2%2BxJOibJsxlv0k6peVlgq8ELe0FUr9jpI76HhlgKm6mqbV%2BGanZwaY8caSrGxR41V\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":478,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"92c350574e6ee1c047ac07112cfd84de","sha1":"9f746d0ff574167b6039a263a974f63f60b9a04e","sha256":"22ff157b8298b56b2afee6a550acbea96d707b31235a502965114f1ccb734460","sha512":"8e1d7d8b68ec74c3f06e3b55c3c2cfb0562ef3a142cf26af27ec10ae7b7039354df06ea81c3e69572bc52b899525971ea83c5eb355cabd2d784ac842eec58683","ssdeep":"","tlshash":"49f05c1417be243860132968731f361475740b031028c90af61cf76d8f98d7c65bb0cd","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.623008Z","times_seen":159,"resource_available":true,"data":null}},"time_used":767,"timings":{"blocked":528,"dns":0,"connect":0,"send":0,"wait":239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=14400\r\nCf-Cache-Status: REVALIDATED\r\nCf-Ray: 9ea506443b769a4f-LAX\r\nContent-Length: 16644\r\nContent-Type: font/woff2\r\nDate: Fri, 10 Apr 2026 22:00:27 GMT\r\nEtag: \"65fd5697-4104\"\r\nLast-Modified: Fri, 10 Apr 2026 22:00:27 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0kbbXIBVXcjmoOzr2M4qbpJFOWjcCUzsnONNEbpD0%2FuQHhllI27roJaZgK0K4BK%2B3yLwpvdoDtP9xfSqL9opA4gjmdnrpLt7eKwRoNrmftuJ5wPfQJWyNILAJh0wSoV9ZYml\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-04-11T02:06:21.310451Z","times_seen":22796,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":239,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/3198029255.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/3198029255.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff6b732f4a-LAX\r\nContent-Length: 560025\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:13 GMT\r\nEtag: \"69d83ade-88b99\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:14 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=r8dCWCGkxpm0DSOrimKZkR1%2FPJMNwwE4kpmuffDMmUL4CYpPLvhbh4k%2BSjf8EXdYU9r1fNVKR0ZqPlN9IWecUkM9hhCmju4DmRBlEIs16xENCDmLjxDkNtdi574NXl5cMbP0\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":560025,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"cb84b37d2e570ddc704eb7c1a87eb210","sha1":"78c08d0cdee133a151a62ab218d3bc78857cab97","sha256":"ec27978a3fdbf5a2ca0a2513822d44fc8f4665ff63d4d63cad3971d7236f0359","sha512":"66ddf8723be99246f55487e19ce4166f98639465a282fd82ce442c00d9baf2d0f170b714e697477d31ef83fbc169ce81021df46bb6690765d4e3e7d6b5b4c951","ssdeep":"12288:WTFvWQ94smCrZUvs/l9raI/5YmEf6cLtSpD97zZaR4QxXH:AhFHZU+lj/5T66cZ09XZa9","tlshash":"65c4235a583cf75ed51e86c1634af82d70c0161d206ef8c0796f6ee2eb2e60b1ee2517","first_seen":"2026-04-11T00:48:34.288416Z","last_seen":"2026-04-11T01:22:54.555182Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2484,"timings":{"blocked":2240,"dns":0,"connect":0,"send":0,"wait":225,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea50a33ef041bcd-LAX\r\nContent-Encoding: gzip\r\nContent-Type: application/javascript\r\nDate: Fri, 10 Apr 2026 22:03:08 GMT\r\nEtag: W/\"65fd56a0-14e4a\"\r\nExpires: Sat, 11 Apr 2026 10:03:08 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:03:09 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BonoeNWuBHnSIMwCNXi%2BSV9HVmX4cab4CW6nsG0TC6Z8sUkDIzcGuaN2T%2Btkey9mNT1Lm89m6KWrTmddDUCNdgVTQ%2BeOexrmLDzQWnFhBZAjs0U9eye4YYSzH5WtWErhY%2B0h\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-11T02:52:37.363911Z","times_seen":270034,"resource_available":true,"data":null}},"time_used":1466,"timings":{"blocked":493,"dns":1,"connect":245,"send":0,"wait":236,"receive":238,"ssl":240},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/images/bottom/cg_av.png","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/images/bottom/cg_av.png HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e72c2ae6fc30f27-LAX\r\nContent-Length: 2692\r\nContent-Type: image/png\r\nDate: Fri, 10 Apr 2026 22:51:15 GMT\r\nEtag: \"6669825d-a84\"\r\nExpires: Mon, 04 May 2026 19:36:11 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:15 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JuLSA6xEP4fcC8%2FCyNh7taIkV9IXLuOoIWpq9u6KNDae2HIKgX4f4IZCyuS%2BfWulVJ0U4lNpehS74y7t5gfnOBKOoN2lDabn3AXwojqS86ZG3V3ELsHaPIzki0%2BGXniU1VWh\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2692,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced","md5":"86c93216eb3e6713c2834eecec73a920","sha1":"cce5c80a870b86ad6983cfda9be7471aa1fd2b93","sha256":"c61bcd4d64ead4204a69ccb7e2e7fa7c4a06f4e1aba9cdea490051c51d1f9b9f","sha512":"4f5da4cf151884f3d5cba9c029a83c0d79fc6009c76a9c1b20fa1cbe3fdd6318b2a0c1af0fd972fcd549cbdf7030992b7460b14c132f33a53f4b65b9da58d3e5","ssdeep":"","tlshash":"f7512b417dc57334a005367b5b7d0d13ae7b38c644f542ab66894e22491ca666a012f5","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.535609Z","times_seen":86,"resource_available":false,"data":null}},"time_used":6301,"timings":{"blocked":6062,"dns":0,"connect":0,"send":0,"wait":238,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T00:47:42.673Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T02:55:44.128416Z","times_seen":13603936,"resource_available":true,"data":null}},"time_used":435,"timings":{"blocked":435,"dns":0,"connect":271,"send":0,"wait":0,"receive":0,"ssl":280},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/swiper.min.css","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/css/swiper.min.css HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-4b47\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19271,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1467), with CRLF line terminators","md5":"01070191b9e1e9d627c0948dc0244068","sha1":"e2d424f9612464f9b21bee50947fd4df87590972","sha256":"d1fb70a9cf249a3c6eecc0523a95987f4fb5c3542e59ec94a792b5eb2932698b","sha512":"c2133a971904ec2024da544660f3b6685f56c7c1238d315a4506554438b98f42fbda030644255dad6b01d01bba9eca8d92427cebf92bc8ead5c9626f1abd3c4f","ssdeep":"384:mP+EkJO9pbqgMi372dsBYcBdo2S9YwosIGZ1P:M+EkJO9pbqgMi372dslBdo2S9YwosIGn","tlshash":"b482931c1710204ae7314f6c4bf9a7389b58c8e35e0394ef7251de48cbbb5a8726f666","first_seen":"2025-07-01T02:08:25.045569Z","last_seen":"2026-04-11T00:48:34.293109Z","times_seen":5,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/logo.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-6733\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26419,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x211, components 3","md5":"beebccc43474e37aa56284c075fe1d18","sha1":"2be19f8af0c7ec23bbe3380001e4faaed125bccb","sha256":"1d40dcbbb2d03729931b7eb219a02eb181ed0b0527dfd92d0a5d55d4f8ede002","sha512":"76f935ac9a3098e5ce358e1d20a7a0e464466e1c9a39bff0eb31f78df808e4468b63c0880bda94ce15da1412644bf72338d2dfc23f1b3cf185e00f263dab8e24","ssdeep":"768:QLPyRd3lcMtHXZXpV4kK+/mcx/CP4ZNxYhD0UE:KkbXl4i/mcxKPQNmhD0J","tlshash":"73c2e15594647c82f3f5623d5c9be84f9c03187e8a7bfba3e4c293643a80692710195f","first_seen":"2026-04-11T00:48:34.294739Z","last_seen":"2026-04-11T00:48:34.294739Z","times_seen":1,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":430,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/google2/js/min.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /google2/js/min.js HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAge: 21666\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: HIT\r\nCf-Ray: 9ea50a31ef8d0f27-LAX\r\nContent-Encoding: gzip\r\nContent-Type: application/javascript\r\nDate: Fri, 10 Apr 2026 22:03:08 GMT\r\nEtag: W/\"65fd9561-3c202\"\r\nExpires: Sat, 11 Apr 2026 04:02:01 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:03:08 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=li64Xe613rvNdCCE1GP%2BkkkcbIT773BgVP28PBtcxxf2XeXmmKAQEktla2%2FotjPOGRja%2F9hCtQ7G7zJLBGnUrOVMK6ghHYB1QQf1X06uxCPB5TFxYTCXtghUzyBHR6%2Ffvx8N\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":246274,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (978)","md5":"616616275f1743b28038105da6d3c9a0","sha1":"706210636efff6529a781dd3779219bc4ed55130","sha256":"aa5601bfb4e3a4e2a1ea51b41faee5d852e0dec7119768e00d64fa583608aad4","sha512":"5ef146120625d85edee5d83ba7da12b0217e7675d6611055184f23bc27267f5a161f1b70e9afa70d6ca779dbeb0aac5db798a84dc2c4f364423da772353a7018","ssdeep":"3072:CLD7Sh/61K95uZOB9l8tNgCj8evojon4i77YO:CvU595uZOrl80Cj8evZn4i78O","tlshash":"9c34b50eaaf218729153f0384a6f99043276401b6e49ec687d6c81dc5f1d83d76b6bef","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.663871Z","times_seen":87,"resource_available":true,"data":null}},"time_used":1263,"timings":{"blocked":304,"dns":0,"connect":0,"send":0,"wait":238,"receive":480,"ssl":241},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1916809182.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1916809182.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff5d39f7df-LAX\r\nContent-Length: 505383\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:13 GMT\r\nEtag: \"69d83c71-7b627\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:14 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tVgEhNNCeyUQGYxq9FocX7FoIRxfVBHs0spVW2TELVWLkAfyrPkiH2db%2FlLCvmwj63G2oqvyQM%2Fo9LpTawgj1aDxjlXkpBUXQg75cd3xnpLgnbrvRXerPX1gkJGM9r2z1v1%2F\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":505383,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"76f4554d48840ba9ac56d7096687bbc0","sha1":"feb82c96967b7b5eafe6163bb69ce7ecdc1baaf0","sha256":"c1ce55bbcc2d339edd8661c2129d71633e9e983951e09bedb7af3f2f6858098f","sha512":"713f36ec1a3bf824b4932eb5d3974d0ab1e99da8d6ab5deecdd5578591a76eb6b614a986256561cdb596458aca54502db0f37db046007ac723fe1329d6c4bc9c","ssdeep":"12288:+LN2EuFnCjS4aDaUDRsdStDEEF2foWk1fmP03vJ8XXpQx+XZh:BniSPTDwSKEF2pQ/fuH2QZh","tlshash":"ccb423d18d1d16c1092f357f8067d6aba20a32fb812173fb41825fc0eb65d2754ead9b","first_seen":"2026-04-11T00:48:34.297708Z","last_seen":"2026-04-11T01:22:54.615666Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2888,"timings":{"blocked":1467,"dns":0,"connect":0,"send":0,"wait":236,"receive":1185,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/icon1.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/icon1.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/common.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-de4\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3556,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 133 x 29, 8-bit/color RGBA, non-interlaced","md5":"714ec0e13240f894456490577aba56d2","sha1":"23eae12b5cc8d92a751c62696135c952c8e4d9a4","sha256":"0c3bc497da2d6d091839d77ee2272338e6fa7b154eeaaf523182143a70396325","sha512":"75c42bec238bed4800c78da8d7d5b670307039c1339c1ea5103384c8884646e2792e6d5dd5e21325dfd24fcecaa1eb5c8928d157dbfd9f304f75c345f5769e2b","ssdeep":"","tlshash":"c8712bfa348e9007b568586278f9942a58cb58007584f2feb9ded63b1c3a374121c1ee","first_seen":"2025-07-01T02:08:25.030519Z","last_seen":"2026-04-11T00:48:34.29916Z","times_seen":5,"resource_available":false,"data":null}},"time_used":594,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":594,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/resources/common/images/yes.png?r=59300984","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gogo17.ubyt4z.vip/?refer=stdpk","date":"2026-04-11T00:47:48.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/resources/common/images/yes.png?r=59300984 HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gogo17.ubyt4z.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea5fb6da8167b5d-LAX\r\nContent-Length: 2759\r\nContent-Type: image/png\r\nDate: Sat, 11 Apr 2026 00:47:49 GMT\r\nEtag: \"66717b9f-ac7\"\r\nExpires: Mon, 11 May 2026 00:47:49 GMT\r\nLast-Modified: Tue, 18 Jun 2024 12:20:47 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=67YwhkbPc5yHSjqZJ9D6u13FfiQHlgL%2BH8TKI5C9VeHHMogHV9eQKiqdgr93kDt%2FasKpQHfoUQ5E2rUYeuZVY%2FVPmpLcUihX2nPPfkEBUn8kv7LcsGFtW9q58IVUFskSXmmJ\"}]}\r\nServer: nginx\r\nX-Cache: UPDATING\r\nX-Proxy-Cache: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T02:55:44.128416Z","times_seen":13603936,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1276058951.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1276058951.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e777e691b533393-LAX\r\nContent-Length: 170989\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:05:24 GMT\r\nEtag: \"69d1c5a0-29bed\"\r\nExpires: Tue, 05 May 2026 09:23:23 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7dO4G4rtJFTUyhieYMA%2FpOygjgI1f94UyhWgxNFEC4l6E2dYnyY1CZtpQ1nmy14G%2Fnk7ANzuBVrP3juEfMDEKM3tJ9Z7TMPp2uYeTjZb8y0RvUjXdzl9ucXRJ0iBTalZvmts\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":170989,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"e93a60d4d356da4d58970312c4645327","sha1":"54e3676977af704b3e11c94d15e2a3e32bed21ee","sha256":"3c05263adf77c23eaa1ed29a0093b937178cd50ff078aa91fa3a362e0f7180df","sha512":"12f1aa5ad9a6d580bbe305e1440f862f6083670979fc1c8d4356499bb5fac5ef85a7b9773b0df58846bc0e501dc030f024c757a57314fcff8d98f172ce29e5b1","ssdeep":"3072:oBcL49vZ40m+QzOuDmI56m/ZIWJatTk35Gep0znIPBEul0zZgX0Fkb+PK+p:oBc8H4vlDN56GPatTk35gILlBcfPH","tlshash":"95f3122adcd0178428b1306c69d631e4e55b992ec59da9f4630fc3a2739c5f12afbd38","first_seen":"2026-04-11T00:48:34.300432Z","last_seen":"2026-04-11T01:22:54.650021Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1193,"timings":{"blocked":739,"dns":0,"connect":0,"send":0,"wait":226,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1954003336.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1954003336.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff5d14170b-LAX\r\nContent-Length: 454236\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:14 GMT\r\nEtag: \"69d83b38-6ee5c\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:15 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eqdUwMMbCq3v7wynhdnQVdsyZm8ZWQZfchXhbDWP6UVx0QcK8l18k9B7dndxb8lU%2BORuEyE3hYb0ZvvabJ6m%2FqH3A9mDWnONjl4UXNNPDZO1bkQRTBItQzxPAbsUmZld3CKV\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":454236,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"d81325117071417a84cbafcd5e6d0bff","sha1":"a5ebbcf94679bed5a5e3730a79dbf9b8563f1776","sha256":"2f6cb755b4995d1f9edc4a54f8a186ac1c953cf0ef6e281c7502e4f59dd208e3","sha512":"d37526bb2369885d5b5b3274707a83256ccddcfa4612533e870488b498d2fd4a9c398ab322236cfef5054819ef0dcc4972b25cf3ef3dbe9d50e927c034ca2ebe","ssdeep":"12288:LmLtas0WxLGs6vlgCFAO62T7aOYhZj7W8rJ:LYasV/ANeEKhZfW81","tlshash":"00a4231d30e02bb743632c5eb45ad805099587e76a2595b83be9fcb2c1aed85dfd3034","first_seen":"2026-04-11T00:48:34.301745Z","last_seen":"2026-04-11T01:22:54.6294Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2656,"timings":{"blocked":2172,"dns":0,"connect":0,"send":0,"wait":238,"receive":246,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/tongji.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/tongji.