{"report_id":"a928d1a0-e0c6-44a4-a97b-5dda31526e21","version":6,"status":"done","tags":[],"date":"2025-10-19T04:31:35Z","url":{"schema":"http","addr":"www.b.c952.cc/","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"23.224.135.66","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"x12vwyrsrwg4krvlta.com:58010/dh/index.html","fqdn":"x12vwyrsrwg4krvlta.com","domain":"x12vwyrsrwg4krvlta.com","tld":"com"},"title":"請截圖保存到相冊-新網址"},"submit":{"url":{"schema":"http","addr":"www.b.c952.cc/","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"23.224.135.66","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-23T04:31:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"img.mresou.com","ip":{"addr":"104.21.79.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-04-12","domain_rank":4701765,"first_seen":"2022-06-04T02:54:19Z","last_seen":"2025-10-17T04:35:57.446658Z","alert_count":0,"request_count":1,"received_data":136816,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"x12vwyrsrwg4krvlta.com","ip":{"addr":"172.247.94.98","port":58010,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-01-13","domain_rank":0,"first_seen":"2025-10-19T04:31:35.665159Z","last_seen":"2025-10-19T04:31:35.66516Z","alert_count":0,"request_count":4,"received_data":13573,"sent_data":1968,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.b.c952.cc","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-03-24","domain_rank":0,"first_seen":"2025-10-19T04:31:35.668759Z","last_seen":"2025-10-19T04:31:35.668759Z","alert_count":0,"request_count":3,"received_data":1072,"sent_data":1280,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"files.shenqizhilv.com","ip":{"addr":"23.224.135.66","port":36666,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2016-11-05","domain_rank":6175054,"first_seen":"2023-05-31T19:17:43Z","last_seen":"2025-10-05T18:00:43.462065Z","alert_count":0,"request_count":1,"received_data":672,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"users.shenqizhilv.com","ip":{"addr":"36.158.237.92","port":59168,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"domain_registered":"2016-11-05","domain_rank":5522309,"first_seen":"2023-05-31T19:17:44Z","last_seen":"2025-10-05T18:00:44.012182Z","alert_count":0,"request_count":1,"received_data":3260,"sent_data":458,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2025-10-12T23:39:30.055111Z","alert_count":0,"request_count":2,"received_data":30877,"sent_data":1140,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"img.xmshengchao.com","ip":{"addr":"172.247.84.4","port":1688,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2016-07-01","domain_rank":1701637,"first_seen":"2025-06-05T07:33:58.312013Z","last_seen":"2025-10-13T06:00:19.384112Z","alert_count":0,"request_count":1,"received_data":174222,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.asujp.com","ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2018-10-15","domain_rank":7012203,"first_seen":"2023-10-06T14:27:30Z","last_seen":"2025-10-05T18:00:44.24804Z","alert_count":0,"request_count":1,"received_data":562,"sent_data":542,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img.alicdn.com","ip":{"addr":"47.246.44.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":61670,"first_seen":"2015-03-04T07:06:39Z","last_seen":"2025-10-14T01:29:29.356155Z","alert_count":0,"request_count":1,"received_data":174560,"sent_data":498,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-11T22:17:59.259566Z","times_seen":121592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?38ce17e5ef2191b2c5929506808e2c73","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"ffa319ac6b3b8317b589675e7749cdb9","sha1":"62819d4a21a86693d658df47c270a221b41eeb47","sha256":"361dfa6bf3260c74697334156299a8ff498f1597e42804d8147484af35ebfe3a","sha512":"7a4204a25383199d62d227d4cd4ac6fb229749c62eef0cbbcf25363f62cd391513948c220543cdb07e85c82dc85343dc4b46d067ec39283272dc6b75f534c592","ssdeep":"384:caJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:ca4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"3ad2c9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29895,"data":"","first_seen":"2025-10-19T04:31:45.388518Z","