{"report_id":"aa1e33cd-eee8-43dc-927d-eb294c0d5981","version":6,"status":"done","tags":[],"date":"2025-10-22T10:49:15Z","url":{"schema":"http","addr":"3t5adr3f.com/?wmen07=mv4m","fqdn":"3t5adr3f.com","domain":"3t5adr3f.com","tld":"com"},"ip":{"addr":"154.207.79.145","port":0,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"www.hmnc9vy.com/?wmen07=mv4m","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"title":"33B - 观看最新视频"},"submit":{"url":{"schema":"http","addr":"3t5adr3f.com/?wmen07=mv4m","fqdn":"3t5adr3f.com","domain":"3t5adr3f.com","tld":"com"},"ip":{"addr":"154.207.79.145","port":0,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-26T10:49:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"3t5adr3f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"mc.webvisor.org","ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"domain_registered":"2009-08-25","domain_rank":99131,"first_seen":"2017-08-16T02:40:17Z","last_seen":"2025-10-20T02:55:53.881868Z","alert_count":0,"request_count":6,"received_data":9820,"sent_data":6136,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"zbb.bbb.73533chqpw.com","ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-15T02:44:59.41101Z","last_seen":"2025-10-22T09:48:08.87611Z","alert_count":0,"request_count":3,"received_data":112679,"sent_data":1332,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"zbb.bbb.k99clxltt5.com","ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-21T06:28:29.100219Z","last_seen":"2025-10-21T06:28:29.100219Z","alert_count":0,"request_count":4,"received_data":431263,"sent_data":1788,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"i.59a63383.com","ip":{"addr":"172.247.125.52","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-04-27","domain_rank":0,"first_seen":"2025-05-24T19:05:24.069682Z","last_seen":"2025-10-20T02:39:10.922237Z","alert_count":0,"request_count":5,"received_data":181366,"sent_data":2345,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"3t5adr3f.com","ip":{"addr":"154.207.79.252","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-10-13","domain_rank":0,"first_seen":"2025-10-22T10:49:17.105561Z","last_seen":"2025-10-22T10:49:17.105561Z","alert_count":1,"request_count":1,"received_data":1686,"sent_data":493,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"tpym9.jcte19.com","ip":{"addr":"90.84.160.22","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-10-18T03:14:47.709666Z","last_seen":"2025-10-18T03:14:47.709666Z","alert_count":0,"request_count":1,"received_data":22906,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"i.quq83bvs.com","ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-04-27","domain_rank":0,"first_seen":"2025-05-21T18:50:48.245689Z","last_seen":"2025-10-20T02:39:10.87009Z","alert_count":0,"request_count":7,"received_data":271671,"sent_data":3290,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"zbb.bbb.3jh54h9vfc.com","ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-21T23:15:53.179204Z","last_seen":"2025-10-21T23:15:53.179204Z","alert_count":0,"request_count":2,"received_data":220791,"sent_data":896,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"zbb.bbb.hx0iwlk6cb.com","ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-21T06:28:29.109479Z","last_seen":"2025-10-21T06:28:29.109479Z","alert_count":0,"request_count":4,"received_data":393948,"sent_data":1778,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hasidundianqi.com","ip":{"addr":"221.204.209.225","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2019-09-04","domain_rank":0,"first_seen":