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: text/html\r\ncontent-length: 479\r\netag: \"69b689ba-1df\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":479,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"57dd7bfa6c07bfe5eeada45d4bdd78ec","sha1":"395c6ad5c3ae0e8ea47281f5007c369551b32ad7","sha256":"c870990950ca5802e260be6786d1e6a148b1acdfeed4fa9bb6acce744488c0b5","sha512":"c455d00381bde372d6016e7b01eb8682dcbc2fbb032ef522f01f0ea1cd85abeb962aeb8de621b49b138b614b14285686a2c432b4214630f23fda2ed19bf4b9d6","ssdeep":"","tlshash":"27f0dc93d243040e220c45702fb2702450877ddbcb9a0d028897e1bfccd5a698363bad","first_seen":"2023-04-28T05:56:14Z","last_seen":"2026-04-11T01:22:54.538668Z","times_seen":3010,"resource_available":true,"data":null}},"time_used":612,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":611,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:49.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gogo17.ubyt4z.vip/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccess-Control-Allow-Headers: Origin, X-Requested-With , X-Device-Id , Content-Type, Accept, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\nAccess-Control-Allow-Origin: *\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: 9ea5f704ad0b889a-LAX\r\nContent-Encoding: gzip\r\nContent-Type: text/html; charset=UTF-8\r\nDate: Sat, 11 Apr 2026 00:44:49 GMT\r\nETag: \"1775868289\"\r\nLast-Modified: Sat, 11 Apr 2026 00:44:49 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i%2B%2FI%2BPelaGO07EWYijBGKymKyP3P4Wx8szQMqPFwXdmOee2XhlFiZ%2B8X5bURDYQ211aGdguytJ9WitrPWX8OgIEzsPjyUDVq3k4D5Psw0dIV%2BmzLgMzmssFjHEJyXDIiiefK\"}]}\r\nServer: nginx\r\nServer-Timing: cfEdge;dur=6,cfOrigin;dur=493\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nX-Powered-By: PHP/8.0.28\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.0.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Gravatar","description":"Gravatar is a service for providing globally unique avatars.","website":"https://gravatar.com","common_platform_enumeration":"","icon":"Gravatar.png","categories":["Miscellaneous"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":174416,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2008), with CRLF, LF line terminators","md5":"6679c4215724519f94b64f0853460ce7","sha1":"8ba2da1f612c53ca8de67723261b97372eb269b7","sha256":"d116baa100d59836af839b08681c73efdd7459edb5ebce96996bb91cad0f647b","sha512":"61a1b89be4ff9b2d1f7cfc23f8a58cee5d9618e714b5c609f4f950f3e9f97c2d280a5a2ef8ee30a7f00ec69d469fe576dd9f0d2946bb469b47c6379cf25f2e3d","ssdeep":"1536:BQgd1E7bTmRRHa+c5S1u3o1unoI0qu5pFunogH5u3Ueu5Tau377u3IQu572unIro:BQdbCH9RIWgAUVjsA2y","tlshash":"fd04866298e104358153b0a5d5b1bf4afe418107c92add50b7ac8bdabfc2d6396f378c","first_seen":"2026-04-11T00:48:34.303785Z","last_seen":"2026-04-11T00:48:34.303785Z","times_seen":1,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":236,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/759078131.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/759078131.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff2959481d-LAX\r\nContent-Length: 584231\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:13 GMT\r\nEtag: \"69d83d54-8ea27\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:16 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=smsz4ZOuSbUrEhbJg8CVfG9HIS3DupOVMWDW%2BrPhwyglQPuSrcDgNZ%2FxnLorvtCr8H3rQZGaN3HFy0lEHFtI6ihX5%2B%2BYHigWUbt%2B8SwITlBOQcAnWIS%2F3zF7ScXcK%2F%2Fbik%2B2\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":584231,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"af8d87a5f2a8538672bfde2d9f3c355d","sha1":"aaa86b9458241246b5811ebaadcbdd753ba41dfb","sha256":"57a3caa13e599a03806b7656da83dc767c4545f1598c7f4ef0d9f62ee16f8c3a","sha512":"b075996bd33cfd928491cf3bc19756a892f38c6ff84d8464173c5b35f2b7e799478786fde7d62d6fd9aee057878db8d81dbffe2feec2f8327717060cb71e2e4b","ssdeep":"12288:dStdiFL/8NYsqPx0JbEPEgq9BSUvJ/9+F925TUmpzYLS:dei68AyEzDSUv9oH2lbuS","tlshash":"afc4235c48c97234b3389a3912ebe46f212d85a29cbe687991f170828fcf3557541efe","first_seen":"2026-04-11T00:48:34.305216Z","last_seen":"2026-04-11T01:22:54.542529Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1651,"timings":{"blocked":1174,"dns":0,"connect":0,"send":0,"wait":229,"receive":248,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/96425888.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/96425888.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86cbabb82e-LAX\r\nContent-Length: 525944\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:12:12 GMT\r\nEtag: \"69d596e2-80678\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:12:13 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N6%2BCfTKy5doa7FOuoYSCYl4IsC3Zz5p9P52J1XMNtr%2Fto9mLrcPK8bG9bm6Gy3bd1fHN2Ng5NiMSMK6Tf7TiQ2glj5iBnGX9pkwH4AWKU9gvIGBU509JDOPMivWBYwVe0Xff\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525944,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"2ceb3a380249c8453632f5922c13ff62","sha1":"9c8975cdca628163a5aa8f857cfeb2893c7961b3","sha256":"b638ffbee8682dd27abd4942ccb5c97c601f5b4cae6518751eef7b9eaed98542","sha512":"6ed428c73ee2a0e92fba8837e82127cf61769c97f0fcf77ba32de4568003d4e71984d47e445b91e80b7c6b09d5a2581f87e711f7fcb5c4c2b07a0bb4eb2d0b6d","ssdeep":"12288:L/JBpWN0Gutr6eMt0Bvbsk8zZBiaodbjx72wsuySr6gZech:L/ECGcmeCkv1ciaovb79rvB","tlshash":"84b423f2c807779a305411e521aae0dd373fde976fe94c8c64c2864bc30ee745a61ea9","first_seen":"2026-04-11T00:48:34.307016Z","last_seen":"2026-04-11T01:22:54.507437Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3989,"timings":{"blocked":3733,"dns":0,"connect":0,"send":0,"wait":236,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"stdpk.17cgdl.vip/","fqdn":"stdpk.17cgdl.vip","domain":"17cgdl.vip","tld":"vip"},"ip":{"addr":"172.67.130.212","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:46.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"17cgdl.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 15 Mar 2026 21:28:59 GMT","end":"Sat, 13 Jun 2026 22:27:23 GMT"},"fingerprint":{"sha1":"77:95:6E:C9:73:E4:C3:D7:C8:D1:43:CE:22:7E:F8:31:05:72:E2:D4","sha256":"7C:30:32:50:A1:0D:6C:F5:26:BB:2F:19:4B:E4:BD:31:F4:97:E4:09:CB:AB:8E:9F:55:9E:90:49:A9:66:DB:A4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: stdpk.17cgdl.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://rtnsgs4q39p1vh.kfrse64990.top/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sat, 11 Apr 2026 00:47:47 GMT\r\ncontent-length: 0\r\nlocation: https://gogo17.ubyt4z.vip?refer=stdpk\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: disvistor=8158ec7a-344c-4fec-a492-79d995526713; expires=Sat, 18 Apr 2026 12:47:47 GMT; path=/; samesite=strict; httponly\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m55UqLgw2VGf8l%2FaYXjMqHBAj569eyTkc%2BRY9dhBVxyuMdbqUSxiPxHNTUHLR8iesiXtwkAzzBjUKyCVUbGtzaTHYlSsFsKbYLGjTux4eU7BGAowW7%2FPr2KfcyFulnx%2FYA%3D%3D\"}]}\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-ray: 9ea5fb5c7a4456af-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1742,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T02:55:44.128416Z","times_seen":13603936,"resource_available":true,"data":null}},"time_used":948,"timings":{"blocked":45,"dns":27,"connect":1,"send":0,"wait":855,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/assets/DPlayer.min.js?v2","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.js?v2 HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: REVALIDATED\r\nCf-Ray: 9ea50d54ab885a75-LAX\r\nContent-Encoding: gzip\r\nContent-Type: application/javascript\r\nDate: Fri, 10 Apr 2026 22:05:16 GMT\r\nEtag: W/\"66f6be08-275d2\"\r\nExpires: Sat, 11 Apr 2026 10:05:16 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:17 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b5QdRcsZJEd9k4MtOePIjKveP2ViDCn5yopIrwYfLpTfolablDfr5QsX3Wd4DDFX7xfi%2Bz6kC3K4dCAiNvhuhHwcUTQHv6l09FG4U7tXugIO7bbR8DCAWFtDBodRaXvc44fI\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":161234,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5bb63026b360044089dd358de915798b","sha1":"da044d75af8eb325dd106bfb16853639a023d1a9","sha256":"8da0b14d55cea5beaafd7158373a7ae56149ecbca87aba7d3ea761c07cd58a41","sha512":"5ba32793b1ea13321e1810e29ab5f4e74c6976a615f206ceb54635a787751a7ec12aa707cfa64e66a3f07c99d89f9d5b516d6e8a54a28c92c9c264a83f63c93d","ssdeep":"1536:z+J45mB2BeDaJgotYr/hizxdUDr5+GslH7ukBbeLwVm2VBXl3PQ6DkbilY6G2wcQ:m4IBvI7ukBbeU13zcvF3","tlshash":"06f3f85522947131029366e4c58ba70c3235a326e9028b5ef13efacd8fadc8d2577f76","first_seen":"2024-01-03T10:49:01Z","last_seen":"2026-04-11T01:22:54.700254Z","times_seen":198,"resource_available":true,"data":null}},"time_used":1224,"timings":{"blocked":503,"dns":0,"connect":0,"send":0,"wait":245,"receive":476,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1012490730.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1012490730.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff4fee5d5c-LAX\r\nContent-Length: 493737\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:12 GMT\r\nEtag: \"69d83d08-788a9\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:13 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=khjSvWp8WE4cEv9NAwFO%2F526yClJCvUfbasPg5FX%2BrhUKrpYQ8LaN6109uer50gpQnmIfHNK1mwcH3xhxJx8AOaFb8r390WznsA9MsmUbcmBt%2BxPLkt%2FDr6FDPTRyHBVO2JA\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":493737,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"4b13330f90b9d6917108c29cac056ed6","sha1":"3cef93a9c7ccc3259d36f5c61966cdd2736aa788","sha256":"865873282193b251de743ef2e1de35f94d0d356c8bdc8efe44d6effc80079155","sha512":"b35ec94953752251db9cfab318faa2f6ae2886388e6385aad90f49b1c29cd021d60d6101106b336c3f1b8938fd5db0895cc221fa453d080fe8ed4bfdd437d393","ssdeep":"12288:qEPcBeMB4Lo4Va3sZQCUyA8kpXsLMMZABzUc:dPccMBoV/eR8koyBzUc","tlshash":"e5b42314fd65b4bfe07a153282a3c1a8f14c56fcc10db269c0c746f6a7864edaa46c9f","first_seen":"2026-04-11T00:48:34.308965Z","last_seen":"2026-04-11T01:22:54.583171Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1966,"timings":{"blocked":1221,"dns":0,"connect":0,"send":0,"wait":252,"receive":493,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1037420900.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1037420900.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff8a3b1e08-LAX\r\nContent-Length: 606423\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:15 GMT\r\nEtag: \"69d83a97-940d7\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:15 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1PHN1eafY00q0pjiHsfRuxkpeP4oCXenQ%2FiW3g4OTughd%2BsZz%2FB6CWTpYh9Rb1Qy%2FD7A1Xwpn7oyxGjDv97uCsnqRV0zVDL7jXkryE91pGvlyDAF6%2BRuMge4YtrDhPDaizOb\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":606423,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"dd6c1d750abb0bf07be2d67978bf5170","sha1":"3b67dfb985c941c2ef5c8d39928245408674a3b3","sha256":"1f611cb6976685abd131cc5fff716c2f1f597b52e8583a9a45fbca9510327cdc","sha512":"adcc0d0e0ca055fab1030c4c72eec424d3233e490d3689cf37e2c405eceaf7e8a39305c3848b5ee8b0737072a8e3192f49a5ce93c85637c6fc4ca45d88834d81","ssdeep":"12288:HZ2N0WVrAlH6lwxBSYOkqYKTAfF6fbGK5qwI:5OclH6loBUYKTq68wI","tlshash":"24d433d42986be55cb5acc76bc0625d9a113332ba7d9334a02b2a53dd9473e60cbf133","first_seen":"2026-04-11T00:48:34.310106Z","last_seen":"2026-04-11T01:22:54.565094Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2947,"timings":{"blocked":2483,"dns":0,"connect":0,"send":0,"wait":225,"receive":239,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/common.css","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/css/common.css HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-5118\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20760,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"47f942d99969dd56e64d135eb3b14c4f","sha1":"e3e573405656c31a723e73dcf7d752bd52c40351","sha256":"26fcc98e40e435ad22a423ed55bb6f6f5b8d3e6a8c787f05238aa55b6bec9517","sha512":"6659808ecfde21a1591bab8c08833e08600e3b167e5adefc4e162b5273b869abb2d321c1e61c4e6d1a9b6207826587719f53345f91a2678eae0b2f2ab46d1168","ssdeep":"384:+JdHvZ+ViJ3JsnJ1O+hXS6RkpRn3b54JPjVSYQvbR3hiYIIdR3cYNeD0A:+JdHvZ+EJ3JsnJ1O+hXxkpR3bWJPjAYD","tlshash":"609242ad5a54314c7307abb8f3f15f246f2c80a1fe0b016db6966a2a858b55c2f733c4","first_seen":"2025-10-23T23:52:36.334209Z","last_seen":"2026-04-11T00:48:34.311332Z","times_seen":2,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/case_icon.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/case_icon.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-81a\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 53 x 53, 8-bit/color RGBA, non-interlaced","md5":"07adca3b7fb3c29aa6c7e2fce7ac7a71","sha1":"ad67cb197d23608d3ccd927c86635e769978624b","sha256":"15737ff98ccd92dbe0f367a7355f633d9b19490d4964242fcfa448ba51f2d14b","sha512":"11c47fa76ef09aaa97e9a94d396549192360f7648b6e864a13d462d420b62154f9ce2f6a3ae1e28ee30cc67ebcbc3e058bf12f728185622c15e0086b4d706f6b","ssdeep":"","tlshash":"fb412ac5a890add0bb8884d224ff8423542146816dd470a36e9ecc552d600fbcee88ef","first_seen":"2025-07-01T02:08:25.013834Z","last_seen":"2026-04-11T00:48:34.31278Z","times_seen":6,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":587,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gogo17.ubyt4z.vip/index.js?r=7ycjEc","fqdn":"gogo17.ubyt4z.vip","domain":"ubyt4z.vip","tld":"vip"},"ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gogo17.ubyt4z.vip/?refer=stdpk","date":"2026-04-11T00:47:48.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ubyt4z.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Apr 2026 05:00:16 GMT","end":"Fri, 03 Jul 2026 05:57:40 GMT"},"fingerprint":{"sha1":"93:34:72:E2:A3:2C:D4:CC:4A:E3:A6:1F:04:09:FA:4D:EC:BF:B6:5C","sha256":"BA:3F:A3:8B:51:93:67:61:0B:5D:F4:3C:70:8B:CF:A0:42:06:F5:61:03:65:8E:0B:89:2B:A0:CB:00:D7:2A:1B"}}},"request":{"raw":"GET /index.js?r=7ycjEc HTTP/1.1\r\nHost: gogo17.ubyt4z.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gogo17.ubyt4z.vip/?refer=stdpk\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Apr 2026 00:47:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlast-modified: Sat, 11 Apr 2026 00:47:48 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PHP/8.0.28\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, X-Requested-With , X-Device-Id , Content-Type, Accept, Authorization\r\naccess-control-allow-methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vbRFgrcTTIeaoSxDqzfsWQLDSR3dTVn3ud3Ht8lNsnwQa75KHwS4XsFjSb016GMZiAMCXlppPJbK4qs0Re9%2F3INS1wLUXjAk2O%2FqZaay52dfj%2FPB8R13ROj3Jgxv9YqD429A\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\ncf-ray: 9ea5fb65eaf3b517-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.0.