last_seen":"2025-10-19T04:31:45.388518Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.b.c952.cc/go.js?v=0.6024924906680763","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"23.224.177.250","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e12e0ba957bab27df13b7eb9ffe4b062","sha1":"31b33f6169aeedf6df02270165832acf3b3080fe","sha256":"272622d8a3e4a72bd8352370cbf8a2009b09292617a66671dc9a4ad72d053b36","sha512":"80ed20dbf500777c5edb0c8b657b40145a9398407bdaa2cf69ae64fc0bd2ed87e55e58996cf9bc7599a683b7ffba1c7da39fc4ca41c16b99a9e69cd288e64585","ssdeep":"","tlshash":"d3a022af2200c8002a8228288b02382b003332ee2c0a800e8300c20880c03f883ae0ac","size":68,"data":"","first_seen":"2025-10-19T04:31:45.483344Z","last_seen":"2025-10-21T07:16:34.405771Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.shenqizhilv.com:36666/js/tj.js","fqdn":"files.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"23.224.135.66","port":36666,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb58678f34e96b713547007d11b913df","sha1":"405d1d727595776164ce74ac60911566e18d7fee","sha256":"1b97f997ba0aaf74b21a52aba026e8e702471a29069910c61e0a9831388c9ce5","sha512":"116f89d968c5d03be72e898e2e2ad9befd6bdbd0c2f0ff8510ccd4df4ddcc8fc02d455aaa2de76b43667a82915bd9956f94a28c09b4d33b61b05ccaa44cafbe2","ssdeep":"","tlshash":"b7e02bff0025870a0702154272708b493665e036732694b0f9fc5812f3f0e95a462fde","size":292,"data":"","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-06-06T12:23:16.88673Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"users.shenqizhilv.com:59168/dh/dh.js?v=0.3027049272681607","fqdn":"users.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"36.158.237.92","port":59168,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"e50d5a85a048b1bff5f66dd47bcae056","sha1":"631c839caa5fbe461f6bbbccb76364835cccfb18","sha256":"a8f7cf1b12f52ec40ec39439d99cf6bc89d0c4d4077cc194c6109963e16c3a80","sha512":"e790d67b82d12bbab2549e5246e3ab4b874ee566ed348976d672b70fe1eef9053544f4a5dbb1948bddfafb75d7175bf335d09fc7277b589da98a575a8a3a751d","ssdeep":"","tlshash":"a45140936541903f13da77b6a107438da462840fbe42e442b9ac75d0bfb0ad880ebadd","size":2874,"data":"","first_seen":"2025-10-19T04:31:45.48682Z","last_seen":"2025-10-21T07:16:34.402366Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-06-11T22:17:59.259566Z","times_seen":121592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"41d63cec7c62dc644420d2896ada0a9b","sha1":"78f62ff9e11244f1815b0c821eb0b5c7effc95d7","sha256":"6e22fd5e02643c512b5f05bc7b2379a068395aada8695c0740cc8376f85dce42","sha512":"6b56b60f2a474fa9cd7fecf1ad413282465f7aac257c88296b04d67f04980b27479da3c8f6a012b6db2f9fe9b5bd0bbc9ee04c1b10f5ca9792ef78eeaf970c7d","ssdeep":"","tlshash":"77e072ff33d2c41c1bba3c919167300c60dbbeba2910c8888c00201728aae3f9980c6a","size":323,"data":"","first_seen":"2025-10-19T04:31:45.497264Z","last_seen":"2025-10-19T04:31:45.497264Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.b.c952.cc/","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e4725da8352954697c5041ef516d3b88","sha1":"82d57bae58a0cb48f84b7ce6f31f17ba57a4422c","sha256":"36704e7308900dbb36d9e4ddf29f6c4eb9b38f694d1b4c1be222dc3a32d3b0f5","sha512":"c533cf76e4c5cb0d5aea94fc948fa0a0fb64defc00a0614b35f59f19909536ee98aaf4043fab23833eb432af664571dd2547def3beef987e8328ea8147fd8e27","ssdeep":"","tlshash":"6db0120a3f5bc11c100000d1fdb1c52070baea33cb33fc44a1898a54808ef546c8fc70","size":108,"data":"","first_seen":"2025-05-12T04:16:38.192339Z","last_seen":"2026-06-06T12:23:16.902816Z","times_seen":54,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x12vwyrsrwg4krvlta.com:58010/dh/index.html","fqdn":"x12vwyrsrwg4krvlta.com","domain":"x12vwyrsrwg4krvlta.com","tld":"com"},"ip":{"addr":"172.247.94.98","port":58010,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ae32c44c2e020db1cc7edbb65bae0ade","sha1":"2893ebf41f3c23a05da7de44f6545c16824278ff","sha256":"5047e331c5699817207830cf5c1f6bf422cead2bb658a6f113441fbbe894deb7","sha512":"d87cdbe535b491e407643ed7f71fb9bac14eb6cc187cbcac7bf0454b96c195ab016309ec19284760d8d85b8f7878c83c31718ab23fce1cfb02882a1d19597bdf","ssdeep":"","tlshash":"8ec08c177a0ad20d218040d0fca2e8687476eb238e21ec84546e5684680d9a8984e8b0","size":