"2025-10-03T01:02:35.035292Z","last_seen":"2025-10-19T01:47:36.156337Z","alert_count":0,"request_count":3,"received_data":897598,"sent_data":1280,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.hmnc9vy.com","ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":7,"request_count":8,"received_data":138557,"sent_data":3760,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.hmnc9vy.com/?wmen07=mv4m","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"f9d3bb814a745561deb7979fc3359077","sha1":"4a5220d8a845dbd2ecb812ae1e93b45f5c8bde16","sha256":"b9def1ac203e62956506496dbc92a640c268cd016f1ccb14522d11f3f2f50dd5","sha512":"3944ed58e25432911eae4931efc65f98e5100cfcdb665fea7a864e32d74ef7b69435b0174e67202b1d32f8c75712bda681ed82d41123b0feaece97051e956673","ssdeep":"","tlshash":"26f054a83cd841248373016927b3d10d31ba652f384fdd50f55d88423f40df604a780c","size":517,"data":"","first_seen":"2025-10-18T02:14:00.018884Z","last_seen":"2025-11-19T18:38:15.751596Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/assets/index-CmRTRgJv.js","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"202eeba3052b073127b6100c58e72d44","sha1":"999f0020d681e057b055d65fa47f10d51506bcbb","sha256":"b3efa5bca6854f6ed741b833a7c057ccdc40ff2cd704161a113f151010547173","sha512":"b9917772397f745efe2fa051927aa184569ce24396688b487284abedddf6ea0cb88d9728c98be5cf31b5d97019e83fe15d9bdd15d6a9792136c9e6ce22485a62","ssdeep":"1536:UH8dXMJEaWHa43rEHSXYcy0l+ximnK2AHx2nKCs78tGiO2cUz/Px:HdcJXWLbRXYcye+V9nKCs78ciO8Z","tlshash":"178319d93285747a62bb04ee105f0101e3746a49bc4fc450e6bcec9a3959dba52eaf3c","size":85854,"data":"","first_seen":"2025-10-18T02:14:00.015718Z","last_seen":"2025-11-09T03:01:34.99907Z","times_seen":145,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hasidundianqi.com/utils/ttg.js","fqdn":"hasidundianqi.com","domain":"hasidundianqi.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b76a0ecb36eedd45f177f20b9f37603d","sha1":"76a5f38001a33dffad16ad8192db62c615e3986e","sha256":"9262564dbb162db08e79bc2817bbf8dec867ab9d9a4a1d78349c97965cedfdba","sha512":"82bdde1de9cd7fdc5250f493a882047797fa919fc69cd310404e6ce8fb5d978fd1d7f1c35c770ffc9c05aab6365761b7cee0a5a8f62ecd57c33babba10eef6a3","ssdeep":"3072:ncn4vsldqnz8NvH/1kwtgPgvRE/6q/cz031pESh:n4SscPIRE/69z031Dh","tlshash":"5524e8d976a2b062436335b4a07f110fb27eac95f10c8598f185e9e43e389ad9137f6c","size":210731,"data":"","first_seen":"2025-04-10T20:45:18.021691Z","last_seen":"2026-04-05T07:25:01.954262Z","times_seen":737,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hasidundianqi.com/utils/video.min.js","fqdn":"hasidundianqi.com","domain":"hasidundianqi.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"df43342fd9e73505eff7475192bccff4","sha1":"827727cf88f9dfd127a77733152549d85bc8450f","sha256":"760af543f1c477a5be950ff40af9ea80b3102b375063ddab73dff45ca661119c","sha512":"fbd061490676fd2dac0ef0161e3ff89e0883ae65da7bb055cc78694ad4af8a3ea2bc66952f3b42a2a59edf229ecd1dc3d38d5649c14e30641e8f9b36bafde02a","ssdeep":"6144:z4OeXfu6nzoHcSCNHSqRyYc8MYbONUHVkiH5YeYhoIA7fe9oR3lf7vfNLeGg+eE0:z4/XfumS8K3UHfYeYS51R3Xq","tlshash":"20d45bd4b394613606daa0e7a46e1301723a996d5804c06cf92dfeda2ce4e4db17ffb4","size":633391,"data":"","first_seen":"2025-10-03T01:03:10.108202Z","last_seen":"2026-03-31T02:56:07.340205Z","times_seen":141,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/1c3f447588e4dc7e3a03a2eb80818afa.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.918Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/1c3f447588e4dc7e3a03a2eb80818afa.