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1285,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1285), with no line terminators","md5":"0224ff86cec6e4e654bdcbfad7dd7c2e","sha1":"6e5ba9a221199f37cef0fca63406ede8752a42a2","sha256":"6e0f7bd7ae5a102b06d8cbcfc73129af74ba139b207fd9ddbe6c0f38aa377ea7","sha512":"be2accd0820598227dc11401e24037ade5dc2517d9622ffc556cc5f5a93c9a6193ec467b9ba65556da1053137f035b5b25a360db7b63d84496dcc72350ac93d7","ssdeep":"","tlshash":"b72175d97095a0e30756f11a012fc12653f1124c3e4f4274eb88b07be9b5d51c867b59","first_seen":"2026-04-11T00:48:34.313549Z","last_seen":"2026-04-11T01:22:54.473452Z","times_seen":2,"resource_available":true,"data":null}},"time_used":477,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":475,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2896482466.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2896482466.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e96648c6a181418-LAX\r\nContent-Length: 143906\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:50 GMT\r\nEtag: \"69d6eaa0-23222\"\r\nExpires: Sat, 09 May 2026 03:23:23 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:50 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z4SlI9zkilVp840CiU4gP2yN9mwDH%2FzacGn7ldWWUepPXfansFX%2FGadMmdi7p%2B4ERN0yGiXwS953C8kUX%2FyjihgPh8bcUzh5nwOpo%2BabgRg43txkoabMKMBJELCBPkOkMCVf\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":143906,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"653e5c81c8d35d9f5dd588ca5b928584","sha1":"a65f7699916c0d3e61171dc3fbe8ee4184743ede","sha256":"56e2bfc5cee6e73bf56297bc7a23606bb9f2c2d0db207f51bfcab4e4f2d72b7b","sha512":"a88d2f3d6017ee9ba43458934b0999a7b3376d5e55db2fccee2d75c7244d60e11982885c31b8706426d150d0dada224b8ef9d1bffc11e6c064d4bb7605da16a5","ssdeep":"3072:iV/aqXi9axkFNi/sXTMuO5wD8OZGsAYaeXv7tTSPr2lcw0gSCJKOk:YbXUCkFNi/sX33ZDaeRTfEg/cP","tlshash":"cae31337ed77cf7ad07d20b8795a454e18c60228ba46b783c42fdd1fea6c4062f98256","first_seen":"2026-04-11T00:48:34.314897Z","last_seen":"2026-04-11T01:22:54.513414Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2918,"timings":{"blocked":2679,"dns":0,"connect":0,"send":0,"wait":235,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1253998292.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.571Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1253998292.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86cf8ccba6-LAX\r\nContent-Length: 600217\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:49:58 GMT\r\nEtag: \"69d595fc-92899\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:49:59 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6ci2XBDBWR9eELkHfDqcF2Ib8l1WrTLARinOiUB9En5BwGJ30Cr2sI4X3ody5TqLfkz8oFaQPrSXjl141zsgBnKr%2FhD49tBUMHywz%2F3f3%2FESZ3aeOZfWiM42bP4ZLy25g2t6\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":600217,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"89c406bbffcb645c562bbfa1b0d3f015","sha1":"3f38b25c41637563816c5c51ebf8689ba2371683","sha256":"be7d1ac5319f017f4a8d03024423fe3df8da6418efca97ed81e72c1f1afcfa65","sha512":"4d747c7ff913d8dfe0044cadb549d9ced09c2da28f55e4d329d2c4568250419dcfc57c90186efa6dc0d3278823117bbc0d23e99537a1318e3234e06933e0691c","ssdeep":"12288:ME8P0Pk4bQYuyBqAMy5K8/eujwHJbrOg/gnIjEc0:MX+CyBPMEKOHjQb/qI41","tlshash":"05d423ded9d34091cb0d0e1e5ce4b35e15498a85a2d9120e0f7eca20bd9c49bc4eb7be","first_seen":"2026-04-11T00:48:34.316418Z","last_seen":"2026-04-11T01:22:54.620402Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4712,"timings":{"blocked":4222,"dns":0,"connect":0,"send":0,"wait":236,"receive":254,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/favicon.ico","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:48.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nCookie: Hm_lvt_ce95a5f143b18a92f5e2abde1ce8f8f6=1775868467; Hm_lpvt_ce95a5f143b18a92f5e2abde1ce8f8f6=1775868467; HMACCOUNT=5C0CE7D781C29B7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:48:02 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 26419\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\netag: \"698ac7a0-6733\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26419,"size_decoded":0,"mime_type":"image/x-icon","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 300x211, components 3","md5":"beebccc43474e37aa56284c075fe1d18","sha1":"2be19f8af0c7ec23bbe3380001e4faaed125bccb","sha256":"1d40dcbbb2d03729931b7eb219a02eb181ed0b0527dfd92d0a5d55d4f8ede002","sha512":"76f935ac9a3098e5ce358e1d20a7a0e464466e1c9a39bff0eb31f78df808e4468b63c0880bda94ce15da1412644bf72338d2dfc23f1b3cf185e00f263dab8e24","ssdeep":"768:QLPyRd3lcMtHXZXpV4kK+/mcx/CP4ZNxYhD0UE:KkbXl4i/mcxKPQNmhD0J","tlshash":"73c2e15594647c82f3f5623d5c9be84f9c03187e8a7bfba3e4c293643a80692710195f","first_seen":"2026-04-11T00:48:34.294739Z","last_seen":"2026-04-11T00:48:34.294739Z","times_seen":1,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":430,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/4072133414.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/4072133414.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e5cf4c60b062b9d-LAX\r\nContent-Length: 166953\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 23:19:25 GMT\r\nEtag: \"69cd4e9a-28c29\"\r\nExpires: Sat, 02 May 2026 04:05:36 GMT\r\nLast-Modified: Fri, 10 Apr 2026 23:19:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yHHEEyap0UOR%2By0Im6A0hhIVtrTtuLhLn%2Bblk02%2FtrvEnEhxQPQAt442dSnj7i1hZPzA5H22cJtu%2ByPFrrTmA9iHd8yEpXGAS75nE7tClz%2FtMrf8f0Eg846kntRpfU5dW1g7\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":166953,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"4547bd9ef56d441c07f3cb67e75ffcf4","sha1":"4548ac5be9b304e838b7647514b10684952b8c6f","sha256":"94c00ed45d790edfd9b74fcec41f6cca67f0b696537ff3be7ec524a756db6ba2","sha512":"7a6c26b753233e682d1c1d435bc106a6d4501f77f354ccf657fcd2ff6950dad4afe77e77bc952dc402eb571029c6151ba91ba6de661eb08fdcb012e831171936","ssdeep":"3072:jsk9pf5SkUHoEi3F+WmF4b1ySSM/vR/pqi3HLDLaFIxjY49F5Fu:VLf5S/oEPv0yqphnDAIrbM","tlshash":"23f31297c396c2f83e4517285439b22e9b0b56d8b5fd009fa937997074a8f03722c6ed","first_seen":"2026-04-11T00:48:34.318019Z","last_seen":"2026-04-11T01:22:54.665241Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1200,"timings":{"blocked":963,"dns":0,"connect":0,"send":0,"wait":229,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/1.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/1.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-241ae\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":147886,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"1b3b983043538a4cb4b0fcccfde0e461","sha1":"e48e1a6ce1e5d546e270b8e6665f30c3e1519e06","sha256":"3c6a47433e87a2a9ac76c310cd3cf963d702d4aa8141ea2c8954ec1498dd7575","sha512":"3c81f868811823ae0863d5f71239b38b4a0a2779dff848201ad21fe4eecec664e68e314cc99f8381054d10d2a251c4d8ad761ca3926ee30c647f1232186f5105","ssdeep":"3072:ZoNglcOfl9HF0GPzsnLvCd//1CjbnSxNarpOs8dB1hJ87hq8:wOcwl9lnyLKddCj7S8OsqBzy7b","tlshash":"fee31213112521cad2c337e295d84af2b71e8f2c73d4eb9a92840d55db065e92fc3ae3","first_seen":"2026-04-11T00:48:34.319754Z","last_seen":"2026-04-11T00:48:34.319754Z","times_seen":1,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/jquery.min.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.585Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/js/jquery.min.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-169d5\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-11T02:59:27.912727Z","times_seen":61479,"resource_available":true,"data":null}},"time_used":610,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":610,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2025/02/535087907.gif","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:57.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2025/02/535087907.gif HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e80675b7e1ed498-LAX\r\nContent-Length: 139853\r\nContent-Type: image/gif\r\nDate: Fri, 10 Apr 2026 23:11:50 GMT\r\nEtag: \"67aedb5d-2224d\"\r\nExpires: Wed, 06 May 2026 11:20:31 GMT\r\nLast-Modified: Fri, 10 Apr 2026 23:11:50 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=naBIlKOgcAYAfOlIr5NvJE9UwI5OMtPbW1Owx2HF%2BaP6fBJGXW9eqy3SLozkGZ1P94uGkVaMU0CKxidWgpywfwb%2Bn5zs0irQfve04atsagTDlCPqAa6arz%2FAKbRg03Vuc%2BV8\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":139853,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1353 x 667","md5":"ba3d43fe67dd8ef3f0f12c6f5e329c03","sha1":"7d57c10b9c641bd0b52b32a0394598f8378cb817","sha256":"01cf35757501f61c35827faa5e65ef35e585836c431b35b19fc1f2e945ea48a8","sha512":"b2343704636457978d76a2a5192b9dea513e46c163b5f7fa57112e05385d1973b8f1d97f5475fbed4d537e514475fa407c22665b806193ca9eccc88e84928ca7","ssdeep":"3072:fKK4r6QKndHeuhgtGqrDocsFuNMAadxCvbPxMH:B4r6QOtRhgEqr0AMDTcPxa","tlshash":"9fd3227b5d597966035cffe01ec41efd3ae240e0b1261a8b7a14b89e5c6f7c4272a1c2","first_seen":"2025-02-24T05:04:49.216917Z","last_seen":"2026-04-11T01:22:54.512452Z","times_seen":49,"resource_available":false,"data":null}},"time_used":482,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":238,"receive":244,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/b2.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/b2.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-31fe0\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":204768,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"8a520c267ded17d0430eb877447d4eda","sha1":"ef699a9d71a3233f7c40d375f67461a2912c29a6","sha256":"85292916b563108cae2fd94ea851a8379dc153a7c84c539e2ce10cf6b876c9a4","sha512":"987c7c86a2d236ad1e0c6e625365348f86552dede1e78284ac147ccd1a017e42d8c21e5b9f500b37c9db28223be8a7e9cd895fac496b3a229e2f2eb9f73fc8d7","ssdeep":"6144:MGjrzXcg3CaSUG4ST4EZ9RVA0UOhss8QHfQH2WF:MktaYS4kssXHtWF","tlshash":"fd14230a0f5275ba973c6342fbcbe37260e0490545cf8e306a92b596f39d097725dec6","first_seen":"2026-04-11T00:48:34.324989Z","last_seen":"2026-04-11T00:48:34.324989Z","times_seen":1,"resource_available":false,"data":null}},"time_used":644,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":644,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.79.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gogo17.ubyt4z.vip/?refer=stdpk","date":"2026-04-11T00:47:48.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:29:28 GMT","end":"Mon, 18 May 2026 15:29:15 GMT"},"fingerprint":{"sha1":"8B:A9:51:50:78:B2:5E:75:31:54:23:BC:80:D6:CA:53:34:E5:CD:8F","sha256":"AF:D9:FB:4F:B0:E1:BD:80:DF:22:93:A7:4A:99:5B:50:0A:BE:47:59:37:98:C6:BF:C5:DF:8D:8F:F0:8D:FD:23"}}},"request":{"raw":"GET /beacon.min.js/v8c78df7c7c0f484497ecbca7046644da1771523124516 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gogo17.ubyt4z.vip\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gogo17.ubyt4z.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 00:47:48 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2026.2.0\"\r\nlast-modified: Thu, 19 Feb 2026 17:45:24 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9ea5fb65f9525696-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31169,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31169), with no line terminators","md5":"4f67ea9205c3ca7c9e04582d3b9bdd1d","sha1":"d3b68ad3eb88d3db3d843211d4905143c3bff281","sha256":"4b77eae349a8cbcea7133cf3640a64ebf1f69d54d8f6469d7be6fdc188ca4ca4","sha512":"f034bbae022b026821045c28393ba371fe83f6b5ef1fcc66f0943525ad3587d417f04cd795d8accee7d86b82057ca74b50a4d3ae74855cb0e4504393ad943c42","ssdeep":"384:BXi1f+hZCIy1f84QDRuT9WKw00QmLnivMt+BERzR0c744BKJKe0620vFjOkcXo9g:+V584QlIrw6OPIJJtFjj09N","tlshash":"bce218eeb591b13603f7a072447f210b733ab56264494408e21bd6c22c78eeed257fad","first_seen":"2026-02-19T19:35:51.221473Z","last_seen":"2026-04-11T02:58:41.195339Z","times_seen":33883,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":11,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/css/7.10.5/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.5/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/usr/themes/Mirages/css/7.10.5/mirages.min.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nCache-Control: max-age=14400\r\nCf-Cache-Status: REVALIDATED\r\nCf-Ray: 9ea5079e5bb1cba6-LAX\r\nContent-Length: 77160\r\nContent-Type: font/woff2\r\nDate: Fri, 10 Apr 2026 22:01:22 GMT\r\nEtag: \"65fd569e-12d68\"\r\nLast-Modified: Fri, 10 Apr 2026 22:01:23 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ay3Nl4E5jTqSnmIYhPP7CVXt%2FgRSH3eH1uzfX%2B3dLpYJzRipE%2FFjC8KrG0nRpXwZABj3AC0XgEZKSPBSKtEoG%2F69yJCAfbagUNbUSPEVxa%2F2rQ2xIdO3WzkVX5o2Gnyyxa3g\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-11T02:56:44.643222Z","times_seen":422088,"resource_available":true,"data":null}},"time_used":565,"timings":{"blocked":113,"dns":0,"connect":0,"send":0,"wait":225,"receive":227,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/favicon.ico","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=14400\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea4bb32fab523ba-LAX\r\nContent-Length: 436236\r\nContent-Type: image/x-icon\r\nDate: Sat, 11 Apr 2026 00:44:00 GMT\r\nEtag: \"660135b6-6a80c\"\r\nLast-Modified: Sat, 11 Apr 2026 00:44:04 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2SrN%2BW6xjg6zqUeCU9dRAvJZ4ZG%2BtAcxNCOGZfZ8tFmg7IK4EdlnyRgnlZlpaIiI9zUJyqPzkTx7JobZ8VSHwfwEEKH4fkOzDoIDNz3bnM03ROYx%2F73XIiSKXt1O5qfcKA83\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":436236,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1280 x 1300, 8-bit colormap, non-interlaced","md5":"3b9d4122feaac252427d4c24a864621c","sha1":"0195e8e818d25a1d8aa2244fa8201fce663227b5","sha256":"e1e2d551428d08274b039797e6e1063b595177a961d9a429095bb9f985dd8515","sha512":"fa15be434373a0a40f24bce2779435da01aedce71dd454a69159efc58b672f4eecdd781bc1a28105c620796049a7224751a6a305a7137b8eab32147795c0290d","ssdeep":"12288:LFNzEXXblVKlTBisdlnxjOGaTNTfuYIWFrfv:L/uw2mhOGaTdfuFcv","tlshash":"e19423b11de531c9811290870714964da9da78ee7b0c35333feb30f269b72fa991ab5c","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.641333Z","times_seen":83,"resource_available":false,"data":null}},"time_used":2085,"timings":{"blocked":1124,"dns":0,"connect":0,"send":0,"wait":236,"receive":725,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/css/index.css HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-5e19\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24089,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"155ec7e68282ff61a6a3ac1b1a6eeb78","sha1":"286981df3e0f57f22b083cda9312ec9a420aa54e","sha256":"81963238d66bfd2dca695c9bd85136265a9f115a56f3e4485a27e7c1c8b121e9","sha512":"9d39f69716dcff989f2b34194d8a78a5d8ad2c6c9caae27d9c8b6d906969a0179938b88c9f3987e09d809589313ec7028c5406001040bf2842df96dd7231d054","ssdeep":"384:rJmLkd7kdhx+rb7ItQeHfLRRpsQ6JuHEx0lxzlTSiKN2f0oUVHfcU:rJmLkd7kdhEb7IGxCT6b","tlshash":"dcb262da2b90028031278b68a7e65f79733cd003e95accbdb7c1285ddf556e852e3786","first_seen":"2025-10-23T23:52:36.363498Z","last_seen":"2026-04-11T00:48:34.32958Z","times_seen":2,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2755411517.