160,"data":"","first_seen":"2025-05-12T04:16:38.198529Z","last_seen":"2026-06-06T12:23:16.904135Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fed6cb69d417791b9f836929057c1f37","sha1":"9ab0a7580f8520088b83facab1a1d80167191bae","sha256":"92a3ccb600db9bcc29533c3976e3112b2285bd5bb5f52c8a626d98743f00dde5","sha512":"c2702733eeffcb82f274b1c2c7b1a2dd817b2d99e82e3244d8cc928e6895ff3036b56dcd4cdaa3bb2616a4d12aed47130437f6c123132413bef36c2e31cd1efd","ssdeep":"","tlshash":"c9d0971f2c68283873b5087c61bbf98cb46264ac107de000c0dde8404960ee19c2e7c8","size":254,"data":"","first_seen":"2025-05-12T04:16:38.176064Z","last_seen":"2026-06-06T12:23:16.907494Z","times_seen":64,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"39c825e4cb44b8640c52a14340367b01","sha1":"a8ac368b1a61e697b1bc7b916d4c680d3740323e","sha256":"fd3bf6ef92d634b0036c358b5b57cf00a3f7ca8aa47803aa156ed059c9af51c3","sha512":"c9e292847f7c3c0afe378b876d81808ca8096144eb4d1a27509bcaea34143c2a0fdd1b5bf51f7250856c7217685f0690a41c6c7607a99e11c71cc893c3f7259b","ssdeep":"","tlshash":"9ea0220bac3ef00c0000c8c0cef0c038b008e02c8b00cce8eaca2828208afe0cc0a000","size":74,"data":"","first_seen":"2025-10-19T04:31:45.515038Z","last_seen":"2025-10-19T04:31:45.515038Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e1e5ba6ea8b04bf4f60cea38ad1c5ac3","sha1":"25492bc4cf096bb1de9006e4a9e87e0bb2c63576","sha256":"6d975b4501dbf1828255974aacdac158e7434f7018d7230bb436a070c3fe239a","sha512":"607168b78e679b39cfa215b4a15ec4e906db90d3fdb87fb3070136ae7c011699b20d08e4a7d3add7e77b18d9a9f83a6e5805a67f0fa9e3e289e099f5d617ad13","ssdeep":"","tlshash":"99b09b575d05d14d114054c4ddf5b86d641767045954d48d59fd15d4380d6e8cd05554","size":126,"data":"","first_seen":"2025-10-19T04:31:45.519469Z","last_seen":"2025-10-19T04:31:45.519469Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"img.mresou.com/img/23112003.gif","fqdn":"img.mresou.com","domain":"mresou.com","tld":"com"},"ip":{"addr":"104.21.79.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:17.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mresou.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 21:04:17 GMT","end":"Sun, 11 Jan 2026 22:02:01 GMT"},"fingerprint":{"sha1":"7C:F3:56:C5:C1:9A:58:6A:C0:45:A6:0A:3D:53:F7:57:91:B0:99:B5","sha256":"12:3E:7B:32:D0:2A:43:9F:EE:23:26:1C:F6:0D:86:13:2A:B3:22:6E:C9:B4:9A:7C:03:D4:5F:F5:6A:A0:73:03"}}},"request":{"raw":"GET /img/23112003.gif HTTP/1.1\r\nHost: img.mresou.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 19 Oct 2025 04:31:17 GMT\r\ncontent-type: image/gif\r\ncontent-length: 136346\r\nserver: cloudflare\r\nlast-modified: Mon, 20 Nov 2023 14:02:31 GMT\r\nvary: accept-encoding\r\netag: \"655b66f7-2149a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 133142\r\ncf-cache-status: HIT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 990d8b88afd30731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":136346,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 640 x 200","md5":"726d2998b3400f9ac3e6da5ce5d0423c","sha1":"3cf09d2bc2b100be0806a7f4d0b17516d0b35bd0","sha256":"9e6a4649882b910cdadab83c2d4d2f6770325c63fa542e8e042d39c5549b9afd","sha512":"6e61fd672797b8b2bd12f87c3d16b0764e8bad5e6af2e5fb160bc2df2dfe36ada5be907d563d472b1ff45913f2c4e6d6aba186b51e8f06891671a75e8a0eb1bf","ssdeep":"3072:iMSMJbsyzLvScjRZqKtwLqlmhG5UBYI+Z10Li4cxC5jOy7gaoAd5:LSe/qoLqIqGlF4OcUaoy5","tlshash":"61d31259e9c347aa706565e1c7f3b4d20c7369423c78a1b974b1aa6f8635038e83933f","first_seen":"2024-08-20T11:51:23.192754Z","last_seen":"2026-04-27T20:16:44.971112Z","times_seen":20,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":9,"receive":9,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?38ce17e5ef2191b2c5929506808e2c73","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.asujp.com:58081/api.html","date":"2025-10-19T04:31:18.