{"report_id":"9bb41713-5359-4c79-bfbd-b5632a56dc0b","version":6,"status":"done","tags":[],"date":"2025-10-10T03:15:11Z","url":{"schema":"http","addr":"admin.mli1agc8xuzvbhd0.com/cotae/","fqdn":"admin.mli1agc8xuzvbhd0.com","domain":"mli1agc8xuzvbhd0.com","tld":"com"},"ip":{"addr":"172.67.128.228","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"title":"蓝色導航-中立纯粹好网址导航"},"submit":{"url":{"schema":"http","addr":"admin.mli1agc8xuzvbhd0.com/cotae/","fqdn":"admin.mli1agc8xuzvbhd0.com","domain":"mli1agc8xuzvbhd0.com","tld":"com"},"ip":{"addr":"172.67.128.228","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-14T03:15:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"aa91632368.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"aa91632368.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-10-05T22:12:07.052692Z","alert_count":0,"request_count":1,"received_data":375343,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xn--x9t711b.dear2.cfd","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-26","domain_rank":0,"first_seen":"2025-10-10T03:15:11.703912Z","last_seen":"2025-10-10T03:15:11.703912Z","alert_count":0,"request_count":5,"received_data":154449,"sent_data":2618,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"i.ibb.co","ip":{"addr":"45.43.142.2","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"domain_registered":"2010-07-20","domain_rank":21643,"first_seen":"2018-11-25T10:13:48Z","last_seen":"2025-10-06T03:33:36.947933Z","alert_count":0,"request_count":1,"received_data":339278,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"aa91632368.com","ip":{"addr":"104.160.179.230","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"domain_registered":"2025-06-18","domain_rank":617955,"first_seen":"2025-06-23T15:47:53.733188Z","last_seen":"2025-10-04T05:56:44.647108Z","alert_count":2,"request_count":1,"received_data":408843,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"admin.mli1agc8xuzvbhd0.com","ip":{"addr":"104.21.2.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-18","domain_rank":0,"first_seen":"2025-10-10T03:15:11.706028Z","last_seen":"2025-10-10T03:15:11.706028Z","alert_count":0,"request_count":1,"received_data":147307,"sent_data":501,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-03T20:57:12.956011Z","times_seen":359387,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c5f7cd3dac56093d989b6171ea8bf6ff","sha1":"4136cd27680f064a14834cf2bbc8e5a748cf4faa","sha256":"40f2658e23c08bad51cad3ec1387ce0b23dd5a1f36da815a159b69cc7974c875","sha512":"0370eeb96c72f8843479e9fe3f5bad75e7eb23a6c3c99653127ed638cfa2a49f58e4dbc9c7a52b6d600ecff8da38e39f1fe7de1ac5965ad4fba69cdb848e01a1","ssdeep":"","tlshash":"bbc02b8c310f6cb051d72b000b1fba00f0063100d4e02c30080563089d30d07abc8c14","size":143,"data":"","first_seen":"2024-01-28T13:04:05Z","last_seen":"2026-01-13T12:39:13.776176Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a6c4b9e7723f3922fdcd0017c1023b60","sha1":"2fc70a1591b4caca2875799267b0fd6f59d6600e","sha256":"befbf56cf420cf4542f9a5f4de2c507e5ed3a3f5a3b0b9d08680a8d93ac646aa","sha512":"1500aba5dd169f3f662540a9dc494c06738b2f3d8001d7042a417b1ee2d2078458c02cc1b16b299d369f1995b54996bc03adf493a045a6ac57454697eed8d8d7","ssdeep":"","tlshash":"94e0ab2a98a7863c4ce53a041078c57d30f834a09aa3d017520cd85cc429fc50c01aad","size":416,"data":"","first_seen":"2023-07-06T13:38:49Z","last_seen":"2026-01-13T12:39:13.777181Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7f98f2374c469c26e317cb83a6e0ad2f","sha1":"fabb1fa9b8f15f149aa3fddd269ffb61564e6b23