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2755411517.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e5ceda10b8bf7c5-LAX\r\nContent-Length: 189377\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 23:19:24 GMT\r\nEtag: \"69cd4c91-2e3c1\"\r\nExpires: Sat, 02 May 2026 04:00:43 GMT\r\nLast-Modified: Fri, 10 Apr 2026 23:19:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MiUReUrJORIQPdNPMON2DZz1EQYkMmFTHsF12hAsIRwJKO9yN%2BHbmlzh7c0FV7J0tuCi1uO0pM47m5EhGZRuvS23I5FigOvtXRzjRFz9vkhkZeUtgXHvZEELd4eEOz%2FWrsxV\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":189377,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"1a1c21d1fb1a66ea7065da15f0819d59","sha1":"4425fd4d57d06d7bb9b54992fad6d96ee643eb65","sha256":"2749291bcae3eff201b98b9fe362e75dfece7773fe6d5252a757475db793a5d9","sha512":"c960c04ccf4488a2aea83f8957ee512d73480352a4c869a7997b4eb96ec45ddc4e351e1321d8119687607e26b16013f4cda0b19e5ff437192fdeab15430c9275","ssdeep":"3072:EEK9Hya2+ZmDUWAuVYPO76DqHGxeXBDOY3qvAF9C/qVWiKHidu3iA:Et9nl+AQ6DSYAyY1FY/JbHic3iA","tlshash":"3804134bce9650f1448d3ab0129a94e16770edd7f4c03ee309eb4895b3ec523f45aba9","first_seen":"2026-04-11T00:48:34.331664Z","last_seen":"2026-04-11T01:22:54.478915Z","times_seen":2,"resource_available":false,"data":null}},"time_used":901,"timings":{"blocked":419,"dns":0,"connect":0,"send":0,"wait":239,"receive":243,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2864109963.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2864109963.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86ca9a1e11-LAX\r\nContent-Length: 549852\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:45:51 GMT\r\nEtag: \"69d59725-863dc\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:45:52 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SAtJmKjWq%2Fb5GPoy%2FZaHYJFdz0QUw4GZtLckc7EAayH5zAwrgpcWNeiHAIQbpUWw0zCLPyMnsH0cbFMQPdnkOy%2Bh63HLCz6B2sj68KsJZsA0nB%2FIVNxZFpk%2Bioawtds89Xuc\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":549852,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"cae37a0547d1aaf19b717f0b5a4678ef","sha1":"aa02ea6311725474f4f4474aef3fa68c99494a1c","sha256":"436eae916cbe9149206102505a7d157fd5665963d26877a56304934d281324f2","sha512":"8dce8c9efb944a262034d5d89839cd13e78bfef8cab9b55b6bc5905d9bdeab9158a5cc56a16dc8d50c836180e079ea710c01f33c120128a7e036bd75d81f8cc2","ssdeep":"12288:E9Sj84K+As60+dbCMGfIhA7DCa7xt2wLF5/QmQ2hi:E9KPT1+dE+AnI2hi","tlshash":"dcc4238b74ec2c332a7e3e71a15c792dabb947931ed977ac527105e1c9ceb4b00115ca","first_seen":"2026-04-11T00:48:34.334056Z","last_seen":"2026-04-11T01:22:54.481195Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4035,"timings":{"blocked":3547,"dns":0,"connect":0,"send":0,"wait":238,"receive":250,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/weixin.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/weixin.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-61d8\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25048,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 200x200, components 3","md5":"1167052d9d3a04af3e66d05835f9fcf0","sha1":"60366e065eaa794ed29450a78c0aaec84848a8df","sha256":"c5bac28187d16af50b1bca2398abb8e718a6ab101441d0411525c49619c92373","sha512":"8f220dc318feedf55e7afc80a59d201ea6ba0d694fe67df919f338d28cbb7cfba7ed8a07d4becf6c2b3e21add30ece5aaebfd543a9795a41ab793cebd1a65a32","ssdeep":"768:Gyjbw/r+tm4ZLgWlAdxFNPwhgcmGIqP+2f2xLxp:Gyjbw/r+XZLnlAxNohmlqWe2t","tlshash":"51b2e1134bf53faae825274906360f505636b3ef875c1a8fc7becb829e512277624680","first_seen":"2023-05-06T12:28:35Z","last_seen":"2026-04-11T00:48:34.337032Z","times_seen":236,"resource_available":false,"data":null}},"time_used":642,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":642,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2025/03/1784248271.gif","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2025/03/1784248271.gif HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7f0868f8d82ab4-LAX\r\nContent-Length: 139853\r\nContent-Type: image/gif\r\nDate: Fri, 10 Apr 2026 22:51:20 GMT\r\nEtag: \"67d54db3-2224d\"\r\nExpires: Wed, 06 May 2026 07:20:56 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:20 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FxOfgNYg1Ur0F08bNuMzN4byWXeUUAA7kP7CNWAw7iyxqHrwNdWR7UfB959R9zFQ2istLQOIm2zZPzsBp1J%2FPBGKcMzMjiXVXR7kczuTsSHCXIlwT8lbnM%2F4k%2FcjNTsUBAVY\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":139853,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1353 x 667","md5":"ba3d43fe67dd8ef3f0f12c6f5e329c03","sha1":"7d57c10b9c641bd0b52b32a0394598f8378cb817","sha256":"01cf35757501f61c35827faa5e65ef35e585836c431b35b19fc1f2e945ea48a8","sha512":"b2343704636457978d76a2a5192b9dea513e46c163b5f7fa57112e05385d1973b8f1d97f5475fbed4d537e514475fa407c22665b806193ca9eccc88e84928ca7","ssdeep":"3072:fKK4r6QKndHeuhgtGqrDocsFuNMAadxCvbPxMH:B4r6QOtRhgEqr0AMDTcPxa","tlshash":"9fd3227b5d597966035cffe01ec41efd3ae240e0b1261a8b7a14b89e5c6f7c4272a1c2","first_seen":"2025-02-24T05:04:49.216917Z","last_seen":"2026-04-11T01:22:54.512452Z","times_seen":49,"resource_available":false,"data":null}},"time_used":984,"timings":{"blocked":751,"dns":0,"connect":0,"send":0,"wait":229,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1631915436.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1631915436.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86c899f7bd-LAX\r\nContent-Length: 509757\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:45:51 GMT\r\nEtag: \"69d59809-7c73d\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:45:52 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ORVkcNjz405V7SCkdpohufxczgiqzWL%2BLliKXAmLL6CYg0CH2pKP7zKZpieZ6QTmulMzV1Xe3YMLWAuBKSMurymCUN7PTlWWqOs2mEYoUvco3YmB6IiFqjln5bSNweMPXKx%2F\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":509757,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"312084b0e0c33dfb355750a5b647751b","sha1":"8b58c259b13569357955a3fa25b1eac8cb879799","sha256":"42024ef081d9d4018d8306671eeea96cda697a3e3aa3379b9a5052e2086ae8c8","sha512":"0f521081986f06120a92ec1bc2f96f603978bae56d5d61f15f887ff2136fc82962a2d59512fc9ece06dfc28e29bb6adec649bb5c4e4e5127f643ca74d4858b73","ssdeep":"12288:gj/J/QBv+TskaCAozzPzfSKZq+qHdqQPzKIbDUUMaUr:gjhIJ+TsazPmKDqHdFzKIbDxM5","tlshash":"01b42335ee067922c2fc985290b6ec6cbf8869ff2454512b639085a4f7ddd17a103caf","first_seen":"2026-04-11T00:48:34.33824Z","last_seen":"2026-04-11T01:22:54.558406Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3516,"timings":{"blocked":3266,"dns":0,"connect":0,"send":0,"wait":236,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/3515082973.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/3515082973.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e9040cb4ac0502d-LAX\r\nContent-Length: 153816\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:12:12 GMT\r\nEtag: \"69d5976d-258d8\"\r\nExpires: Fri, 08 May 2026 09:30:23 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:12:12 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=usCnqMDn2eEW8qGptBpW1iOS1mbj4%2BntZ6kJlNnUsSC80D%2B%2F6p%2FFx4NvkXw5Y5sNYVOWqlWSKSPxYdHvLmcKl6MKN52TIdrezrwWuNG75NB9eUO76ECfFzYJ6N8JMw7%2BFDJb\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153816,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"da8898ce80a6c554e22b8a72000222f5","sha1":"97ba7aafe0a36f03828a3d0b2b3b0743a4c9ca74","sha256":"ea5e6a0701b31cbe6ac0d724fd603c4b5c13b3105988ca61a0db5dc19feee900","sha512":"c56e17b954bc0449b06971a7855f68fca1d61a9563f2ac34633d2f0c0c10ccb0b04152db5f0466b9099fcb4587ff238c1c88025328cc94d5f5f079c0d74c3b16","ssdeep":"3072:6yf7vn2C1E1U1G+8iIdBoEsaCY3FjLujeSqMKQHyZPI7RFT1Pv:Rf7v2C1E1EUobYYqz7IFFZv","tlshash":"05e312ff96e360277967847fd0c2399de0f22d6749324baa8643408773366e5d938b06","first_seen":"2026-04-11T00:48:34.340428Z","last_seen":"2026-04-11T01:22:54.525512Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3745,"timings":{"blocked":3506,"dns":0,"connect":0,"send":0,"wait":236,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1413492045.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1413492045.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86cbd49a4f-LAX\r\nContent-Length: 565758\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:45:52 GMT\r\nEtag: \"69d5965d-8a1fe\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:45:53 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F9%2FaNLI%2F20RM7r5pwosCMq%2FW02Aq22wIT0O2QagXTxtwi1wVARDeAavLj6N9d%2B%2Furu8UGo%2FBrTjO9hYdgnZhnHSpaOsYUz4nAI0z1rVk5seLGWojbNRz2vx9eGq1QQ4TeMv%2F\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":565758,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"61bae4e6d998708d2d74452aa7a374d9","sha1":"5e81dd771c9875db80519035e74fbe1e403216af","sha256":"b71b2b4ce607f11756d83f1596fb40655bea3338bd1797a36a60991189ded2b0","sha512":"594e220560dd2c81a595526f3d2c308d7d9d55556fea20b384b962eb88b7856d963940fd39218d4d0765537742009b30533a3908e346a0a1623e48fbfec76b00","ssdeep":"12288:fG5c0IIq3VOZug665oLyMl+dL1N8e6AIjyG2I9gFaR10NwgYVfvrqU:+W0Ip3VO/ovYl1p66GTr0kfv2U","tlshash":"0ac42369fd3a1d7003c949da8a8c1b29c9a51fcefa70ac4d36f7348abcc649058455bf","first_seen":"2026-04-11T00:48:34.342161Z","last_seen":"2026-04-11T01:22:54.559787Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4505,"timings":{"blocked":4019,"dns":0,"connect":0,"send":0,"wait":239,"receive":247,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":""},"issuer":{"commonName":"Keymatic Secure Domain RSA CA G1","organization":"PKI(Chongqing) Limited"},"validity":{"start":"Wed, 01 Apr 2026 06:48:26 GMT","end":"Fri, 16 Oct 2026 15:59:59 GMT"},"fingerprint":{"sha1":"F0:4F:0E:62:84:89:BD:2B:8E:53:1E:AC:20:70:16:C2:F7:E9:C1:C0","sha256":"54:9F:ED:D0:8F:D4:0A:5F:31:95:55:FD:E0:E6:13:F2:09:8C:39:E1:01:31:98:FA:1D:DC:20:CD:20:19:7C:F5"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 1049\r\nOrigin: https://ftgy.drvhg2at.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://ftgy.drvhg2at.icu\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Sat, 11 Apr 2026 00:47:51 GMT\r\neo-log-uuid: 14530870078396011610\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T02:55:44.128416Z","times_seen":13603936,"resource_available":true,"data":null}},"time_used":322,"timings":{"blocked":38,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/jquery.easing.min.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/js/jquery.easing.min.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-15b3\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5555,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (3601)","md5":"3eac3c72434a0945b92dd4a01f7b6b4e","sha1":"7767b356530e39cd76ec259320b0b2774b4097a8","sha256":"ac3f3a757bfbfc9d92bc8f5e6e6362e5d4ae41dbf3cebacdda9b8f71afc82e5b","sha512":"6a199264a0294c335dde056ea8be534373014e3f2d2f9a76b58574e57c7371fbbafde72fb750348fab5fb9d486055bad792a1344ca8c9636df754d20d9e0cd50","ssdeep":"96:uBm7aaOr8uroJzDV6u3R3zd4j6zp4tSZCHjuwE9nCDTVpWR:p+aOr8ur83V33R3hq6+uwLvy","tlshash":"f1b1108a71f17719539133f011ba205b729dace5260e5804e8b9a9897c7b27c87bbc6c","first_seen":"2023-03-07T01:07:08Z","last_seen":"2026-04-11T00:48:34.343931Z","times_seen":4961,"resource_available":true,"data":null}},"time_used":610,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":610,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/swiper.min2.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.591Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/js/swiper.min2.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-178a3\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96419,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31999)","md5":"fb13ef3e875ca3497ede35d3774be9d3","sha1":"ab0743a89d522438c17ae7eaf5943fd4590ee3d0","sha256":"4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083","sha512":"7b9fba1a93c724bc53e1dd4e27e59534430076346ddc73b24fcb71c9b7cb831321a70ffa38797185f7108ee64a18f1fa08cf2b7ccf2dbfc03e767b23187814c5","ssdeep":"1536:eyOkN3TklR3ZIFDJ+Y7n2L5ydUTq0tSQfCBTR:LTX73uTq/","tlshash":"0d93d66eb314f3e295d3214a675ac64122f21706b809dae870b54c4a68bcc5d03bffbd","first_seen":"2023-03-07T01:17:19Z","last_seen":"2026-04-11T00:48:34.344729Z","times_seen":3079,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/search.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/search.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/common.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-4af\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1199,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced","md5":"a0bd6dc7c2db129580d4a0a30707996c","sha1":"f657510cdbdc56ecebcda49e246cae49690ac590","sha256":"808677da17aaefe28d2ce9343af7cce4ef17d8f9556215ba4daab9cc7ee48bd2","sha512":"874b7c8f2836ef1cf01c9f9205d29fe83440262e390a77e22e280d6f7a96cc3d554700dfe4ceede7dfa42c7a98155d31ba434101fa180906d822f568812bc8ae","ssdeep":"","tlshash":"fd21a7bcff02ac40b24cc84194fa48279d165641d8c0f03a98dfc85b99ac1f9a4586cb","first_seen":"2025-07-01T02:08:25.022407Z","last_seen":"2026-04-11T00:48:34.345445Z","times_seen":5,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":592,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/03/4265994369.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/03/4265994369.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e5470d6bf01d7ab-LAX\r\nContent-Length: 226780\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:51:18 GMT\r\nEtag: \"69cb8fe6-375dc\"\r\nExpires: Fri, 01 May 2026 03:17:26 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:19 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PDM47HW9bCOv8Vy6TQO9bfkaUPv2rMj9%2Bsk3ucZnzdHmNxg6GJf2ut15FIPTVG%2BL4%2FkGGvR%2FUiykofB9nx9LbXrJ279ydztj%2FuazaFyy85GMU54Ni7YGSbTCffyBC%2BF8MfUV\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":226780,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, software=美图秀秀, datetime=2026:03:27 14:05:05], baseline, precision 8, 1180x580, components 3","md5":"5baf7e820c2f4c1aa537c72225a339de","sha1":"15312946d0434c52dcc0a5cbebffb95b2b096b65","sha256":"172209add3b2f51d2ef8c342621d1550c23e6bb298afe39259bfe3e50954b7fe","sha512":"cc417d5ca0a29010f1d2a295fec70a309729b5e11049c8b35c9849c59a232aa69841c90bc92ccdee58fa6c06ad23afe26596cb0a14386a05625453bf845c4601","ssdeep":"3072:t4h9ospuWY4g6yibBz6puD5qywfom+sEb1bd8FFNC1cBEemhHEmnVrHVtXp70zBz:t4DuJ4ASz6Dfsbd0U+mnVjVtXGz1","tlshash":"f12412578a0403797b530db63d2431d8c77a9d3f93a99f8c861b9bc6b91ce1e8a0167c","first_seen":"2026-04-11T00:48:34.347396Z","last_seen":"2026-04-11T01:22:54.702036Z","times_seen":2,"resource_available":false,"data":null}},"time_used":864,"timings":{"blocked":153,"dns":0,"connect":0,"send":0,"wait":235,"receive":476,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/prev-icon1.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/prev-icon1.