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?38ce17e5ef2191b2c5929506808e2c73 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.asujp.com:58081/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11289\r\nContent-Type: application/javascript\r\nDate: Sun, 19 Oct 2025 04:31:19 GMT\r\nEtag: fb9a5bc2214d62372d3f62802c985acd\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=327E6EDFF320DB7F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29895,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (619)","md5":"ffa319ac6b3b8317b589675e7749cdb9","sha1":"62819d4a21a86693d658df47c270a221b41eeb47","sha256":"361dfa6bf3260c74697334156299a8ff498f1597e42804d8147484af35ebfe3a","sha512":"7a4204a25383199d62d227d4cd4ac6fb229749c62eef0cbbcf25363f62cd391513948c220543cdb07e85c82dc85343dc4b46d067ec39283272dc6b75f534c592","ssdeep":"384:caJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:ca4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"3ad2c9e9b282713293a324a5153f724af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2025-10-19T04:31:45.388518Z","last_seen":"2025-10-19T04:31:45.388518Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1921,"timings":{"blocked":797,"dns":1,"connect":261,"send":0,"wait":326,"receive":1,"ssl":531},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x12vwyrsrwg4krvlta.com:58010/dh/bk.png","fqdn":"x12vwyrsrwg4krvlta.com","domain":"x12vwyrsrwg4krvlta.com","tld":"com"},"ip":{"addr":"172.247.94.98","port":58010,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:15.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"asia8.youporn.la","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Mon, 13 Jan 2025 17:04:08 GMT","end":"Thu, 12 Feb 2026 17:04:07 GMT"},"fingerprint":{"sha1":"6A:21:9D:78:AB:B7:D7:EA:A4:62:D5:FE:A2:3A:F8:FE:23:E2:50:5D","sha256":"07:73:9D:C2:C7:3E:81:BF:AD:6D:B5:CF:54:B0:77:7C:99:55:47:0C:57:C5:6F:D8:2D:A7:DB:21:49:59:3D:4D"}}},"request":{"raw":"GET /dh/bk.png HTTP/1.1\r\nHost: x12vwyrsrwg4krvlta.com:58010\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/dh/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 14 Aug 2025 18:44:26 GMT\r\nContent-Type: image/png\r\nContent-Length: 999\r\nLast-Modified: Sun, 27 Aug 2023 17:08:08 GMT\r\nETag: \"64eb82f8-3e7\"\r\nExpires: Thu, 14 Aug 2025 18:45:26 GMT\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nCache-Control: max-age=2269\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":999,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced","md5":"ce95f50706fead30fc5c02e6b4f0a6d1","sha1":"a4c43a6a64b5633943ba5824c3c80dba4f2b0c13","sha256":"056829fe951fc1db4ad7c5e9d61f5d729a82b7419a9fd1f3cd5314e9bfd82649","sha512":"d86c61c4b6a79ec8e5a8d570cef37b28b7f038ee87bcb59361a39c7f60d714487da8fabf266e766f2faa14a1ed83fcbe8d638db977f68d2ce81cb8c32d62b416","ssdeep":"","tlshash":"1b11214ee5425801d6dcda4224f7c0579e638880eed1fcbab9cfc42b1a642f6846d9cf","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-06-06T12:23:16.889114Z","times_seen":86,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":122,"dns":0,"connect":0,"send":0,"wait":159,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x12vwyrsrwg4krvlta.com:58010/favicon.ico","fqdn":"x12vwyrsrwg4krvlta.com","domain":"x12vwyrsrwg4krvlta.com","tld":"com"},"ip":{"addr":"172.247.94.98","port":58010,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:16.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"asia8.youporn.la","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Mon, 13 Jan 2025 17:04:08 GMT","end":"Thu, 12 Feb 2026 17:04:07 GMT"},"fingerprint":{"sha1":"6A:21:9D:78:AB:B7:D7:EA:A4:62:D5:FE:A2:3A:F8:FE:23:E2:50:5D","sha256":"07:73:9D:C2:C7:3E:81:BF:AD:6D:B5:CF:54:B0:77:7C:99:55:47:0C:57:C5:6F:D8:2D:A7:DB:21:49:59:3D:4D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: x12vwyrsrwg4krvlta.com:58010\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/dh/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 14 Aug 2025 18:44:25 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 4286\r\nLast-Modified: Sun, 05 Mar 2023 17:30:37 GMT\r\nETag: \"6404d1bd-10be\"\r\nExpires: Thu, 14 Aug 2025 18:45:25 GMT\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nCache-Control: max-age=117\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"dfce00c59ba2ba11b46e573410197ada","sha1":"6ea119e7580de2e45fe3f975b3942349d8a23658","sha256":"5f86d83d972a5bed8d627e1a2e84827c318ce8716d95ba6dd2c48d9e4025b421","sha512":"12c22295bfa3a22d07a5d4dcb4dfe3c90415cca51c2dc8c13e938e472684c231cfefe303db1f455cb956250e4c660e29afbcdc00c618ebaca203fd24cd5e5b23","ssdeep":"48:UXHhHhHAsHDHsmdMNeesXBe6OFSFRkcd2Bjt:UXHhHhHAsHDHsmdMNhsXBe6OFSFRABJ","tlshash":"c8917c0bcd07706ad14695fde0c7e33d2a475d8a8435d1b60ce68c8f3265abc696c4f2","first_seen":"2023-06-02T23:30:32Z","last_seen":"2026-06-06T12:23:16.887922Z","times_seen":78,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":202,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.xmshengchao.com:1688/images/a5082cb1-e6a9-44eb-941d-cc022dfa464b","fqdn":"img.xmshengchao.com","domain":"xmshengchao.com","tld":"com"},"ip":{"addr":"172.247.84.4","port":1688,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:17.