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 39834\r\nlast-modified: Mon, 01 Sep 2025 06:52:56 GMT\r\netag: \"68b542c8-9b9a\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39834,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f7ff605cee0bf249708552ee841145fd","sha1":"4eddccab4d18f2dfa76c931a92d27a6e3acf09fc","sha256":"23c6f6dfa9cad1b9ed2f6357c6e3d519dd794357f2384cacae997e263ef4f29f","sha512":"2298880c4cde1a47ccf966f0085ca755a11cbfe4f9e866c16aeeac52b1103289a51b4d4aaf22c76114e789130ea1c0260ebd4731bf3987b7d62db6b7f5f25dd8","ssdeep":"768:fSzjEF+YGxbUjlwd9Zo1YzAO5qQ6P6xpIfHZSwDf5WeG:fSzjtxxYW9ZHq5P6qZBfseG","tlshash":"c503024dfce6c58c235f49a9d2affd3609b8ab893035d257f28312c5b80288a9dc5847","first_seen":"2025-10-22T10:49:34.61152Z","last_seen":"2025-10-22T10:49:34.61152Z","times_seen":1,"resource_available":false,"data":null}},"time_used":892,"timings":{"blocked":339,"dns":0,"connect":0,"send":0,"wait":487,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/4701adaa6e50d1dc0f0937be072531cd.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/4701adaa6e50d1dc0f0937be072531cd.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 35532\r\nlast-modified: Sat, 13 Sep 2025 12:22:06 GMT\r\netag: \"68c561ee-8acc\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35532,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5b348a3648603baa2bf1084a98d62fbc","sha1":"bb3706304fa1a409e4093e681fd36d5cee079e04","sha256":"bdcd851676af3bdd2a8711b809374a4d6f218781cd7735bc24f96145690ff4a5","sha512":"a9f70a64609127bfcaf8b1dffc6452e6d2ca42f08cd38ad92a2fccf60bc8da7886ef4ebe6b39aca2066c10390704265f2bd79caf38e6596845eb06d229570a66","ssdeep":"768:/cjGjbVxKWnr0+jm6kcU8I9Ym0LflSODebjkjFurZpBYZGTIuF4KvyTq:UCzVr0+jbkcUdSRwOu9ZIZGEuFZv","tlshash":"5ff2f18e813e2bd2357d076d31818931a77ce00fd5693b69e1f6185f89f526cde0d026","first_seen":"2025-10-22T10:49:34.614414Z","last_seen":"2025-10-22T10:49:34.614414Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1075,"timings":{"blocked":328,"dns":0,"connect":0,"send":0,"wait":700,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.3jh54h9vfc.com/cm-96x96-NEW.gif","fqdn":"zbb.bbb.3jh54h9vfc.com","domain":"3jh54h9vfc.com","tld":"com"},"ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zbb.bbb.3jh54h9vfc.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:34:37 GMT","end":"Mon, 12 Jan 2026 11:34:36 GMT"},"fingerprint":{"sha1":"1F:3E:EA:4B:3F:2E:DA:0F:F9:9B:B8:FC:14:27:E1:FF:B5:A3:4D:D6","sha256":"E0:70:68:1E:F9:C9:08:05:1C:B7:94:88:E3:59:71:F6:BB:F4:8E:B8:1B:AC:D3:16:32:D9:5E:01:CA:A9:80:D5"}}},"request":{"raw":"GET /cm-96x96-NEW.gif HTTP/1.1\r\nHost: zbb.bbb.3jh54h9vfc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:56 GMT\r\ncontent-type: image/gif\r\ncontent-length: 101213\r\nlast-modified: Sat, 11 Oct 2025 07:50:07 GMT\r\netag: \"68ea0c2f-18b5d\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101213,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 96 x 96","md5":"c32ef94dadf1c3b83af93336aeb0a24a","sha1":"bf1992d4f4d59fc0bce0caa73c04503a6dd7645b","sha256":"75b361ea0bf115a5cb8d550b97b2396b57d5b8e914b72fb4d1efbfc380a3092a","sha512":"0719b2ea97550c694229474d6c88806a96e56e32d904c835d3d5e52a9d850c2fac59dce00e5c2e545d97c7325229560b6685de26f26612a426dcd2f7cbc5c3c2","ssdeep":"3072:dIu1LyqdIK5TAMNr5oRoyROYkQ9Ht9a45oRoyROYkQ99:dh3dPAMVSRoAAQ9rvSRoAAQ99","tlshash":"a8a301e90e9920e903233168b697b6f9a05d0f946cbb76d16c2eb845d52037680dff72","first_seen":"2025-10-11T15:42:24.071785Z","last_seen":"2025-10-26T09:45:44.014056Z","times_seen":114,"resource_available":false,"data":null}},"time_used":2109,"timings":{"blocked":764,"dns":300,"connect":155,"send":0,"wait":155,"receive":418,"ssl":314},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.hx0iwlk6cb.com/677hf0603.gif","fqdn":"zbb.bbb.hx0iwlk6cb.com","domain":"hx0iwlk6cb.