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-5e9\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1513,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced","md5":"2795efa51887beaa08e8b0896a44614d","sha1":"61ad3366262d5cfdbd48812be9cf39177dc3da8a","sha256":"6bc9986b381f8c6eeb0193dc165adb8651ae4b8f2f72382de38da047739bba1d","sha512":"843e744604750ddb46eb6f87bdd13847b32968abd4aa4648fe5017562f5e13fc7e7fd3f277f880bd485ab6dc8a09c85525eff70b0adc22d3e57ce867f0c312f5","ssdeep":"","tlshash":"bf31c909fa9028119a1ceec034f2c0674ca308c046ecd75c6cebcd8695713b5745b9cf","first_seen":"2025-07-01T02:08:25.041017Z","last_seen":"2026-04-11T00:48:34.349516Z","times_seen":6,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":585,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/images/bottom/pk.png","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/images/bottom/pk.png HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7a23049b151e1d-LAX\r\nContent-Length: 4114\r\nContent-Type: image/png\r\nDate: Fri, 10 Apr 2026 22:51:15 GMT\r\nEtag: \"6669825d-1012\"\r\nExpires: Tue, 05 May 2026 17:05:17 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:15 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n1HAx%2FT6Fw0XqL3SaWSEFHKTvwx51G9laGqJ516I70bzBPFDNvBfohIOdEN161JcgPSIxSK7lb87RNI67dGWtqFVcsZjMiw%2FE7jH4ipsYKbEAg9VmQH48R5Yj1FZOULUVgrp\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4114,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced","md5":"675819e3f941d36fe8c86f085be5697b","sha1":"328083de61d369479901fc975d93cce2f193caa7","sha256":"1daa8f44e26117a94bc7a1288ab2a6b82600955676a23b5137b6b28ddddfe73e","sha512":"4f311037b99da7dc08bb31d4cb2f9a97f0a0929b5c6c3a4b219950510fc4cf5f059567e750de69c332a4e502cf2be9a755bf8963751f8fc2ea51dcc711808ffc","ssdeep":"96:1aFPBSu5r78iT+qG2Fe+SxWprcauEkJq32Q:14BRZT6HbWiauE12Q","tlshash":"5f815dba5648193b45f11e124f994ea1a27a732f3f72b8320c429855766a9cf19c815c","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.523145Z","times_seen":87,"resource_available":false,"data":null}},"time_used":1159,"timings":{"blocked":933,"dns":0,"connect":0,"send":0,"wait":225,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1147077616.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1147077616.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7772bee8cbb1ab-LAX\r\nContent-Length: 210072\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:05:25 GMT\r\nEtag: \"69d1c50f-33498\"\r\nExpires: Tue, 05 May 2026 09:15:25 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7FiA56kvuFSzz5DYea9KFN3Wfj3R94%2FwhuFrJfru7RCCZfdIA3qno%2BKQi%2F0sFDLI3cF8IOUCCl9XH3JGfMHk5teGjrcxSc3EYOwPlG9R66LtlQE9mqYFFWoXo96V%2BBzGxIiz\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":210072,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"97e760025727bd5d428e5c234487a7fc","sha1":"35d2f085423d8605553adfd16c509a1c44e42c94","sha256":"f034875a844f3760b7904a20a91a3364acedb93d1bd015b2e3d2055b3193bae4","sha512":"a7a86a2bb1a1a0f1592cc18d79d663ff8fabc15bf7d73d5f053f3b095f268ae77a8d8dc2c410d7bc961cff8ff03a853f4ef64fc97bd76b1ff11e3bf8ba9f6e2a","ssdeep":"6144:9HzaNP5ieW7Uo+sS4uhVq1TGc+FuEXSV4l:RslW7B+sS4gq1TgXXSVY","tlshash":"602423799e40cd05be430bf1bae60309c4513e186d59d06d078e8c8ef86e71bf5b66ea","first_seen":"2026-04-11T00:48:34.351741Z","last_seen":"2026-04-11T01:22:54.523794Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1283,"timings":{"blocked":1040,"dns":0,"connect":0,"send":0,"wait":235,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1398778851.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.453Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1398778851.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e9664853bbe50a9-LAX\r\nContent-Length: 513162\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:40:03 GMT\r\nEtag: \"69d6eb36-7d48a\"\r\nExpires: Sat, 09 May 2026 03:23:21 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:40:04 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zXX%2F5mTJ437fzS7RgdnFKI%2B17ZWSPDbOq8Lu0oQYfg8InU4oxuJCuyZvuPSAyodF4wMg6sFPW005CSIyFYDewX3pyCQERATXvORKzJ2khY0boCLo8yNTEadK4M7%2FVX0pE5Jl\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":513162,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"0c954a9c70022402f65534f586f2e13b","sha1":"2c6a52ced13364381a4c22c7cf02d8c01b48ea13","sha256":"b3bbb0de7e31429d6a511fcf0a7363cff8ee1119ea7ff9a33c9dad8b30d7c30e","sha512":"8ff26eb1f984548c50e48971738be153b0505fea11ea2d8ab531e4222a1a343e5572b5f2bb5e32d228fab7240169a657222675406e0881e1e9501df60e6f2a24","ssdeep":"12288:VsLdNtp0o4exUqizoWgD8L3CBA4GTVf+XGkd:VsLLtp0/exUHoWV3yArgXFd","tlshash":"0ab4230d9c86e590d2ed4ab2e043d9db52311ab161d9c3deb0577b20f16f71afac00ba","first_seen":"2026-04-11T00:48:34.352809Z","last_seen":"2026-04-11T01:22:54.703562Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5580,"timings":{"blocked":2504,"dns":0,"connect":0,"send":0,"wait":239,"receive":2837,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/4168882384.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/4168882384.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff6dba2ea3-LAX\r\nContent-Length: 568158\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:51:26 GMT\r\nEtag: \"69d83bcd-8ab5e\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:29 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jXTDUPT2iYYmbi7ROZOvTSLueGm6jru%2F0rmyjVGit%2B16vAJknSoql6raAU6mfJQWYKrTiw3QA6UCn7819EHaucp0shJWwGuiuDNYe6kPvtMKcf1h6FF6VPs%2BidYrF4lXjxZo\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":568158,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"2234c62e1ce16a6d18cfb198c2e330b8","sha1":"fc41a1f3899694c4435ebbd0bf6730c09122748d","sha256":"13b9865ae8ea6eac9e1f6860119a72fd7261736592ccdd38d9b78059028bb7f9","sha512":"42007ee32bd4f7283d9d646a80f05f9b66ec343b24ab8c62d0a2d03747d25c138b7abf24fa2af3832324956b5fe7578764fecf680d17cb6f88b637c84fe17074","ssdeep":"12288:+J6OF0ZW2s+0GmswL2fyaqsUoAzoNddudAZVPgWSxKHhaqHtbdkwR:dOihHRwmlqs8zodsAgWxBvtbdkwR","tlshash":"0bc42382d3a7411301bac2c6dcc1ea999e90bab315ddbc7692bf15c9d34f61a0b5f00e","first_seen":"2026-04-11T00:48:34.353965Z","last_seen":"2026-04-11T01:22:54.691877Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3487,"timings":{"blocked":1621,"dns":0,"connect":0,"send":0,"wait":229,"receive":1637,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/b1.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/b1.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-4bca6\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":310438,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"d8454ecb2871f31723ec06cf716fae5e","sha1":"a8812fd602a726c22f19a07972276c2c9c605539","sha256":"403bfd1c5e994994937c8c5b9d124f9f22525577cca7fc19cde2c213386fb220","sha512":"bd535e0ffb1a81f5756d5f747bce41efd542a4ad3fc80db2babcee4fb4359f473a665ebee3ad550253c1318faad4741234785ae10a371196d4ff6bba92889efd","ssdeep":"6144:LxPEhOSBnmbwGBxri8U3MG4nehd6a4+RWPzCO+EeGAItmkJERkIbFEgwVo:gAFNtgdR4WSquIigwe","tlshash":"cc6423c482774ab3291be977ce6bb6edb8970503e50c481154ea2c264e73ff59d800ee","first_seen":"2026-04-11T00:48:34.354922Z","last_seen":"2026-04-11T00:48:34.354922Z","times_seen":1,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/plugin/hls.min.js","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/plugins/DPlayer/plugin/hls.min.js HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: REVALIDATED\r\nCf-Ray: 9ea50d53bf5b0906-LAX\r\nContent-Encoding: gzip\r\nContent-Type: application/javascript\r\nDate: Fri, 10 Apr 2026 22:05:17 GMT\r\nEtag: W/\"66f6be08-35adb\"\r\nExpires: Sat, 11 Apr 2026 10:05:16 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:18 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EbQammyJfM9yMcd19zBaKXszGdtbq2SFdiPDDmdn3E2lXAxVduscIevH1Kj9BC30S1YkNAD9mMSKYEwtYrNMlbe0kt2%2FlolTYIA05ZzCbWj4flVhAXp5B2xpZCFJ3F39xChw\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":219867,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31978)","md5":"f79f1fd1d5db2c347e66ff3e45aefb1f","sha1":"d44ab2bfd39b9570f7aafc52968b6462632054c3","sha256":"6baad05958e511e917f7466f4a21fca50cf488eb18bf90f9ebc80d589b96bb20","sha512":"ea2c9d6fe89a934295715a757d5ca31d31505c1dde3eba0f1ab465a62b234db1774b5b095c9eefe892565d1b59855dd47b1b0812ff444544a2cce07291cda5a4","ssdeep":"3072:yCClH/SBvwbU5kjO8lkfpIwBHjPz4JgG3w3bxy:yCCNSxwj3lkfpIuPzGX","tlshash":"d9242ba837d5b0264683b168543f22063236bc2d6488d09cb77bd9e65fb594db03bf78","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-11T01:22:54.574413Z","times_seen":648,"resource_available":true,"data":null}},"time_used":657,"timings":{"blocked":197,"dns":0,"connect":0,"send":0,"wait":229,"receive":231,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/index.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/js/index.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-8de\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2270,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"cf8b4867659cecf54e3a0f63c73c8ee8","sha1":"3bff7b4f6d94ed4b9b1812685619b95db78dd357","sha256":"62097362adbfbdb1915c33571dd24ec67de0e62609ae83215b942c4002606504","sha512":"3a313fd628ef8904fe6104656c03e7ecc0997c714ecab6d8ae2bbc2e78d0c7c1c85c04bea9945b334885b414ddbb1322d4d3ed9ceeabd24fb2e8504298309b6d","ssdeep":"","tlshash":"72418844a500106c2177d37f4e3e5200ea63125bd08acc6ab4bc69946f715258b9eff8","first_seen":"2025-07-01T02:08:25.02874Z","last_seen":"2026-04-11T00:48:34.358824Z","times_seen":7,"resource_available":true,"data":null}},"time_used":608,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":608,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/images/ads-close.png","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:52.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/images/ads-close.png HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e9c53438cbe5121-LAX\r\nContent-Length: 1443\r\nContent-Type: image/png\r\nDate: Fri, 10 Apr 2026 22:51:19 GMT\r\nEtag: \"66067b97-5a3\"\r\nExpires: Sat, 09 May 2026 20:40:09 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:19 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fMixIwGYk9Uat0smyX3xPcubV%2Fy2EFB4NQkAKNKwFrNcqTcGgy%2FX%2BnE2P5u%2Bj6bfcJwBFIegR2ohrgiBY4ukf9xehtxIkqRQs4dZU08g1bYe7HqPu%2BeNlGttu4W8tljllGgw\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1443,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 129 x 129, 8-bit colormap, non-interlaced","md5":"1840e82f933a7c08af8408edfc255011","sha1":"97006c40ff1f99238f8c3df3c98826ab2ca8eea2","sha256":"ca85e50e73e0552ea9467c120d2221c68cb29d5c30a4ab54b8ef6ea7330afc19","sha512":"fa0020bc21aeca4251213ec69ea2338f8452d1fa9bde26f003d7edffc55ec612fb2c7a21b447d2a1ccd874d0f53a390da40bb93721db9329df13c9d6e5220ae7","ssdeep":"","tlshash":"0321db42a8fabc5f4192405a7649f290a833ad07996bc671121d3efbd573c554c4f741","first_seen":"2023-08-13T16:34:45Z","last_seen":"2026-04-11T02:06:21.324549Z","times_seen":18465,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":33,"dns":0,"connect":0,"send":0,"wait":235,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/b3.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/b3.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-24d26\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150822,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"c6c77250bce158614e4fe291579b9830","sha1":"bad76a614e61d6527d718a572325ebad85b3e0c1","sha256":"1dea9e20f1b87748cf41412c0dd4c7bf4eb74c4cdaca3c9d19f216142464165b","sha512":"8396a5cb0e8d3a365a61e8e628d8c95f0fdf0a5516269473eeeab41e0748b68edbb0fa32ebfa29009061a7563108eb338a3d9c7e5bc7fc714661f53617e9ac65","ssdeep":"3072:3YQMRYJurz/XpNl9o/1A7H0+HKAZ69nO4kcpBkKwq0Ap5Rs262f0KPUSkA:3RqY8f/z21A7HXHKAinO4kc9fBxn","tlshash":"83e3126e2d6d21a08f9e412080deb229e53cfd005d60fd5f8eac3e248d8d765977e709","first_seen":"2026-04-11T00:48:34.375008Z","last_seen":"2026-04-11T00:48:34.375008Z","times_seen":1,"resource_available":false,"data":null}},"time_used":644,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":644,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/plugins/DPlayer/assets/DPlayer.min.css","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.css HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAge: 21667\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: HIT\r\nCf-Ray: 9ea50a33c9fc1d3e-LAX\r\nContent-Encoding: gzip\r\nContent-Type: text/css\r\nDate: Fri, 10 Apr 2026 22:03:08 GMT\r\nEtag: W/\"66f6be09-b095\"\r\nExpires: Sat, 11 Apr 2026 04:02:01 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:03:08 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5ZXWzn%2FXYNYWjuSthw7p1vMo%2F8oZJh6JHwx5vQvppfvcq4%2B87NjJ1ZkWxPC3G3Txn%2BooPSGXhWKc8fu%2FS1cG%2BfNf4BfZvpCsmwI4owTgDH2dKkKpu2AG3bPB7x%2Br5c%2F5vj5u\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45205,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (36675)","md5":"0372c3e5e0bb7616294607b190959857","sha1":"0bf3c698aa55efcc63ff7d94ec6481e20a17ea76","sha256":"bc31a67713efa74bc26875287ce79ec8690fb071fc9fdb220b28d8a2b529d300","sha512":"e4afd44efaec53ac2f0b65c1db84ba7c576a2a55eaab8f1d7c792cecad5a1dcbcb93012cf93f9e0abdeb543e3ca9e18a138135b46e2dec3a1f74581e5b44cec9","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHvHYr/hizxdUDr5+0ysGif0y90:9HYr/hizxdUDr5+9soy0","tlshash":"ed13bb1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2023-06-09T17:39:09Z","last_seen":"2026-04-11T01:22:54.701176Z","times_seen":87,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":176,"dns":0,"connect":0,"send":0,"wait":229,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/3805002250.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/3805002250.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e96648ff821b6a2-LAX\r\nContent-Length: 160576\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:50 GMT\r\nEtag: \"69d6ea59-27340\"\r\nExpires: Sat, 09 May 2026 03:23:28 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:50 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FN2JOB5aCcMxFRZ7nU6uIt3IdTia2KiMgw9n5dnavs%2B27SrpS%2BZjVYvHYDlr%2B3yTCqnw1RvgbSOv3KU8YaguOMQFSV%2F4HQt2o%2Bxyypd1CoZMS9ZJfXsi6AJFIPrCjb9u70JP\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":160576,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"bc411a0432e019d4617d28838b900e23","sha1":"78f7dbc033044d9ee1066bae3173e0ad2d53b399","sha256":"55d89fef7e218b6d068cfe4832a7eb03da62264dd07cfc8b9c4edae45c7475b1","sha512":"0aae02915b69135985f59a10428c9b7c41a563c72e9fe6c06240b5365907c1f48708737b390fbb98aa9c6cb18502d598ce4837b4065dd2b9b26b12d3a9a423e9","ssdeep":"3072:VNy9XhKx28tiQlLUel0DqJqVxsixRt55iUJVGGeZrKSFPz3JDuH8e:C9xxw79UYoq4Vxsix55iV7KQPz31e","tlshash":"40f3125f02781132b13c013cdaa240b226b75376f56a63bbe2d745038697b678b3b797","first_seen":"2026-04-11T00:48:34.381198Z","last_seen":"2026-04-11T01:22:54.617172Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3078,"timings":{"blocked":2836,"dns":0,"connect":0,"send":0,"wait":236,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/177860501.