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img.xmshengchao.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 31 May 2025 11:05:28 GMT","end":"Tue, 30 Jun 2026 11:05:27 GMT"},"fingerprint":{"sha1":"20:11:F7:D1:C5:30:B5:EB:08:8E:C5:2F:C2:70:DE:32:B4:55:ED:B8","sha256":"76:6B:96:31:6E:51:97:FA:AF:A9:7D:37:14:82:36:87:44:16:66:C5:8B:33:EC:CB:E2:32:1B:91:FB:4E:64:0B"}}},"request":{"raw":"GET /images/a5082cb1-e6a9-44eb-941d-cc022dfa464b HTTP/1.1\r\nHost: img.xmshengchao.com:1688\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\ncache-control: max-age=86400\r\ndate: Sun, 19 Oct 2025 04:31:18 GMT\r\nlocation: https://img.alicdn.com/imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: HIT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173807,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-12T01:48:45.160697Z","times_seen":16340841,"resource_available":true,"data":null}},"time_used":1504,"timings":{"blocked":589,"dns":179,"connect":161,"send":0,"wait":325,"receive":0,"ssl":248},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.b.c952.cc/","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-19T04:31:12.700Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.b.c952.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-12T01:48:45.160697Z","times_seen":16340841,"resource_available":true,"data":null}},"time_used":1156,"timings":{"blocked":1156,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x12vwyrsrwg4krvlta.com:58010/dh/index.html","fqdn":"x12vwyrsrwg4krvlta.com","domain":"x12vwyrsrwg4krvlta.com","tld":"com"},"ip":{"addr":"172.247.94.98","port":58010,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-19T04:31:14.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"asia8.youporn.la","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Mon, 13 Jan 2025 17:04:08 GMT","end":"Thu, 12 Feb 2026 17:04:07 GMT"},"fingerprint":{"sha1":"6A:21:9D:78:AB:B7:D7:EA:A4:62:D5:FE:A2:3A:F8:FE:23:E2:50:5D","sha256":"07:73:9D:C2:C7:3E:81:BF:AD:6D:B5:CF:54:B0:77:7C:99:55:47:0C:57:C5:6F:D8:2D:A7:DB:21:49:59:3D:4D"}}},"request":{"raw":"GET /dh/index.html HTTP/1.1\r\nHost: x12vwyrsrwg4krvlta.com:58010\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.b.c952.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 18 Oct 2025 06:16:44 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sat, 18 Oct 2025 06:03:12 GMT\r\nETag: \"68f32da0-8f0\"\r\nExpires: Sat, 18 Oct 2025 06:17:44 GMT\r\nContent-Length: 1133\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nConnection: keep-alive\r\nCache-Control: max-age=545\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2288,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"91f2257f1a525fe58c2e4983c9efb854","sha1":"d15f9e164db3be8975f6575a5b7298cd2dba2490","sha256":"384f203238b6c5e8722ad681cedba22c417b3c61e3f0d71eaa8a68a79d34542c","sha512":"fa01018a05c939046cb647637dd667dab1ff9542e67abc96beead79628538a25873ea20045585856a73fc10d08a795c05b04ff88ef6958560d7b5643b8d36d82","ssdeep":"","tlshash":"1f41b633d6634223f39283f4fdb1e37a40038e03c3865e24678534ee9ac46aa991a57d","first_seen":"2025-10-19T04:31:45.424301Z","last_seen":"2025-10-21T07:16:34.400908Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1146,"timings":{"blocked":493,"dns":8,"connect":159,"send":0,"wait":159,"receive":0,"ssl":323},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.shenqizhilv.com:36666/js/tj.js","fqdn":"files.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"23.224.135.66","port":36666,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:15.568Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.shenqizhilv.