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.hx0iwlk6cb.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:31:55 GMT","end":"Mon, 12 Jan 2026 11:31:54 GMT"},"fingerprint":{"sha1":"E3:C5:FB:83:CD:F2:3D:36:02:65:89:22:F1:41:CB:DE:1F:2E:29:41","sha256":"8B:86:74:19:5C:CA:5A:A1:AD:1D:52:03:05:0F:94:5E:DD:9D:48:A2:DC:DC:F3:5D:FC:86:24:85:60:EA:57:7E"}}},"request":{"raw":"GET /677hf0603.gif HTTP/1.1\r\nHost: zbb.bbb.hx0iwlk6cb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 38226\r\nlast-modified: Tue, 03 Jun 2025 10:20:44 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38226,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 100","md5":"5e552adc9b2dca6b53c20b023a8ead8a","sha1":"76d510c345e8ca0a5b009633931cec871ed0ee34","sha256":"41575dc9a8467579bf0fdfbdcd9a123e69294dc390f4c4b4746d42ce68d0abd9","sha512":"f54ef99db2113546e44397b0045a46d866eb8e36101386affc784a1009dbef5efeb7bba491f67651ee38628508bc5b52a2c2e50d4c6731d7b7f6229ef17475a6","ssdeep":"768:3+4y8k1XaIl256b3BnwniPmp5ZgkMlne6KnM5Hac/Q:33y8WqQE6bxnj05ZgkMpq8Hk","tlshash":"2c03f129be00af55f49d93366f7a05b0733b1780d690bcf5ecda282fb6220b5e849650","first_seen":"2025-05-22T20:27:36.495049Z","last_seen":"2025-10-28T18:37:21.23394Z","times_seen":280,"resource_available":false,"data":null}},"time_used":1410,"timings":{"blocked":-1,"dns":227,"connect":164,"send":0,"wait":686,"receive":140,"ssl":192},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hasidundianqi.com/utils/ttg.js","fqdn":"hasidundianqi.com","domain":"hasidundianqi.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hasidundianqi.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 12:23:20 GMT","end":"Sat, 29 Nov 2025 12:23:19 GMT"},"fingerprint":{"sha1":"D7:98:B5:08:A9:F6:EA:8E:D6:8D:8B:EC:9C:56:61:FD:82:CF:EE:2A","sha256":"FA:C5:F4:34:30:C8:2B:32:06:51:BB:D2:E6:93:BC:49:1A:CD:5A:F2:43:DB:F5:7E:29:95:3D:1C:A4:E5:B7:82"}}},"request":{"raw":"GET /utils/ttg.js HTTP/1.1\r\nHost: hasidundianqi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 29 Sep 2025 19:01:27 GMT\r\ncontent-encoding: gzip\r\netag: W/\"68dad787-3372b\"\r\nserver: openresty\r\ndate: Fri, 03 Oct 2025 09:21:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-length: 83373\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 928267573251147836\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":210731,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (590)","md5":"b76a0ecb36eedd45f177f20b9f37603d","sha1":"76a5f38001a33dffad16ad8192db62c615e3986e","sha256":"9262564dbb162db08e79bc2817bbf8dec867ab9d9a4a1d78349c97965cedfdba","sha512":"82bdde1de9cd7fdc5250f493a882047797fa919fc69cd310404e6ce8fb5d978fd1d7f1c35c770ffc9c05aab6365761b7cee0a5a8f62ecd57c33babba10eef6a3","ssdeep":"3072:ncn4vsldqnz8NvH/1kwtgPgvRE/6q/cz031pESh:n4SscPIRE/69z031Dh","tlshash":"5524e8d976a2b062436335b4a07f110fb27eac95f10c8598f185e9e43e389ad9137f6c","first_seen":"2025-04-10T20:45:18.021691Z","last_seen":"2026-04-05T07:25:01.954262Z","times_seen":737,"resource_available":true,"data":null}},"time_used":2711,"timings":{"blocked":1129,"dns":528,"connect":247,"send":0,"wait":248,"receive":299,"ssl":257},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/api/index_rmd","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /api/index_rmd HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nContent-Type: application/json\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:52 