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/177860501.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e966485593e7e95-LAX\r\nContent-Length: 543700\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:51 GMT\r\nEtag: \"69d6e953-84bd4\"\r\nExpires: Sat, 09 May 2026 03:23:21 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:52 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=26y6RXxsYILiS6wmfhD7hPhvJeAXE00OVcMEHGKtyEHaltVpFpbATJaMh77E%2Bkk4bi2WLv7VjE%2FgT%2FRFnvEzsDmTrwZPZ8DySN7kset%2FgsCp94GoViZ8rnQkn4mc3JrB1aw%2B\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":543700,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"d1386efc9c87dc1680fab72a8122c360","sha1":"9e308e8d642603d911643509c2abdd11f14ee231","sha256":"573b5af88b73d9ea61f6d65f1d17bf25a6f864ccaf34806c680dfbb2fce5dbcd","sha512":"877c4fbab008eb1563ee10e71d3780086043c19f6700b3135ed99a29e753df71c6ebd16f5d04b0e5de28f11a9706d6c71c3b41f7a1bfd8e6e5213e53d27fd4c9","ssdeep":"12288:pfbgJjEzY4XDHLrEjG7LzJSTTAd8z9cZYLFmqq:pfsJj2ZLf2G7xSAd8z94YDq","tlshash":"94c423e4f92bef5e0e9891d87d02d103fc046eac26fcd977059e748ad64d6861d4a823","first_seen":"2026-04-11T00:48:34.383554Z","last_seen":"2026-04-11T01:22:54.581274Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3607,"timings":{"blocked":3119,"dns":0,"connect":0,"send":0,"wait":238,"receive":250,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/border-line.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/border-line.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/common.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:48:00 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-44b\"\r\nexpires: Mon, 11 May 2026 00:48:00 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1099,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2 x 137, 8-bit/color RGBA, non-interlaced","md5":"5c4ef90f462069a4e9bdeaf3d440c28f","sha1":"a3ecd9d10ff244683d01eb6e7ae9e096d69d5eef","sha256":"5096385b9cc9353b6d44b2141743a6dd43858262e1a60422e2ac4d107815b3b5","sha512":"35502b09d29874a872f724a87b450357243660966211eabb663fd95cd5babd7dc753e5c34aac03aef03631b118f018c4ca7e065e3b06260927c4248546be172e","ssdeep":"","tlshash":"54114249ed612c00d24ed8f224e690238a2389c096b4f9797ddec86b5f551ba696e0cf","first_seen":"2025-07-01T02:08:25.039663Z","last_seen":"2026-04-11T00:48:34.385959Z","times_seen":7,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":576,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/2017-10-20-12-24-46.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/2017-10-20-12-24-46.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-43ded\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":277997,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"5ad2e66ab129622f2f8fbb1553622d50","sha1":"a72a26286d22a80c57ed48cda025212468f9c4eb","sha256":"ebb84233a4a2904015c15a02d23a11313f6fef8d4695a56b639d1316180be097","sha512":"2471de35b01321acb782bda624f621cd7c969e5ac84e9bb466739f1b8f9bbc4346cde476d938029d63e7638a9bea70912a26f3a97c61fa5f0d835bd6bb799aa0","ssdeep":"6144:yXLxvygR3WXe1KMln4M5ZbEcRME0CowWW8omRIguCZz4R:M4Ne1zpEOM9Co/1Go8R","tlshash":"f0442395a99e7538bcc2c86083e75a134736a17d4323f680c35dfe0b7f16188c95e6c8","first_seen":"2026-04-11T00:48:34.388157Z","last_seen":"2026-04-11T00:48:34.388157Z","times_seen":1,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":578,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=5C0CE7D781C29B7D\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1527187074\u0026si=ce95a5f143b18a92f5e2abde1ce8f8f6\u0026v=1.3.2\u0026lv=1\u0026sn=1037\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcnweb-nencao.com%2F\u0026tt=%E5%AB%A9%E8%8D%89%E5%BD%B1%E9%99%A2%E4%B8%80%E4%BA%8C%E4%B8%89%E5%8C%BA%E5%85%A5%E5%8F%A3%E9%A6%96%E9%A1%B5%20-%20%E6%9C%80%E6%96%B0%E7%83%AD%E9%97%A8%E5%BD%B1%E8%A7%86%E8%B5%84%E6%BA%90%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:46.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=5C0CE7D781C29B7D\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1527187074\u0026si=ce95a5f143b18a92f5e2abde1ce8f8f6\u0026v=1.3.2\u0026lv=1\u0026sn=1037\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fcnweb-nencao.com%2F\u0026tt=%E5%AB%A9%E8%8D%89%E5%BD%B1%E9%99%A2%E4%B8%80%E4%BA%8C%E4%B8%89%E5%8C%BA%E5%85%A5%E5%8F%A3%E9%A6%96%E9%A1%B5%20-%20%E6%9C%80%E6%96%B0%E7%83%AD%E9%97%A8%E5%BD%B1%E8%A7%86%E8%B5%84%E6%BA%90%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Sat, 11 Apr 2026 00:47:47 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=AAAED61664CEB04F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-11T02:57:14.559491Z","times_seen":332604,"resource_available":true,"data":null}},"time_used":330,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":330,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2025/05/1558649237.png","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2025/05/1558649237.png HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nAge: 83109\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: HIT\r\nCf-Ray: 9e7d942638452b87-LAX\r\nContent-Length: 588548\r\nContent-Type: image/png\r\nDate: Fri, 10 Apr 2026 22:51:21 GMT\r\nEtag: \"682b505b-8fb04\"\r\nExpires: Tue, 05 May 2026 04:01:38 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:26 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gDyLiePuEz0yx15CT5%2B%2FfQGN3JA4TWFSYvL0rx%2FscD0PQylwcgzGTcoCTS3Hda08%2Fhfh1h3e3u5cxRpU0iDHgMcJeKHdJXVq2Cd%2BFxKSqTPDhhJOpJU0%2BEbBSwHRR2ziwea2\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":588548,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 650 x 350, 8-bit/color RGBA, non-interlaced","md5":"c40a3446badfc0d2ff047e6d6c8ff988","sha1":"966a6b56086d03e30a18fc2ec9cddfaac966aa7e","sha256":"96c23ba2586fce7b3198fece1042b40f05627501ca6f43efa293eee6e57c9a10","sha512":"cf8fd7f06b979cdd9189b3a14c2c3108fb9473f510d7f62bfcfd7ffe7d4e2629852c5fdf59893b7ea4b750d6907d9d968871c78011b2270412eb699f10ed4d0d","ssdeep":"12288:TzLzNlXjMiSxPjtD9nB67uhM732d2kRITSG4EOO/OuznWGgtDRylt:/LzAxPjx9nsuhy2gkRhKGGADRylt","tlshash":"03c423ccf30f369cdfd78169a4c5eb489b86e96ba86580114d2743f9712c120c7bbe96","first_seen":"2025-03-22T06:11:06.216665Z","last_seen":"2026-04-11T01:22:54.579382Z","times_seen":44,"resource_available":false,"data":null}},"time_used":1485,"timings":{"blocked":1000,"dns":0,"connect":0,"send":0,"wait":236,"receive":249,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/469734797.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/469734797.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e9664857a600900-LAX\r\nContent-Length: 566553\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:51 GMT\r\nEtag: \"69d6e91c-8a519\"\r\nExpires: Sat, 09 May 2026 03:23:21 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:52 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=otmTPiXg20fN8zEDFwDEVEG4fJvQ1vzgSLp6rM9NbAKkE97Bgpd9JeQv14rZtO6%2F6jVAEFC7v3qEh3dhZt71YLh1IUNPPoQh%2BiNhqSgmrAe%2B320Kk3YnrCSDm9tZYJatKhSB\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":566553,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"cd0b2a5f1245d9668c34d7d13667bab9","sha1":"8dd80d44d9b67d8d78e0d7bc59b8a93d8cdea75e","sha256":"4b67800c33740df34254856bef45034316e96ad2a1af0ffdd9c66e2a8cd6727e","sha512":"db1dfcec0486296a4afa0ba111894affcafedc815b30985d73270b627b21444998aa023d7007fbf062730529f72bbee1b4ddd736087c349f9475e17ff8bbfd28","ssdeep":"12288:YCAoCbs3GWqCdzF9bai85cEbVYkRToadZ95syRN:V2sWTwVaiucqYiR95scN","tlshash":"b4c423682cb9eba590ac981c2f5ee48cf35be6c08d7dcc166d585ce7e7c10976e01b12","first_seen":"2026-04-11T00:48:34.401871Z","last_seen":"2026-04-11T01:22:54.676952Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5258,"timings":{"blocked":3118,"dns":0,"connect":0,"send":0,"wait":236,"receive":1904,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":80,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T00:47:42.245Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx\r\nDate: Sat, 11 Apr 2026 00:47:56 GMT\r\nContent-Type: text/html\r\nContent-Length: 162\r\nConnection: keep-alive\r\nLocation: https://cnweb-nencao.com/\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-11T02:55:44.128416Z","times_seen":13603936,"resource_available":true,"data":null}},"time_used":634,"timings":{"blocked":211,"dns":1,"connect":211,"send":0,"wait":211,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2023648909.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2023648909.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff6bb72b91-LAX\r\nContent-Length: 169308\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:14 GMT\r\nEtag: \"69d83b7c-2955c\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:14 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qp9vqWimHPJcQ05S8nkQLRWymuIAacFt%2FhFSWpfEhegDmUDMvxJuF%2Fka9tbdCHZMZImpXk%2BkZsyby%2BXzUQ64dpJuqWdZkQx95MWnXamZucvTLGPh1hVzksc8Ye%2FmWfebJqpy\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":169308,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"d5a7f348899693b83bdd599e828027fc","sha1":"c6bffbc7695b1b9ca7b5ccb974efbb344553b6a7","sha256":"d4204b74b0fbc8565ce9da791dca318c89eaeb791ae048a705c61926f146c645","sha512":"7f7302ff85e2a7d77a39f00644b6364a0df13f7d9b48900a71a089c419ec24016020c5d4d859670f6240098068b9a0845a713c4901545507047c1c2f9e816269","ssdeep":"3072:b2/VO5gruutumj2hJ8d4iinCXWRKe13XLl2Lq7JH6MloODVqBOWfX:b20qruuV8JEcnCXWLLl227JaUV5ibfX","tlshash":"49f3233cfdd1e0971efb43bb2e4107d6a6176839d4f28ac1f78c5a61124c2c718d9a5a","first_seen":"2026-04-11T00:48:34.403947Z","last_seen":"2026-04-11T01:22:54.484119Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2177,"timings":{"blocked":1932,"dns":0,"connect":0,"send":0,"wait":239,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2025/02/414011297.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:52.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2025/02/414011297.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7e495a0b403dc4-LAX\r\nContent-Length: 243103\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:52:57 GMT\r\nEtag: \"67a883ce-3b59f\"\r\nExpires: Wed, 06 May 2026 05:10:30 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:52:58 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pM%2F%2B6Elillg8v3vqpeLuUbBHK6tvc25eFybyXHJdeeruocndWTP7P%2FEP0lq5PcUwotcQo5d1ogyxDLhuFFqEwO2Z3nMJGvt6BXCkbFZIREk04j%2BIB85R6WnqtsLomktIJ0XU\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243103,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 720x700, components 3","md5":"9718848678bdf737ad412aa96c713590","sha1":"1b952416a2a610be238f95db921c68e0c03938d1","sha256":"87c4fb56aada5523b13880b95fdfc4772f4dfb6fb9226de698e083b24dcb0725","sha512":"1106107132952f902e2160e3803c0502c760dcb2fe22979b2f72a3ae5ad9a336662c36ca06cfb98ac5721d6fc0e6e7c1e42ce3daa5b960c29eab7c6f12b28986","ssdeep":"6144:aOUzwxCtTaeDjQlHeuvWpVdrllIucMuufyQIq:aOh8TrDjQROpVdrlGZfzZq","tlshash":"103422b423d108a97c8d53ba8f00e399e4e122a226dec77b11f539a7a3e93d2453d51d","first_seen":"2025-02-24T05:04:49.249238Z","last_seen":"2026-04-11T01:22:54.638077Z","times_seen":47,"resource_available":false,"data":null}},"time_used":1788,"timings":{"blocked":80,"dns":0,"connect":0,"send":0,"wait":238,"receive":1470,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-11T00:47:44.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":17735,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (386)","md5":"78093268f1d625a2f0c2b230a9b5536b","sha1":"38a17bcf52fa2086f091d6c69328e6116f78ffb5","sha256":"fa9553c73bf227f870be121a77565155e4e198e28464ccf7f934d67e3ce12d83","sha512":"6d951530d1230718d20f13a0b3322f4bacde76021ff002294548d17f0bd6ef1308d8d58235a9f47be2b105b27c4c8ca939ee4bb166011e53e307ccaebc11cff4","ssdeep":"96:izSvHzFNUZMXEXEP/6oRDaxeyiJOHpGcA1rGy6vb3/vbZZZN1oJO8ADGyGRTPdum:izSvTFsMXbFpckaXH9GPTTQm1mqopBM","tlshash":"1a72553248f55527069292c5ba34971f6fe2ea0bde5b8a0176fc5bc94fc2cd6cd03219","first_seen":"2026-04-11T00:48:34.407176Z","last_seen":"2026-04-11T00:48:34.407176Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1096,"timings":{"blocked":438,"dns":1,"connect":215,"send":0,"wait":219,"receive":0,"ssl":220},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/maigewan.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/maigewan.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 17 Mar 2026 07:55:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b908f5-4e6\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1254,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"02bdaae1623f0922a12d1544677c57a7","sha1":"86ffb48a34af54cfae86333060efd4c5c38a68c4","sha256":"0353ba95a9f9b861cf9225a68efb90414755718a78f1e190939a70be46ce07d6","sha512":"ddc6b04ecb6c9ddc74376dc05727ee48db344369cbe8668770b4d399f352bbcedbbe55035f4cc6f62b2b7793df99351f807aa1def76633c75d1bf6bbbdc7b56e","ssdeep":"","tlshash":"d32112357ef7603c02364025ad5ed859b0f8e038fb6bce05a56db8105998f8818addd8","first_seen":"2026-04-11T00:48:34.408612Z","last_seen":"2026-04-11T01:22:54.639111Z","times_seen":2,"resource_available":true,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/next_icon1.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/next_icon1.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-5ff\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1535,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced","md5":"0294d330103a98f4df108cd4e99e3f5f","sha1":"50f47b96f791cde31014b677d46306479a3dfd8b","sha256":"a002fb1b6f36c05980567058271302fe627440a22070ee56fccc2e8b993123a4","sha512":"d996ecc3171b2e60cee5417137f8515a28c7aaa29d1c58e64af6b30f2331e9ff58c2da22c05df2fa2eee6196e7c4eac709cff8ac3b39a38d356efb69f3e61a19","ssdeep":"","tlshash":"2831956fe4a224408bada9821ce2942ba56204c2d6f8d476fce7cc4b1c361b71d196da","first_seen":"2025-07-01T02:08:25.023104Z","last_seen":"2026-04-11T00:48:34.409672Z","times_seen":6,"resource_available":false,"data":null}},"time_used":581,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":581,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/4261664986.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/4261664986.