","sha256":"f260371436e81ef80830c9b45f9f5f069059527f8f1585794536a27d6834e4a0","sha512":"c252e9c4dd54acc4882d6e9f652d662953575536e56934d2547c8964aafa1d3d3f19a932b6ffd9edfc12b73da04095cab00377f0e0d8b78b4cef35e3cc7173c8","ssdeep":"","tlshash":"a0d023b06b555117177a1122e074de643c74b033df07660ccf1f5c79104c56d1d60448","size":224,"data":"","first_seen":"2023-07-06T13:38:49Z","last_seen":"2026-01-13T12:39:13.778645Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-9ZXTNDVDMV","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8e1a0936f709cd7ac9ed3c7b0e954f57","sha1":"1b1615b68f5558bc57a2cbdd11d5d2dc4379defa","sha256":"41698d9ca77ecf3302f533a6f6a8d2bc650716408b132ebca80b1fc32c864bcb","sha512":"9310cbeac6a131fd67b8eb599c9335a98d9c1bc8b7021ac875bb8215d6ea245d4420f5200a100233f3bd542a71fa87d15894c700ae440a3b4d17a937b51303c6","ssdeep":"6144:fZ/yp2K4tk0uwbWZJT+Nju5204OZSkndXAQa:oYZm0KZJu0JO","tlshash":"e28419ce73d674665392a478503f018bb57b2892f44cc899f18adee52e70a9a0137f7c","size":374739,"data":"","first_seen":"2025-10-10T03:15:17.307002Z","last_seen":"2025-10-10T03:15:17.307002Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"f82307f6a2c9ed9f82ca52732e8c51b2","sha1":"c7a688e8b815d42ced84c3530077346379b3a543","sha256":"fbc48849af46bfa2f2f6beae5ba8b36cde2502a1d043b6473c0379797fd0f88d","sha512":"ff100de3fa0fba24b1e3b0eb459830eea328a923717e900bafd254d9bae74944594a77b87a1f3e34a023f644172f3a3395b307bfe393da037e670b5023c05dd7","ssdeep":"","tlshash":"07a02200c03e2832ac320303ec02cc2c02002b02a3af0820c220ccf222280c0300838c","size":70,"data":"","first_seen":"2023-07-06T13:38:49Z","last_seen":"2026-06-02T20:20:02.576636Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d638392650684960bfb1ccfd784506dd","sha1":"23d63b2ebdf5854df51f2e25036cc0c8e8b73c51","sha256":"b8b5a1c20ec88e0cbafb39a0b1f331a1ca21b7431c03d785afddefbe108480f7","sha512":"5ef01991bf9fbceafbad7ca3986d500116f2f6da3b032b8b05bd320ee7cc59ccc345f35f052451ae25ec90671167cfdd485cdadca5d2554c192f21d551ce802d","ssdeep":"","tlshash":"039002645e86820b11bb1191c531dd544456649fc3115c1c5468186e61083bf6c0249d","size":57,"data":"","first_seen":"2023-07-06T13:38:49Z","last_seen":"2026-06-02T20:20:02.577234Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"af0c41d3e6909eae31d92ec3cd4498a5","sha1":"c2ee789b9619ac9a1328c49e90345104a0651e00","sha256":"b93fdf5ef8ab0328fdaa4d8bf468aae6af7d5db6c0d3d34a470d36ab2152ec59","sha512":"dd5665e7ac3c4279eeabdddf6d7b4eeb85d4dc9d3b29a8150cee07b17734c00d65f1dd6caaa5be7b4fd305177919516e68db2be1dbf731bfee169351e218b6b1","ssdeep":"","tlshash":"744000000000000f000030000000300000000000000000000000000000000000000000","size":6,"data":"","first_seen":"2023-03-07T01:07:12Z","last_seen":"2026-06-02T20:20:02.578595Z","times_seen":196,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-9ZXTNDVDMV","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:45.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:34:17 GMT","end":"Mon, 08 Dec 2025 08:34:16 GMT"},"fingerprint":{"sha1":"71:28:4D:CB:A8:43:CE:20:8D:C2:D0:1C:15:47:53:FB:EE:1F:E6:6C","sha256":"FD:F8:A3:C0:21:C0:03:15:43:2F:C7:36:8C:50:6A:39:57:B4:06:6A:0D:82:33:AB:55:A7:80:D2:E3:79:B8:11"}}},"request":{"raw":"GET /gtag/js?id=G-9ZXTNDVDMV HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 10 Oct 2025 03:14:45 GMT\r\nexpires: Fri, 10 Oct 2025 03:14:45 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 