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Wed, 25 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:E2:56:4B:D2:6B:D6:6C:CD:46:66:2C:EA:1A:38:01:CA:7E:76:FD","sha256":"CE:6D:0D:D4:91:40:A9:08:29:E4:53:21:04:55:33:FF:59:87:22:27:CC:B7:C2:56:CE:52:C5:4F:7B:EA:E2:A5"}}},"request":{"raw":"GET /js/tj.js HTTP/1.1\r\nHost: files.shenqizhilv.com:36666\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 19 Oct 2025 04:31:10 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 292\r\nlast-modified: Mon, 08 Jan 2024 12:02:27 GMT\r\netag: \"659be453-124\"\r\nset-cookie: SITE_TOTAL_ID=3552fa65fe588bb15abd2aef7d55561d; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":292,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"bb58678f34e96b713547007d11b913df","sha1":"405d1d727595776164ce74ac60911566e18d7fee","sha256":"1b97f997ba0aaf74b21a52aba026e8e702471a29069910c61e0a9831388c9ce5","sha512":"116f89d968c5d03be72e898e2e2ad9befd6bdbd0c2f0ff8510ccd4df4ddcc8fc02d455aaa2de76b43667a82915bd9956f94a28c09b4d33b61b05ccaa44cafbe2","ssdeep":"","tlshash":"b7e02bff0025870a0702154272708b493665e036732694b0f9fc5812f3f0e95a462fde","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-06-06T12:23:16.88673Z","times_seen":71,"resource_available":true,"data":null}},"time_used":1603,"timings":{"blocked":719,"dns":302,"connect":159,"send":0,"wait":159,"receive":0,"ssl":261},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:16.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.asujp.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 25 Jul 2025 20:38:42 GMT","end":"Sat, 25 Jul 2026 20:38:41 GMT"},"fingerprint":{"sha1":"34:2B:D2:67:52:9A:35:7E:E9:B7:7E:42:CC:9D:16:FA:78:64:B9:4B","sha256":"85:C5:C7:1F:D9:04:26:E8:37:FD:F5:86:28:D9:DB:D7:74:59:B1:78:15:FF:91:D6:B8:94:62:FA:75:66:E6:02"}}},"request":{"raw":"GET /api.html HTTP/1.1\r\nHost: www.asujp.com:58081\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 19 Oct 2025 04:31:17 GMT\r\ncontent-type: text/html\r\ncontent-length: 292\r\nlast-modified: Wed, 05 Jul 2023 21:33:33 GMT\r\netag: \"64a5e1ad-124\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"d04463cd63e6e531dc0110167b7fcfb7","sha1":"dca049136730245401364f3d0713546224684977","sha256":"be8b6170fb0f1d6f13bb47bcfd0dd5d8a280c4b2598a36153dd9339016e29761","sha512":"07853f3a5c6097d693fe9cec212bee039bc5d79cb8eb5e305f2a9a735c61bc7e659994bdcc51f1453e36b778240d63c5258bca465d1190796943d555d86c7c69","ssdeep":"","tlshash":"24e02b5f2c58583873b405b4517bf88cf9a1a0ac4239d105a1dde8111460ee16c2abc4","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-06-06T12:23:16.877933Z","times_seen":71,"resource_available":false,"data":null}},"time_used":2911,"timings":{"blocked":1376,"dns":913,"connect":160,"send":0,"wait":159,"receive":0,"ssl":299},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.b.c952.cc/","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"23.224.177.250","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-19T04:31:14.041Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.b.c952.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 19 Oct 2025 04:31:14 GMT\r\nContent-Type: text/html\r\nContent-Length: 434\r\nLast-Modified: Sun, 27 Nov 2022 14:21:20 GMT\r\nConnection: keep-alive\r\nETag: \"63837260-1b2\"\r\nSet-Cookie: SITE_TOTAL_ID=8c61f9adcfc38e539dbe29be69d35b02; Path=/; Max-Age=259200000; HttpOnly\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":434,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"99b599ea7513742be54a78dc16386ed3","sha1":"40db5659479a7607fdfeb3052d3bc4cad5ed47a8","sha256":"1bbbf09993ea58977f4ebfd2ecbefe8ceda8fe24c0bb0ae13b88fd75ca0fc5e0","sha512":"62a09b8e83cbf7b828f163fbbae44cb79e31a24a10e7da61d1be99a107322904433535a184993b52d70c1bd6ad1bba64743fbeb75b41a923e278f8866933cbb9","ssdeep":"","tlshash":"9de055536c13cc1c506042f1eca2e094d4aaad30a313ac40d1c4b85f1ccaf84dd9baa5","first_seen":"2023-06-02T23:30:32Z","last_seen":"2026-06-06T12:23:16.883941Z","times_seen":63,"resource_available":true,"data":null}},"time_used":478,"timings":{"blocked":157,"dns":1,"connect":160,"send":0,"wait":160,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x12vwyrsrwg4krvlta.com:58010/dh/link.png","fqdn":"x12vwyrsrwg4krvlta.com","domain":"x12vwyrsrwg4krvlta.com","tld":"com"},"ip":{"addr":"172.247.94.98","port":58010,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:15.