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86cab4f7a5-LAX\r\nContent-Length: 151675\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:12:13 GMT\r\nEtag: \"69d59593-2507b\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:12:13 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1uG%2F7LGXuyqlBpwaUIEJDkfqchV3FDcfzD7PfKH2poi%2BXeekXqiWzDq%2FUL2Bqo5yyjncm7dJoWvVxHIeahFoWv3R4daqPtQoK0NhiUIr5zRv3Vl2HoILHRlOwQwtEBjMHmWS\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":151675,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"baf28074c6f1fe758e3e829d540fff5c","sha1":"f4b6c164ec6b2e0dc174ada0db02edde1f286648","sha256":"13a28da941c1633ce238c1359ba6a901c28aca61b0f92c46bea59464c0cba334","sha512":"a42741a3fd0df342d23a328cf2665af46c147ea8aaee6ec12265c52de0a2af762c591745659b6deb0e4d85d295a99fe1b7ee458415700dd637c62329f136540c","ssdeep":"3072:Z8Eei5FkRb60jqTsAE7pF6btmucjp+9pVsXRm9Av3QUUSeeDB8CP:9eij2LAmpF7uppVsweAUU4","tlshash":"12e313f5eec027a1ae0714713a2d963f8e47d088e11dbffabb14a24449ab504f9df154","first_seen":"2026-04-11T00:48:34.410279Z","last_seen":"2026-04-11T01:22:54.585943Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4737,"timings":{"blocked":4494,"dns":0,"connect":0,"send":0,"wait":238,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/3.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/3.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-2534d\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":152397,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"ede4a4574b92150b829818be99ca85d1","sha1":"acf619a6c31507966fa3853ee7442631b32a3d8a","sha256":"b3c8acb9dd3fed33fd62ba02b02b25c941a40f87116293ed9f7db40c12f9eb30","sha512":"74683c8a1771bf9788df42648b632ce7f4ff8287dcd334fc9375895fb2efbb8ccd1efd32cf99709b87724f0c7075cf7ecc5d288aac1b01ea8be25eac53b4f782","ssdeep":"3072:w9OEOwD0XXwUzD2Mw/e8U4Q0P2kSNoKKoXugqnXrauDqpaCA8gO:3Y0nwUzCMB8X2kaoLoegqnXa4Cv","tlshash":"80e3121ea582bb71688d5a3fbabb06b340f41194701a6d66ab1ab7c3ddd4cfc538f401","first_seen":"2026-04-11T00:48:34.411262Z","last_seen":"2026-04-11T00:48:34.411262Z","times_seen":1,"resource_available":false,"data":null}},"time_used":643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/css/7.10.5/extend.css?v=102","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.5/extend.css?v=102 HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAge: 21667\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: HIT\r\nCf-Ray: 9ea50a33ddeecb7d-LAX\r\nContent-Encoding: gzip\r\nContent-Type: text/css\r\nDate: Fri, 10 Apr 2026 22:03:08 GMT\r\nEtag: W/\"666a5e0b-1225\"\r\nExpires: Sat, 11 Apr 2026 04:02:01 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:03:08 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BXNghe%2FgPLVFVXEqsDuhGZYDb1zv6oMYaeSkEzJ6YwVFSCb3DxMRqUHZPCXLxlLtIO5dVtFkHtxLAIHsG5BCR9rhO%2BvHSXSAzT3ijJn2ELAlfkbwW6WASBFdowv9BVyZoYI3\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nContent-Length: 1288\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4645,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"2966259c0f639e3eaae328d2b695171e","sha1":"7c83f430d8f84ab675649f4c6068f0ed69e8aa26","sha256":"a8242ec4b0a2250ac8a358c35a207b93c45504923e47734ac3b2f823f039df52","sha512":"0563f4223e29d91ce83fd4f94546fd55a3e0b5bbd0f243e0c148979d6c158f959fc9ded353fa1e16c7e260f05d3847268982b256855d9d29e25f22d9f004e689","ssdeep":"96:cVFgJqJyxj5MUlnpFi7VgNvUMrQhggWO1igJONYNlz:cVEqJyxj5fl27VgNcMrxgWO1iwz","tlshash":"09a100bd87086186a13b867f97a28244cf7dc06792067e9cbe0f5a414fb67808753f8c","first_seen":"2025-04-15T05:22:24.523816Z","last_seen":"2026-04-11T01:22:54.475939Z","times_seen":74,"resource_available":false,"data":null}},"time_used":1231,"timings":{"blocked":492,"dns":1,"connect":249,"send":0,"wait":238,"receive":1,"ssl":245},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2025/03/1004683252.gif","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2025/03/1004683252.gif HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7223785a1633b0-LAX\r\nContent-Length: 169508\r\nContent-Type: image/gif\r\nDate: Fri, 10 Apr 2026 22:05:24 GMT\r\nEtag: \"67d54d99-29624\"\r\nExpires: Mon, 04 May 2026 17:47:30 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hk14oWwyddu3DWEJYilGTLxsMWwDkG6rJk1X%2BA67ApfIVo9sgOa30QfwGmzyLFjm0X6LhFEOWHITBpYqSAKKr%2Ftk2gP0SfSqG3DHDQTc0IygQHBsQ2SAF9%2BvHDk2Vli7pGwy\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":169508,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 800 x 360","md5":"5e5bd1788bf9f9f0e3362389cc0494d3","sha1":"aaca88c0fac21f814cb8dcd424b2fafac80aeb5d","sha256":"c75ec50aa65ce3f29422f6437499844667d93dda8d8b2225cc16c1b97b165ec9","sha512":"3e1edc7bc13f9d9285d5ff0abceca58db5fbff1a30b6018ba015b9f1d88a35f9c5cf600117c7f92b3b4838ae0c01144760c43ace636af43a6eddc45753ce03aa","ssdeep":"3072:StKa+fKUiKduQd6A23CcRwxRwxRwxRw25a1Fa1Fa1Fa1Fak:jCUBduq6A2SfUUU25a1Fa1Fa1Fa1Fak","tlshash":"f9f302fdc3982cae6ccfec9646f42d146da24484884257161802cee5b3f17fbd95ba78","first_seen":"2025-03-22T06:11:06.164351Z","last_seen":"2026-04-11T01:22:54.68769Z","times_seen":44,"resource_available":false,"data":null}},"time_used":793,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":229,"receive":461,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1005067984.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1005067984.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e96648d3c482378-LAX\r\nContent-Length: 451541\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:51 GMT\r\nEtag: \"69d6ea1a-6e3d5\"\r\nExpires: Sat, 09 May 2026 03:23:26 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:51 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rHSlBLvwsRegVpNN%2BRgswzb2NUKy4lM8%2FhAxV11NDS%2FDws6OLdGOy3zDfWqQ%2F%2BLv0DuT3iTGyHbsaYhyD3w1DutuDkqWL%2F3gw9nD%2FFKuHGn3sRpISAojdPtx14XQ%2FAA9FWrF\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":451541,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"41f91b393236516be7810b85c8395875","sha1":"bc1e76d21cbcb864b2b5ffbcb9947df19d442d1d","sha256":"2865f4834905cf2d11fbb2080d40e6aaf71dbfcb8616104bfa79805c1eea327a","sha512":"b3f5dbe42b11dffd1f6cff1a3cb7ed39d75bfddc4f71fb8b7e95d07ef1faedfa1c673fbb5ebb072ce83f22074be6c4ff2bfe71b0fa5ffb55d61d60f271f4d335","ssdeep":"12288:yw0Oy9id2XyyCahbVqGYLyWlWL0L40+w6CDvf:ywF+idpebVDYGWE4LH+w6Cj","tlshash":"9ea423491bd6748a4be6df287447602d174b27919e7bfa0f46be94e3fa0af0e50c0219","first_seen":"2026-04-11T00:48:34.413768Z","last_seen":"2026-04-11T01:22:54.674674Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3158,"timings":{"blocked":2905,"dns":0,"connect":0,"send":0,"wait":235,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gogo17.ubyt4z.vip/?refer=stdpk","fqdn":"gogo17.ubyt4z.vip","domain":"ubyt4z.vip","tld":"vip"},"ip":{"addr":"172.67.194.210","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:47.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ubyt4z.vip","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 04 Apr 2026 05:00:16 GMT","end":"Fri, 03 Jul 2026 05:57:40 GMT"},"fingerprint":{"sha1":"93:34:72:E2:A3:2C:D4:CC:4A:E3:A6:1F:04:09:FA:4D:EC:BF:B6:5C","sha256":"BA:3F:A3:8B:51:93:67:61:0B:5D:F4:3C:70:8B:CF:A0:42:06:F5:61:03:65:8E:0B:89:2B:A0:CB:00:D7:2A:1B"}}},"request":{"raw":"GET /?refer=stdpk HTTP/1.1\r\nHost: gogo17.ubyt4z.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://rtnsgs4q39p1vh.kfrse64990.top/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Apr 2026 00:47:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding, Accept-Encoding, Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-powered-by: PHP/8.0.28\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Origin, X-Requested-With , X-Device-Id , Content-Type, Accept, Authorization\r\naccess-control-allow-methods: GET, POST, PUT,DELETE,OPTIONS,PATCH\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jvfg4AjItrBus9rEYNUxqxtLLFAfbFiRXlzwwlawV%2BQRdfg3DuagR39jEWHE%2BP9IBKJ1Jv5qJEl1iHI3NEKItJdB0DWmN6%2F9AnFQM4WIv4tS66wQmlC5LcEp5jQK4n%2FIn8lI\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=7,cfOrigin;dur=133\r\ncontent-encoding: br\r\ncf-ray: 9ea5fb623f97b1b8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP:8.0.28","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":1742,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1064), with CRLF, LF line terminators","md5":"e2715f02dfc85d35b6d46310f83fd4aa","sha1":"7da827c97d7f02eac263d7c2f33040affc210f3f","sha256":"33be93ea20ca0a82d10cbc345cb973db588bfcfa233d6a8c38bed2b72cd24f66","sha512":"89a5554521c7ced3ed05a84736654aad710e874fdd16e63117757e3e4b7ef15c1c8b4098fcddccdb354b750a68163c1ee83bd5f50860af1a182a9c36e6a74a6f","ssdeep":"","tlshash":"87310bc83d122c1101ba30c251b1ca555bba321f2e674460f084fd86a4d96e5c027a2f","first_seen":"2026-04-11T00:48:34.414738Z","last_seen":"2026-04-11T01:22:54.572947Z","times_seen":2,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":54,"dns":30,"connect":1,"send":0,"wait":478,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/1026775811.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/1026775811.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e903a86ca33b941-LAX\r\nContent-Length: 183185\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:12:14 GMT\r\nEtag: \"69d59558-2cb91\"\r\nExpires: Fri, 08 May 2026 09:26:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:12:14 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x%2FZywFGj1t%2BLhkjt2cpRTdE%2BtNsm6mqKqPC9dM7wfBRFuLtbxTEpooNZHngFgDgBf8ozSO6FbWMeZYdx1SsdGitkSI10hmP33j2rH%2B%2B6rLNxxaIoZDvBAaOzLpyA3d8xbT7H\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":183185,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"0ceb966db1e4bc6657c362862cf8d3aa","sha1":"3dd8ccef379a188ed79ff15a43431493688065fa","sha256":"41559e3d30223f5683aee2dc8801389a1976cf5eebc56057b349a931785c05fa","sha512":"fe4b712d184329fee70426608d24a4674ada62b396f83a34cc85f07bf3969590d527aa3cca42c6e6a157026b56a6a0a70d75dee179c82cb99f9ec4b193a0715b","ssdeep":"3072:J6g6WLd9KNB/NT8MXXvovEC5SmABxzpme4jTvN2eoX0hdcS3SXUJ4KIk/p/qLokg:0gdKNBh8MP1C5S7dmdN7aA5v4KIk9qLS","tlshash":"580422b6f50fb195927a32f70496c5ab4537eb38c609545098beae5873028fc335fa2c","first_seen":"2026-04-11T00:48:34.415892Z","last_seen":"2026-04-11T01:22:54.654562Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4936,"timings":{"blocked":4695,"dns":0,"connect":0,"send":0,"wait":236,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/css/7.10.5/wrp.css","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.5/wrp.css HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=43200\r\nCf-Cache-Status: REVALIDATED\r\nCf-Ray: 9ea50a33de4778de-LAX\r\nContent-Encoding: gzip\r\nContent-Type: text/css\r\nDate: Fri, 10 Apr 2026 22:03:08 GMT\r\nEtag: W/\"65fd5697-642\"\r\nExpires: Sat, 11 Apr 2026 10:03:08 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:03:08 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dV5ghLeiXxiZ%2FsJ67ZoHMf04AzEITdZ0QBWhR5vldgkOJ%2FpoLq55Z0iCsWWYHVw%2BQUbnf%2FJJe4sYEFp%2FxPcL1vb5CsgMFykeR4T6TJLH13BoobBMzwoKBkWujR2W4wnyq6sE\"}]}\r\nServer: nginx\r\nVary: Accept-Encoding\r\nX-Cache: HIT, policy, disk\r\nContent-Length: 611\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1602,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"8b88ed829e2022bf3d31bbdb99b91b57","sha1":"e94360609d79f6e46739dda546813bdab0d4bd96","sha256":"afe0128ad43628592992ed22e78e86529ff60cd497560cb6b01a7825eea9c134","sha512":"c5b6961d75e1af599e128744f8fc2e049460da402e242a476ae8e90a3ecaa9e035e693446c7a75cc85f352294918c60f06310f26b529cbbce5aee6ce4df76604","ssdeep":"","tlshash":"1331cd5a51031048f52ba7ae4fdb071a1a6c1013b903dc3e37ea275d8f974bc91b3b5a","first_seen":"2024-09-20T20:15:34.535218Z","last_seen":"2026-04-11T01:22:54.48279Z","times_seen":76,"resource_available":false,"data":null}},"time_used":1188,"timings":{"blocked":473,"dns":1,"connect":235,"send":0,"wait":235,"receive":1,"ssl":241},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/js/main.js","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/js/main.js HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-121e\"\r\nexpires: Sat, 11 Apr 2026 12:47:59 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4638,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (339), with CRLF line terminators","md5":"bb2b1544c956afd1cf2351b3bad90c68","sha1":"2211051990325a5c1488d95d10a06fe1fc9f0500","sha256":"71fbcc8b37e5c0955d7c48e73ac979522f1667741a1a0543505f057856640393","sha512":"17ab72066a4d6de54ddb3f95faf4ad3d680eb701c3b12426da95855545f8ee184bb3bed8eeb9e1d692469d7d7e1791b16cd1925b1ef334722f953dd89ce3e2bd","ssdeep":"48:CdQv5Zi8eibF9rQB4NrQd0Uzw4CCu/1yK2X6GqlkUuYt+A+p72VXQqKxY86Otl7G:C2lF6mqqxPwKhkH8Vn122zdKYGpzbK0Q","tlshash":"71a11dc9b105917404f33222dbb76548ff9922ab8b565201bd2d5af02fb024be365fec","first_seen":"2025-07-01T02:08:25.04701Z","last_seen":"2026-04-11T00:48:34.417611Z","times_seen":7,"resource_available":true,"data":null}},"time_used":609,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":609,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/more_icon2.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/more_icon2.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 996\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\netag: \"698ac7a0-3e4\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":996,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 11 x 9, 8-bit/color RGBA, non-interlaced","md5":"aa3a33061fa856b951afc23cb13475a1","sha1":"81fec62ed7d130d2bdd2efc3a0ea7a3b9e70e136","sha256":"36b19178724f3c9fb95f71b4ba87edac9ebe53bbd9fb73f1b525aab2deee0c01","sha512":"76a7b58c0ccc0f83a55c793acff5954d486eed3a8238258b103972a4a8bf3f16e16742c057735cf77ce74cdbfe372cd121c1e0becdeaf3f2d3933f9684d1cb10","ssdeep":"","tlshash":"8d11e18df9606480be58f5e134ea90b3de53c6c099d1f0f9e9dac40a0d712b54c5d4cb","first_seen":"2025-07-01T02:08:25.019031Z","last_seen":"2026-04-11T00:48:34.418131Z","times_seen":6,"resource_available":false,"data":null}},"time_used":581,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":580,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/images/bottom/wd.png","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/images/bottom/wd.png HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7a22fcdd5cdb6e-LAX\r\nContent-Length: 3704\r\nContent-Type: image/png\r\nDate: Fri, 10 Apr 2026 22:51:15 GMT\r\nEtag: \"6669825d-e78\"\r\nExpires: Tue, 05 May 2026 17:05:16 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:15 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PS9EimC646qNJKPAYOIvJMwHH4zl3DYTm%2BJiszEo8v4WJa6RIeJsVBoCbtVPHMdZDkr69K34zD6vz%2FKkGEgQ%2FY2SeK%2BEWfZGo1%2FfOG7Q22TET%2B9ECVx1KblVyjFtVL2u%2Bfex\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3704,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced","md5":"588823724cec3dbd62a0810c32197b52","sha1":"c74bc9f1bddac9f9d103f05f7c0a7ada521d8114","sha256":"368c909448bdddd9f88fdff25d96ab3060f2f06ea956fd03baad23c3c28fd2f6","sha512":"ddceabce724013d0cd6ba4207063823a093d5362276867f5498bec96f191005220ddf93aea76c2d8100afb05972c9a9ec6031ab970c571ad347e87ed76f14ecf","ssdeep":"","tlshash":"62714cfb28fe8e1641ce9fb4826378b95a80558e9051db7c8779247e578a8977033c0e","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.614646Z","times_seen":86,"resource_available":false,"data":null}},"time_used":1168,"timings":{"blocked":929,"dns":0,"connect":0,"send":0,"wait":238,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2237681901.