129612\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":374739,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"8e1a0936f709cd7ac9ed3c7b0e954f57","sha1":"1b1615b68f5558bc57a2cbdd11d5d2dc4379defa","sha256":"41698d9ca77ecf3302f533a6f6a8d2bc650716408b132ebca80b1fc32c864bcb","sha512":"9310cbeac6a131fd67b8eb599c9335a98d9c1bc8b7021ac875bb8215d6ea245d4420f5200a100233f3bd542a71fa87d15894c700ae440a3b4d17a937b51303c6","ssdeep":"6144:fZ/yp2K4tk0uwbWZJT+Nju5204OZSkndXAQa:oYZm0KZJu0JO","tlshash":"e28419ce73d674665392a478503f018bb57b2892f44cc899f18adee52e70a9a0137f7c","first_seen":"2025-10-10T03:15:17.307002Z","last_seen":"2025-10-10T03:15:17.307002Z","times_seen":1,"resource_available":true,"data":null}},"time_used":405,"timings":{"blocked":148,"dns":1,"connect":21,"send":0,"wait":44,"receive":57,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/logo.gif","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:45.650Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dear2.cfd","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 24 Aug 2025 10:29:21 GMT","end":"Sat, 22 Nov 2025 10:24:52 GMT"},"fingerprint":{"sha1":"17:7C:FC:D3:21:B1:CA:4C:C1:E6:43:16:86:AB:EC:74:98:6A:98:C2","sha256":"3A:39:FF:C1:5C:09:8A:D2:0C:02:2F:CA:56:A5:DB:86:6A:6E:BA:E8:CB:CE:73:2B:E3:F3:F5:B5:90:E4:AB:91"}}},"request":{"raw":"GET /%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/logo.gif HTTP/1.1\r\nHost: xn--x9t711b.dear2.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 03:14:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 969\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Apr 2023 14:55:00 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"643d5dc4-3c9\"\r\nexpires: Sat, 08 Nov 2025 13:36:42 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nage: 49082\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vu8RdJ3WivgmyR1B1Ez3jzFK4hp%2BDlfCBCuIkwUoPulF57ZXuHZtWikO8EnC7%2BoS2i44xkh5cOzzroHDzpK%2B6blKwA82NGPB3pHDlO0Z69UrmKM%3D\"}]}\r\ncf-ray: 98c2f30b4f0256ca-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":969,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 260 x 60","md5":"d62653cc0e05d1acc152055cafbdff59","sha1":"386ee166416b68ede7f330105a5ea78fcf0ff835","sha256":"476c945dd01d4b0a6491f0d4cddd9da94ca0b077d7eee3923bb1838eede41a82","sha512":"f27a7e2b7586f32ea860e17e43a0490adf3db50e99d8bcd4d16dc19c08999935809d2941cda53832dabcb070a93f265c874eda8dc84dd6d51a36cfa3def8059c","ssdeep":"","tlshash":"24110818ede016c895f88d501c2e33b34b65c954490288cf1a2c0f94a11be6f4929a9c","first_seen":"2023-07-06T13:38:49Z","last_seen":"2026-06-02T20:20:02.546622Z","times_seen":59,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.ibb.co/nsSWCpLK/U-900-X50-8.gif","fqdn":"i.ibb.co","domain":"ibb.co","tld":"co"},"ip":{"addr":"45.43.142.2","port":443,"asn":215751,"as":"Mikhail Fedorov","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:45.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ibb.co","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Mon, 18 Aug 2025 07:17:47 GMT","end":"Sun, 16 Nov 2025 07:17:46 GMT"},"fingerprint":{"sha1":"30:62:E2:16:F0:8D:8F:C4:30:EF:67:44:60:2F:45:29:D1:5B:AF:94","sha256":"EE:AB:93:C9:6B:44:94:94:F6:EE:CA:98:DE:CE:BF:A6:25:9F:C8:76:A5:43:59:77:38:DD:D2:23:F7:9C:B1:70"}}},"request":{"raw":"GET /nsSWCpLK/U-900-X50-8.gif HTTP/1.1\r\nHost: i.ibb.