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"asia8.youporn.la","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Mon, 13 Jan 2025 17:04:08 GMT","end":"Thu, 12 Feb 2026 17:04:07 GMT"},"fingerprint":{"sha1":"6A:21:9D:78:AB:B7:D7:EA:A4:62:D5:FE:A2:3A:F8:FE:23:E2:50:5D","sha256":"07:73:9D:C2:C7:3E:81:BF:AD:6D:B5:CF:54:B0:77:7C:99:55:47:0C:57:C5:6F:D8:2D:A7:DB:21:49:59:3D:4D"}}},"request":{"raw":"GET /dh/link.png HTTP/1.1\r\nHost: x12vwyrsrwg4krvlta.com:58010\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/dh/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 14 Aug 2025 18:44:26 GMT\r\nContent-Type: image/png\r\nContent-Length: 4713\r\nLast-Modified: Sun, 27 Aug 2023 17:08:09 GMT\r\nETag: \"64eb82f9-1269\"\r\nExpires: Thu, 14 Aug 2025 18:45:26 GMT\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nCache-Control: max-age=2075\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4713,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 260 x 55, 8-bit colormap, non-interlaced","md5":"d140262c1430c13ac293736aed99d4ed","sha1":"b64c6980a2cdf2de15b037a849a2157fa5c2fa72","sha256":"7f3ef832d89b914b86626a28bda611ad59ec0ca56d5d9147788c2ebaab70f199","sha512":"c9acc955ae33fc04a4cca5bb872d5df4fc41a9fb532103489f29f155826909807800b64a8389762cecc1cdfe864f76cdb00e100f51d094412a9c70692d78dbf1","ssdeep":"96:1QU4WuvSte3otKWPLjsroBNuikOY1WRRAAzAxwoRIxCzyA:1F4J2MopTIroBNuwJRApqDA","tlshash":"48a16e64e762144c9252e00ba4f717730e190c48fe929e51dabec19e3a315f3a44efc9","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-06-06T12:23:16.89338Z","times_seen":91,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:18.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 16 Jun 2025 09:41:05 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"64:77:72:8B:BB:58:44:79:90:C3:B0:8D:35:BC:EC:6C:D6:35:BD:83","sha256":"3D:49:49:78:42:46:FF:F7:52:9B:6B:82:DF:7E:54:4B:F9:BA:D8:34:14:1D:21:67:63:4E:5B:62:A1:D8:85:B5"}}},"request":{"raw":"GET /imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 173807\r\ndate: Sun, 27 Jul 2025 14:12:29 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: HIT\r\nrequest-time: 0.001\r\ntraceid: 2ff6079717536255487271636e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache5.l2de3[0,0,200-0,H], ens-cache7.l2de3[1,0], ens-cache13.se2[0,0,200-0,H], ens-cache3.se2[4,0]\r\naccess-control-allow-origin: *\r\nage: 7222731\r\nali-swift-global-savetime: 1753625548\r\nx-cache: HIT TCP_HIT dirn:9:105431875\r\nx-swift-savetime: Sun, 27 Jul 2025 14:16:03 GMT\r\nx-swift-cachetime: 31535785\r\nvary: Accept\r\ns-rt: 4\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9717608482796274364e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":173807,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 640 x 150","md5":"2402ee44cb711133d92bdb1ebef733a0","sha1":"385f2fd79a996edbcc9c327d0425f616d7be75c2","sha256":"4338a5737b31ad8039de005e41272bc546d3153b8fee936def8711e691114842","sha512":"96803ab5f6687e836e9bb56098587404a4143d01fae90241a64ecfbbd2fbfd0bfe01d972b26159b8d88945221cc28358a26f037a2ae6ad246982177f08edabc0","ssdeep":"3072:tlcJZ0ddZ0ddZ0ddZ0FgBGNNGeRSwmGeRSwmGeRSwmGeRSB:jryyqgQNNGekGekGekGem","tlshash":"ed040293ad87f24fef838f37f848322435e005b4f698dc5cfa28de6617997590652612","first_seen":"2025-05-12T04:16:38.1739Z","last_seen":"2026-06-06T12:21:27.057212Z","times_seen":54,"resource_available":false,"data":null}},"time_used":1825,"timings":{"blocked":874,"dns":823,"connect":21,"send":0,"wait":25,"receive":52,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=327E6EDFF320DB7F\u0026cc=0\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=35\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=306026392\u0026si=38ce17e5ef2191b2c5929506808e2c73\u0026su=https%3A%2F%2Fx12vwyrsrwg4krvlta.com%3A58010%2F\u0026v=1.3.2\u0026lv=1\u0026sn=53899\u0026r=0\u0026ww=0\u0026u=https%3A%2F%2Fwww.asujp.com%3A58081%2Fapi.html","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.asujp.com:58081/api.html","date":"2025-10-19T04:31:19.