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2237681901.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9ea128ff4a432ad3-LAX\r\nContent-Length: 422840\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:49:12 GMT\r\nEtag: \"69d83cb8-673b8\"\r\nExpires: Sun, 10 May 2026 10:45:07 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:49:13 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IczE1s2%2B2qlitaGB%2BekKcPS4rA3cNQy4r779%2BIlFQ1UcyABkkixKXkeETP1zQGjZc%2FuecYDnVUnIwBBanDEGFOBh6igOFiqfaYu9uWMm3Vx%2B5SlQLmKqNSlIQ88M9DDb3l2R\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":422840,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"eb276aeb54668bb4c00e31b685490f55","sha1":"0659bcd30ebe232dcce6e8eb24982d24e00eee3f","sha256":"9df1b9290fd97859862e0d8934d33f0269ec962581e9b508c1d3708b8d9b0e12","sha512":"b8beb05ae74134f8c3284e152306cd59909b3ee57efabd915b10881aef82e4733d4daf826e71221623ab2690122f440924d0a80e2ec51eea0880005f2742a59b","ssdeep":"12288:8r6zQTvQyGBOBQCGhj7oXmPVt9CqK8Hk3XOJmt:8oQTvgBOBk58XKVt9CqKdXOJmt","tlshash":"39942364cde039429668c90300ab671b9e5f7f06620eca1b159b2d92cd44bff374a9fd","first_seen":"2026-04-11T00:48:34.420211Z","last_seen":"2026-04-11T01:22:54.681172Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2726,"timings":{"blocked":1268,"dns":0,"connect":0,"send":0,"wait":235,"receive":1223,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/b4.jpg","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/b4.jpg HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-1cd16\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":118038,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2048x921, components 3","md5":"3664a49ba27aa2c26080b4e0fd1e80a5","sha1":"e9a7b8764b838732a9bb773c319ed551c8e5bd6e","sha256":"8072a06f6e0e9c8bb2e382c2b12cab44adc1e849e92b5008a0def41bd0f9368b","sha512":"36fa1076936f9d6f2b1dbcc0cf36691ab3899593fa4f1d8d60f43a19b1d073ea0467efd871102f020073e4c360258e7f1c7c91df54ee63ba8d9f787212d6cbb4","ssdeep":"3072:UrhNUAO8RahKxAbk8Pyz96uS1DOb69vq2JMt1/7Pk:2hmYR8bJPGSEOp8/Y","tlshash":"5eb3123bf01aa352f86eabb0b947d335f8492af951155cb52b1fac3560fdc801c6912c","first_seen":"2026-04-11T00:48:34.426523Z","last_seen":"2026-04-11T00:48:34.426523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":644,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":644,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2025/03/3718098066.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2025/03/3718098066.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nAge: 174025\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: HIT\r\nCf-Ray: 9e863e947f591ad1-LAX\r\nContent-Length: 58571\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:05:24 GMT\r\nEtag: \"67c807b0-e4cb\"\r\nExpires: Tue, 05 May 2026 04:00:50 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7X76xrzm2CKX%2FhTwI3Dp%2BfFriCRatcYoNrkRhG%2FFaxUTZomRrwRYrlA1%2B5gKg25K4KVEU9gdcY3iVu%2BQSVIglHBLJAM7VyMZVxnGQk9tAENB65NpSkJyYTSs8A9WpfRFeXmp\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58571,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 833x250, components 3","md5":"4dae48371f86dca27924b068a6865197","sha1":"8e8a288b28b9a7beacf5dfdd509fb15b9394048c","sha256":"b350bb3415f38fde921041992bee554a27b634ec04e4ccde1ac7e41f94065b61","sha512":"be8f24c828e6fb07094499b91cac89cc65c8342403eb5ad68baf2d002043d472f5c94eb25101dec7914a1144cbc5f4d99f96ee02fe30095f4b98cc0280b757f5","ssdeep":"1536:6JjpA1rDEN6qwZzKesBxboq5bVBEUmyUQfVe:qjMrE6xz07k4V6UmCI","tlshash":"a643012cab226bd070658c35d8013da4b8ebf355ecfc20ec8fd56998de465e3d249297","first_seen":"2025-03-06T22:22:44.568471Z","last_seen":"2026-04-11T01:22:54.690578Z","times_seen":46,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":180,"dns":0,"connect":0,"send":0,"wait":239,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/785338602.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/785338602.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e776e6c1c59db5e-LAX\r\nContent-Length: 232786\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 22:05:25 GMT\r\nEtag: \"69d1c56b-38d52\"\r\nExpires: Tue, 05 May 2026 09:12:28 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:05:25 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5jQh4aY6TqDi%2BW1ZZAT4cp0MAd2r0N6uxd%2Brr%2FGdgFArJr7%2FS7x1hOp5Ka2GeQgCyGnnlO4iuiwTToNnQgRJ0oI4QbuHfGhpA1XUxp2uzc8Kye1BOEotZ9mML%2BgTi%2B8jKHzh\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232786,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"5210b6999a3f721eb18452c7094eb56e","sha1":"b7bcd10e8ca4f9dadcf200b79f459446c0fbc06f","sha256":"9b4ff43b4ab379fdda34073125d7da55c3b0cadecd9d01362096bfb8e0b0965f","sha512":"d107e175cd03782266a6c3f731c316c4241d50b19ffea4300cb6942ff8d3335e0719e5eb25b4fba0a674c98b02ee07196d70d42e9b6bea7bbf008b4d8d1aa4ad","ssdeep":"3072:pxXjcodGY/Ni0BhRYJgtHdWtz9gRrEYZSndWuePs60DNKtfXGDp/6D7HLNbGbM2X:7LJl5h+Y9eKr7SdiiKtvKK7stKHBc73","tlshash":"473413ead10c0ab296d89fe77fcd142587aaf61d99fdaa6c9b071223705ddf8811103c","first_seen":"2026-04-11T00:48:34.429744Z","last_seen":"2026-04-11T01:22:54.623683Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1602,"timings":{"blocked":1149,"dns":0,"connect":0,"send":0,"wait":225,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/uploads/2026/04/2109726945.jpg","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.78","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/uploads/2026/04/2109726945.jpg HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e96648758cd3f37-LAX\r\nContent-Length: 565056\r\nContent-Type: image/jpeg\r\nDate: Fri, 10 Apr 2026 21:35:51 GMT\r\nEtag: \"69d6e8ce-89f40\"\r\nExpires: Sat, 09 May 2026 03:23:29 GMT\r\nLast-Modified: Fri, 10 Apr 2026 21:35:52 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N7Gt07wslOcTCdRmYmMhJhcOz%2BZmJxuB%2BE3Zv5X5dAd3T3W3XUNP%2FQgDNJC7S6pojYtc3EsfBTP7mlxFFwIJ6OyLJYAvu8DBqnI4KiqnI6qudat7OkiTcYl5DMia8Gj3KUM%2B\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":565056,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1180x580, components 3","md5":"a268fde43c5c62bb749e55c630e18654","sha1":"8827a7fd248349c10be1459cfae613b20feedc69","sha256":"88da606248f4475fec1efe63d2c1030c2e45d3614a868cb36a33159c0873a7c2","sha512":"d3bb44eb5d57116f024e26760f584a763f6aa8d771bd29aae4c04b4dd0df31ea58e4b9934fceae2566707ba90b230cde1f372b353fa07674848845c3fa72ab13","ssdeep":"12288:Zk/bUeqBoLo/LVH/SxhFhzthPV8wGl2CmUbvVRnZP/z2rmxty:Zk/zqShFlthKpDTV/P/qaxty","tlshash":"78c42308146bc4054fae9a76bdcfb1b4375530da41ccae85f6dc2c9ed1c808b9af651e","first_seen":"2026-04-11T00:48:34.43146Z","last_seen":"2026-04-11T01:22:54.48519Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5395,"timings":{"blocked":3116,"dns":0,"connect":0,"send":0,"wait":225,"receive":2054,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/event/js-sdk-event.min.js?u=3IWDrcHiXwq9j9RH","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:51.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":""},"issuer":{"commonName":"Keymatic Secure Domain RSA CA G1","organization":"PKI(Chongqing) Limited"},"validity":{"start":"Wed, 01 Apr 2026 06:48:26 GMT","end":"Fri, 16 Oct 2026 15:59:59 GMT"},"fingerprint":{"sha1":"F0:4F:0E:62:84:89:BD:2B:8E:53:1E:AC:20:70:16:C2:F7:E9:C1:C0","sha256":"54:9F:ED:D0:8F:D4:0A:5F:31:95:55:FD:E0:E6:13:F2:09:8C:39:E1:01:31:98:FA:1D:DC:20:CD:20:19:7C:F5"}}},"request":{"raw":"GET /event/js-sdk-event.min.js?u=3IWDrcHiXwq9j9RH HTTP/1.1\r\nHost: sdk.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://ftgy.drvhg2at.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 15 May 2023 03:19:51 GMT\r\ncontent-encoding: gzip\r\netag: W/\"6461a4d7-127d3\"\r\nserver: openresty\r\ncontent-type: application/javascript; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncache-control: max-age=1296000\r\ncontent-length: 21583\r\naccept-ranges: bytes\r\ndate: Sat, 11 Apr 2026 00:47:51 GMT\r\neo-log-uuid: 8826879492531791987\r\neo-cache-status: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75731,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65308)","md5":"d8b86cb6f6c21e85b9c937dfdb9c2d28","sha1":"b4d1693de341bc8907adf4ce9c92ef81fded922b","sha256":"76321b4c7a653d40fb72e4e2501842d3b12f3bd2822e7d1103054eeff1a6a53c","sha512":"5557b2e594e8fa69722453a399c2b48335a241f01ab22c1ae151a98fa637139372d9105c7d48428d0af31cc9c7d70672fd0ad59f58823963e813d528434e3b1b","ssdeep":"1536:Mm/6jaOdXslehi41GvwsciNxLbxLcBXs1v3kjs+TTk1TVBSYreiMUGsnJ9+Saebb:MmDS8SOZ","tlshash":"3c7309de31c2b07253e7316a106f610bf13a5d556c0e5820f215d999bc78e8b82bbf6e","first_seen":"2023-04-07T05:45:48Z","last_seen":"2026-04-11T01:22:54.67324Z","times_seen":1549,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":48,"dns":1,"connect":19,"send":0,"wait":23,"receive":1,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rtnsgs4q39p1vh.kfrse64990.top/","fqdn":"rtnsgs4q39p1vh.kfrse64990.top","domain":"kfrse64990.top","tld":"top"},"ip":{"addr":"156.234.139.98","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kfrse64990.top","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 06:55:45 GMT","end":"Mon, 15 Jun 2026 06:55:44 GMT"},"fingerprint":{"sha1":"95:C0:01:5F:0D:77:AA:0A:A4:5E:C9:D5:BF:D4:D6:42:A6:28:33:0E","sha256":"54:74:9A:28:2E:25:2B:0C:5C:0C:E5:9C:CA:A1:AC:5F:D0:20:40:6A:0C:5F:02:3C:7A:E5:73:70:22:4A:8E:AC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: rtnsgs4q39p1vh.kfrse64990.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:46 GMT\r\ncontent-type: text/html\r\ncontent-length: 847\r\nlast-modified: Tue, 17 Mar 2026 07:52:57 GMT\r\netag: \"69b90859-34f\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":847,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"acbbced298640d3d795854797677c562","sha1":"524f2f86602bcf863265ffff09445ca227cd639b","sha256":"bd70c9f87cf75d388753800b5bf60570d9cfb4dee66731f732e797fb2688c167","sha512":"8f22d6e2b3672a0ffc100578b3557e97fc0c98a1885ab0b5f02a903d8d4f789cf3a0de6676b9ae1748d7bfeeb1814bdcc3a1a2f53592e1e6eb5803fec8968ac1","ssdeep":"","tlshash":"100108aec5e066392112184de01d385c7c9354cfdc8cc962a81cdde7657496707ebaec","first_seen":"2026-04-11T00:48:34.433114Z","last_seen":"2026-04-11T01:22:54.696862Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1233,"timings":{"blocked":503,"dns":51,"connect":223,"send":0,"wait":224,"receive":0,"ssl":229},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cnweb-nencao.com/themes/cnweb_nencao_com/skin/img/right_icon.png","fqdn":"cnweb-nencao.com","domain":"cnweb-nencao.com","tld":"com"},"ip":{"addr":"156.234.197.188","port":443,"asn":138415,"as":"Yancy Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cnweb-nencao.com/","date":"2026-04-11T00:47:45.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.cnweb-qqcvideo.com","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Wed, 18 Mar 2026 01:00:00 GMT","end":"Tue, 16 Jun 2026 00:59:59 GMT"},"fingerprint":{"sha1":"20:54:2C:35:6F:34:AE:46:55:B0:36:5B:75:68:38:13:67:FF:AB:E3","sha256":"FE:84:4F:4B:5A:54:D7:98:F2:3C:4A:C8:63:FF:A1:3D:3F:8C:D0:D1:E0:4B:87:3F:24:29:5C:A6:A2:03:8C:C1"}}},"request":{"raw":"GET /themes/cnweb_nencao_com/skin/img/right_icon.png HTTP/1.1\r\nHost: cnweb-nencao.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cnweb-nencao.com/themes/cnweb_nencao_com/skin/css/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 11 Apr 2026 00:47:59 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 10 Feb 2026 05:52:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698ac7a0-6d3\"\r\nexpires: Mon, 11 May 2026 00:47:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 37 x 37, 8-bit/color RGBA, non-interlaced","md5":"68de24fb333ad293679a040fdaedc991","sha1":"e548bd375fb079d66e21ba374293753c2f08b5c2","sha256":"24cc5c165fb75e7815d3df3cb1ce90f2c63fdfd241f6ebddb4a425e896e0c042","sha512":"9fc0f854c9a841b81455d3dc814a083720600531b872f59b0ce1c46b3e445b8bc5e885bda895d266b1670b4ad811e3026fa9ed15ff2741af94f2c9c540e538ff","ssdeep":"","tlshash":"9e3196cab9819441718ce1d728f3600b76278881e6a4d536acdecd1a15ba1fd441ddcf","first_seen":"2025-07-01T02:08:25.040238Z","last_seen":"2026-04-11T00:48:34.434207Z","times_seen":6,"resource_available":false,"data":null}},"time_used":588,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ftgy.drvhg2at.icu/usr/themes/Mirages/images/bottom/fl.png","fqdn":"ftgy.drvhg2at.icu","domain":"drvhg2at.icu","tld":"icu"},"ip":{"addr":"137.220.191.75","port":443,"asn":152194,"as":"CTG Server Limited","country":"Japan","country_code":"JP"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ftgy.drvhg2at.icu/","date":"2026-04-11T00:47:50.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.drvhg2at.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 29 Mar 2026 09:14:03 GMT","end":"Sat, 27 Jun 2026 09:14:02 GMT"},"fingerprint":{"sha1":"B0:80:AF:29:D5:D2:E1:34:1B:76:87:F2:58:EC:40:DB:11:77:2B:B8","sha256":"46:8C:3B:BC:9B:64:09:B1:86:D6:25:D8:5C:D0:41:16:0F:EF:60:69:A9:81:54:E9:AC:AF:AE:98:D0:A2:25:D1"}}},"request":{"raw":"GET /usr/themes/Mirages/images/bottom/fl.png HTTP/1.1\r\nHost: ftgy.drvhg2at.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ftgy.drvhg2at.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nAccept-Ranges: bytes\r\nAccess-Control-Allow-Headers: Content-Type, Authorization\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=2592000\r\nCf-Cache-Status: MISS\r\nCf-Ray: 9e7a22fa6e1ab6c9-LAX\r\nContent-Length: 3365\r\nContent-Type: image/png\r\nDate: Fri, 10 Apr 2026 22:51:15 GMT\r\nEtag: \"6669825d-d25\"\r\nExpires: Tue, 05 May 2026 17:05:15 GMT\r\nLast-Modified: Fri, 10 Apr 2026 22:51:15 GMT\r\nNel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nReport-To: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VbWGBJIm7ZsRpIRNNxgGJ9tDBc1WEDEu9bx6P7ZdwA3O3eCIxM1ldD7Y4VdoghkoXtMpJiMA7b0pZwYegGcrQx9FYyfOWCv5iHjwQ7aFxj%2FUlhexdACm1OKpFK3nMGlXbC5G\"}]}\r\nServer: nginx\r\nX-Cache: HIT, policy, disk\r\nX-Proxy-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3365,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 63 x 63, 8-bit/color RGBA, non-interlaced","md5":"079dace0ed908000bd3f9c9efc74fde5","sha1":"f357a280da1ad62837128299b17fe83573e8389e","sha256":"3de155a5917eeac88be764edd87b9428b17c11cd0a7778af63bfc9e4bdd8ecfe","sha512":"04ff2bc24f07b03c8153ea522e3f1499d1a75a517788b362e60873fc2fe4a33091baa7f714a3625a2fa1a0c6327dd3b77c795404cf615008900ade69221db831","ssdeep":"","tlshash":"d8615ca63e0797804c96bba40550059448ef6a2deb44bbd64c603a41b6bb819eccc8fe","first_seen":"2024-06-29T06:36:42Z","last_seen":"2026-04-11T01:22:54.648176Z","times_seen":86,"resource_available":false,"data":null}},"time_used":1160,"timings":{"blocked":930,"dns":0,"connect":0,"send":0,"wait":229,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-11","alert":"Sinkholed","trigger":"ftgy.drvhg2at.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}