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 03:14:45 GMT\r\ncontent-type: image/gif\r\ncontent-length: 338914\r\nlast-modified: Wed, 09 Jul 2025 12:55:30 GMT\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":338914,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 900 x 50","md5":"276773c9c494b1ed6e20b4d0cd61861c","sha1":"f50d7b19836b8942aa0a8d0b378face7afc6e3e9","sha256":"c6d0cc8148b484159ef361bf90b037d47ace080de4393642e0dfdc12800192e4","sha512":"c14cf188ab8fc5706419f411404a07844cd2a8d744dcac795eae5d5dcf602104850e42a7ee3ae88440a2c72886dd031776738a1acd0bd98f6d1fd7a3ef7afaef","ssdeep":"6144:ukgdXnpq4QxrBBDyamxiVstHTjBwzZwzZwzoXeuywwPrcB/Qiuuz:bkpq1Nz1sXazizizoXeubwPrcF3uuz","tlshash":"307423be49d0e19439a4fd1b3467bf72a52de1df941198021c14facacf0729e8974f26","first_seen":"2025-08-07T16:20:58.113975Z","last_seen":"2025-10-10T03:15:17.324059Z","times_seen":25,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":48,"dns":0,"connect":22,"send":0,"wait":23,"receive":110,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aa91632368.com/5cda39793bd947f5a43a34228b7c4380.gif","fqdn":"aa91632368.com","domain":"aa91632368.com","tld":"com"},"ip":{"addr":"104.160.179.230","port":443,"asn":46844,"as":"SHARKTECH","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:45.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aa91632368.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sun, 17 Aug 2025 00:00:00 GMT","end":"Sat, 15 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"41:B9:2B:C1:66:3B:42:2C:B7:32:7F:18:5B:19:03:4B:EA:83:60:5B","sha256":"BA:D0:7F:50:EA:DC:29:A1:45:3E:80:27:62:AD:EE:8B:AE:21:BC:6E:F6:82:4B:F3:A0:DF:E9:24:E5:C2:96:D2"}}},"request":{"raw":"GET /5cda39793bd947f5a43a34228b7c4380.gif HTTP/1.1\r\nHost: aa91632368.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 10 Oct 2025 03:14:47 GMT\r\ncontent-type: image/gif\r\ncontent-length: 408517\r\nlast-modified: Thu, 21 Aug 2025 08:30:35 GMT\r\netag: \"68a6d92b-63bc5\"\r\npsc-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":408517,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 960 x 80","md5":"d3a85dcbc403bbbfa16b73da5230b1f7","sha1":"2b2d3a636bd4ea2079b47ffaa0cc092d4c392347","sha256":"7552926662b3873a733745d142753755830f6992a0cc89857f9b5b2bcc41d6a6","sha512":"9ef8910b43f70c97180692f3f29cc70281546dabb54900f72c5dd60fc8aa36fb20df8c3783761b6024d614fa0ba9efe6d54994dcec34dc1ef46654594e98d4e7","ssdeep":"6144:LHRx4HNUX4HNUX4HNUX4H1uiObnmwgWwOmwgWwOmwgWwOmwgWC7j0ig1oaolCg1g:ri//fYmTbJTbJTbJTWtSaGSaGSaF","tlshash":"e79412e6ecb5442a8d4938533ed67579fbb35611aeec9f002d26fb531046f2010b2eb5","first_seen":"2025-08-22T01:28:43.008984Z","last_seen":"2026-01-22T02:39:00.432742Z","times_seen":133,"resource_available":false,"data":null}},"time_used":3688,"timings":{"blocked":1361,"dns":770,"connect":168,"send":0,"wait":231,"receive":726,"ssl":429},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"aa91632368.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-10-10","alert":"Sinkholed","trigger":"aa91632368.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:45.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dear2.cfd","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 24 Aug 2025 10:29:21 GMT","end":"Sat, 22 Nov 2025 10:24:52 GMT"},"fingerprint":{"sha1":"17:7C:FC:D3:21:B1:CA:4C:C1:E6:43:16:86:AB:EC:74:98:6A:98:C2","sha256":"3A:39:FF:C1:5C:09:8A:D2:0C:02:2F:CA:56:A5:DB:86:6A:6E:BA:E8:CB:CE:73:2B:E3:F3:F5:B5:90:E4:AB:91"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: xn--x9t711b.dear2.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 03:14:45 GMT\r\ncontent-type: application/javascript\r\nexpires: Fri, 10 Oct 2025 04:02:45 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FtOt%2Fno1d5G%2B%2FBlSY27VK%2FIcUUonFDW38zWNqydLnz1Im2ZP0D9DFSk%2BqjrgQlEWpIt2hUtCRF81T1BEO9k%2FZg5ulZm3m6fchRvtzQPpfXBfm%2BY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 98c2f30b4f0356ca-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-03T20:57:12.956011Z","times_seen":359387,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/top.jpg","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:45.