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=327E6EDFF320DB7F\u0026cc=0\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=35\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=306026392\u0026si=38ce17e5ef2191b2c5929506808e2c73\u0026su=https%3A%2F%2Fx12vwyrsrwg4krvlta.com%3A58010%2F\u0026v=1.3.2\u0026lv=1\u0026sn=53899\u0026r=0\u0026ww=0\u0026u=https%3A%2F%2Fwww.asujp.com%3A58081%2Fapi.html HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.asujp.com:58081/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Sun, 19 Oct 2025 04:31:19 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=F680E27F72758543; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-12T01:47:18.411272Z","times_seen":367384,"resource_available":true,"data":null}},"time_used":327,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":327,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.b.c952.cc/go.js?v=0.6024924906680763","fqdn":"www.b.c952.cc","domain":"c952.cc","tld":"cc"},"ip":{"addr":"23.224.177.250","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://www.b.c952.cc/","date":"2025-10-19T04:31:14.454Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /go.js?v=0.6024924906680763 HTTP/1.1\r\nHost: www.b.c952.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.b.c952.cc/\r\nCookie: SITE_TOTAL_ID=8c61f9adcfc38e539dbe29be69d35b02\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 19 Oct 2025 04:31:14 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 68\r\nLast-Modified: Sat, 18 Oct 2025 06:02:51 GMT\r\nConnection: keep-alive\r\nETag: \"68f32d8b-44\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"e12e0ba957bab27df13b7eb9ffe4b062","sha1":"31b33f6169aeedf6df02270165832acf3b3080fe","sha256":"272622d8a3e4a72bd8352370cbf8a2009b09292617a66671dc9a4ad72d053b36","sha512":"80ed20dbf500777c5edb0c8b657b40145a9398407bdaa2cf69ae64fc0bd2ed87e55e58996cf9bc7599a683b7ffba1c7da39fc4ca41c16b99a9e69cd288e64585","ssdeep":"","tlshash":"d3a022af2200c8002a8228288b02382b003332ee2c0a800e8300c20880c03f883ae0ac","first_seen":"2025-10-19T04:31:45.483344Z","last_seen":"2025-10-21T07:16:34.405771Z","times_seen":2,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"users.shenqizhilv.com:59168/dh/dh.js?v=0.3027049272681607","fqdn":"users.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"36.158.237.92","port":59168,"asn":56047,"as":"China Mobile communications corporation","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://x12vwyrsrwg4krvlta.com:58010/dh/index.html","date":"2025-10-19T04:31:15.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.shenqizhilv.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Wed, 25 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:E2:56:4B:D2:6B:D6:6C:CD:46:66:2C:EA:1A:38:01:CA:7E:76:FD","sha256":"CE:6D:0D:D4:91:40:A9:08:29:E4:53:21:04:55:33:FF:59:87:22:27:CC:B7:C2:56:CE:52:C5:4F:7B:EA:E2:A5"}}},"request":{"raw":"GET /dh/dh.js?v=0.3027049272681607 HTTP/1.1\r\nHost: users.shenqizhilv.com:59168\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x12vwyrsrwg4krvlta.com:58010/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 19 Oct 2025 04:31:17 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 16 Oct 2025 15:59:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f11644-b3a\"\r\nset-cookie: SITE_TOTAL_ID=7763c5d2a164d45e711d6cd12fe5de58; Path=/; Max-Age=259200000; HttpOnly\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2874,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (420), with CRLF line terminators","md5":"e50d5a85a048b1bff5f66dd47bcae056","sha1":"631c839caa5fbe461f6bbbccb76364835cccfb18","sha256":"a8f7cf1b12f52ec40ec39439d99cf6bc89d0c4d4077cc194c6109963e16c3a80","sha512":"e790d67b82d12bbab2549e5246e3ab4b874ee566ed348976d672b70fe1eef9053544f4a5dbb1948bddfafb75d7175bf335d09fc7277b589da98a575a8a3a751d","ssdeep":"","tlshash":"a45140936541903f13da77b6a107438da462840fbe42e442b9ac75d0bfb0ad880ebadd","first_seen":"2025-10-19T04:31:45.48682Z","last_seen":"2025-10-21T07:16:34.402366Z","times_seen":2,"resource_available":true,"data":null}},"time_used":4024,"timings":{"blocked":1769,"dns":321,"connect":310,"send":0,"wait":478,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}