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dear2.cfd","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 24 Aug 2025 10:29:21 GMT","end":"Sat, 22 Nov 2025 10:24:52 GMT"},"fingerprint":{"sha1":"17:7C:FC:D3:21:B1:CA:4C:C1:E6:43:16:86:AB:EC:74:98:6A:98:C2","sha256":"3A:39:FF:C1:5C:09:8A:D2:0C:02:2F:CA:56:A5:DB:86:6A:6E:BA:E8:CB:CE:73:2B:E3:F3:F5:B5:90:E4:AB:91"}}},"request":{"raw":"GET /%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/top.jpg HTTP/1.1\r\nHost: xn--x9t711b.dear2.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 10 Oct 2025 03:14:45 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 1917\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Apr 2023 14:55:00 GMT\r\netag: \"643d5dc4-77d\"\r\nexpires: Fri, 31 Oct 2025 15:46:47 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nage: 732478\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fBe0dXpU7jicf1bc2SlvsYrdSl7gyL1out6HxUoyZ4p5hpW5ZEzud9DYW0HIqPtyC6xgzivG9fv33CndpDH7B4PajBPFgTUEEZesGLlRhvqMmgrnaA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98c2f30c6b15c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1917,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 20x50, components 3","md5":"1623ff59faa3a0f70d8f1232047a9631","sha1":"ac2769759c80bd1a2855934dfcda96899d368fda","sha256":"c2bda231b0a4adcf8858c3147a61d8e8b9169a9de0810409f83bfd760849974a","sha512":"78a786121962f8f64f5574d5ab85b1b6f595dad6b814202b4cb77c0b67596272ddabe8960c62fbbab51b56033c211a9cbea1e0a4d792f0cd3663838c9cb5c990","ssdeep":"","tlshash":"1f41d717c98512ede53342b655920a0876bcb48ce243454f002ae1f41991acb6986ba8","first_seen":"2023-07-06T13:38:49Z","last_seen":"2026-06-02T20:20:02.545727Z","times_seen":56,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/favicon.ico","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","date":"2025-10-10T03:14:46.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dear2.cfd","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 24 Aug 2025 10:29:21 GMT","end":"Sat, 22 Nov 2025 10:24:52 GMT"},"fingerprint":{"sha1":"17:7C:FC:D3:21:B1:CA:4C:C1:E6:43:16:86:AB:EC:74:98:6A:98:C2","sha256":"3A:39:FF:C1:5C:09:8A:D2:0C:02:2F:CA:56:A5:DB:86:6A:6E:BA:E8:CB:CE:73:2B:E3:F3:F5:B5:90:E4:AB:91"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xn--x9t711b.dear2.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 10 Oct 2025 03:14:46 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nstrict-transport-security: max-age=0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QZIcMZqd7Vs52cs6%2FaYnFVbRV6QSqO04Xu6eZI8o7MOyfPweR1JnAE%2F6DnvRH9Kh%2FS8R57GswIuu%2Bry1z9mdhzAa2Xy2i6NE7e4amaKxKgN9VeQodw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 98c2f30e1c1fc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":150,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"597ba0d4396e9c906225140ce907092c","sha1":"28ae2ba65ccdb583d79f85b8cc9509fae697493b","sha256":"ee1a27178227546d3dcc49e611a6d72e4f1c30080ee4493ae4085b58a49e28e6","sha512":"8898f14bd6cb5c72d6ee5878af3700be6d03b56a5a21a3d58ef347f008acf4ac68a46a908903e1d42999c1e259e77d7df686c94765865ae07361b2c4e04adf2c","ssdeep":"","tlshash":"18c02b2d24137c0c8663307636c37050c1978337a67e10210400805330cf1998ac33af","first_seen":"2023-04-05T14:00:46Z","last_seen":"2026-06-03T21:23:01.549622Z","times_seen":35861,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"admin.mli1agc8xuzvbhd0.com/cotae/","fqdn":"admin.mli1agc8xuzvbhd0.com","domain":"mli1agc8xuzvbhd0.com","tld":"com"},"ip":{"addr":"104.21.2.76","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-10T03:14:44.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mli1agc8xuzvbhd0.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Sep 2025 08:30:24 GMT","end":"Sun, 14 Dec 2025 09:28:01 GMT"},"fingerprint":{"sha1":"56:2D:5F:2A:21:55:E5:5E:BE:04:FD:E2:6F:DD:55:58:8D:AA:F6:E0","sha256":"15:2A:81:E1:45:F1:F8:B6:7E:70:44:4A:80:95:BE:96:CB:A1:0B:E5:63:7D:49:D1:CC:C2:32:84:CA:7B:21:FD"}}},"request":{"raw":"GET /cotae/ HTTP/1.1\r\nHost: admin.mli1agc8xuzvbhd0.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 10 Oct 2025 03:14:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://恋爱.dear2.cfd/音乐戏剧/index.html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R5Zolk5xaWHzG7IUPG8svxqW67zrt5%2FOPh5YXGzndE6iT5zlGXo%2FVkNpXFktW31xm3AonGADtOABrHnRKoQsGIcGNplfDXQ3AEH6yLIzWMR4a2HScsPtjQ%3D%3D\"}]}\r\ncf-ray: 98c2f3053d9e56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":146657,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-03T20:55:47.460874Z","times_seen":16089547,"resource_available":true,"data":null}},"time_used":1420,"timings":{"blocked":651,"dns":20,"connect":1,"send":0,"wait":118,"receive":0,"ssl":628},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--x9t711b.dear2.cfd/%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html","fqdn":"xn--x9t711b.dear2.cfd","domain":"dear2.cfd","tld":"cfd"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-10T03:14:44.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dear2.cfd","organization":""},"issuer":{"commonName":"Cloudflare TLS Issuing ECC CA 1","organization":"CLOUDFLARE, INC."},"validity":{"start":"Sun, 24 Aug 2025 10:29:21 GMT","end":"Sat, 22 Nov 2025 10:24:52 GMT"},"fingerprint":{"sha1":"17:7C:FC:D3:21:B1:CA:4C:C1:E6:43:16:86:AB:EC:74:98:6A:98:C2","sha256":"3A:39:FF:C1:5C:09:8A:D2:0C:02:2F:CA:56:A5:DB:86:6A:6E:BA:E8:CB:CE:73:2B:E3:F3:F5:B5:90:E4:AB:91"}}},"request":{"raw":"GET /%E9%9F%B3%E4%B9%90%E6%88%8F%E5%89%A7/index.html HTTP/1.1\r\nHost: xn--x9t711b.dear2.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 10 Oct 2025 03:14:45 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 09 Oct 2025 16:15:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rFawyLWFZoV8juQFdW7FJuZV9eNCt9Ee8clRuLTsslN8viJTmWHTBX8Ia47vJemv1BVPGExmmM3O5VbMeojpX5ej2XxEoWOIzTwpAm4bJKuAn1Y%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98c2f308ce6a56ca-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":146657,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60082), with no line terminators","md5":"afe1847d6f43fed880b2d1e8807016f3","sha1":"d4e39ccb884180a2a1a29a12d158a2236dc71c0c","sha256":"d04210f4b1ecc386ed072230b40864b53f8ee2faafec9fa74667043cc7938c7d","sha512":"15eaeefe975052a77200cca607685745e40fbe3e30a8e6a906fbafa0aa9c30f7836d85c23646fc308bab55818d1e152d9ea2d44ecede92b2f9377c259d9327a4","ssdeep":"1536:dJCB1RnFYYP9CwepNaAW2+TPhjs2N+rMY7MKu9bd7BEINpPy2TkNR2/7kxCe4A:dJaui9SplfiQ0T42/7m","tlshash":"09e34263a3cca55b1732d68c9d71e73c804304bb8d576e43e8968e5eac446a7ac532cf","first_seen":"2025-10-10T03:15:17.340551Z","last_seen":"2025-10-10T03:15:17.340551Z","times_seen":1,"resource_available":false,"data":null}},"time_used":995,"timings":{"blocked":437,"dns":86,"connect":1,"send":0,"wait":121,"receive":0,"ssl":348},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}