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Authorization, Origin, X-Requested-With, Content-Type, Accept, Sign, Timestamp\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, GET, POST, OPTIONS, PUT, DELETE\r\naccess-control-allow-origin: *, *\r\nx-system-goroutines: 25\r\nx-system-memory-mb: 225\r\nx-system-memory-percent: 67.58\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9gEnQV0rnUG0vuJpKs5tU1ccNpzEnwm6veFqBMGrSNQJimqPQBsUV0usZFmMIx0EiOK3XPGgfrnf259Wh8vI%2Buh4ikZCYWJW9rnp3uXjdw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99286cbf28b9a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4316,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a2700be0a9c59a5b2187a52b1a7bc226","sha1":"038c9520ed57251b2ce128ad0aef8cd477250d26","sha256":"0dd3c28c76947fb2514d62d07292c061fa5ce7d937dde00b37f171bff6645c5d","sha512":"de1fc751b8d1bdaca405065b3227f040f831ef1492b3b060ae2dd2d241da98d4033392a4f62df77590eb015a85922be0b26c95e988299c46d0875e4f2683c052","ssdeep":"96:ZL0CXMpbVsEUeoAwWZKB0bOqfdWqa0vSQY:ZL0CXGeEUDA4eN1a0qQY","tlshash":"5e916537239a9e5f8a2073e09aca184de1ba320621e7a7d56e65fd4ed4f42d0510d22f","first_seen":"2025-10-22T10:49:34.624345Z","last_seen":"2025-10-22T10:49:34.624345Z","times_seen":1,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/055ac87ed49ff38d9423f96809b736b7.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/055ac87ed49ff38d9423f96809b736b7.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 51534\r\nlast-modified: Mon, 13 Oct 2025 10:15:08 GMT\r\netag: \"68ecd12c-c94e\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51534,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"0b1fd27ef208aef71a63a18ba939435f","sha1":"a1844ce36a89609d8475f79aae142fba1d8a50c3","sha256":"909a27357584e0cc465e00a5f262f3d7de5d024a9b7496b404859ccfd8d4c993","sha512":"fa1f8cb148363f0778dfe31f86971e5166d2eda65c1ab1d4624f307a5c89a8939b7ace6d4dc734ae96a54d27df7b77ca8d7e81ea54fd7a2c9bddc47eb73ddb32","ssdeep":"1536:3DHzWoTj5B+azq5KalEfs98SHvfiIMNwmtOQUnv:THvTjKhKa+sVHtmtHa","tlshash":"6633f1dcaf0dfa64f0622765b572771583e179c07b1f601e341ca9da01b01c3eb9696b","first_seen":"2025-10-22T10:49:34.629483Z","last_seen":"2025-10-22T10:49:34.629483Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1013,"timings":{"blocked":331,"dns":0,"connect":0,"send":0,"wait":604,"receive":78,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/3?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026page-ref=\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A210203917860%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A854459371%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Ast%3A1761130134\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ti(2)","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/3?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026page-ref=\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A210203917860%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A854459371%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Ast%3A1761130134\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ti(2) HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.hmnc9vy.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlast-modified: Wed, 22-Oct-2025 10:48:54 GMT\r\naccess-control-allow-origin: https://www.hmnc9vy.com\r\nexpires: Wed, 22-Oct-2025 10:48:54 GMT\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\npragma: no-cache\r\nx-xss-protection: 1; mode=block\r\nset-cookie: yabs-sid=226381771761130134; Path=/; SameSite=None; Secure\ni=TQst7PwRssNYeTeYlzw2/dq6prMU1ksEsDKgwfCLgWrimu7SgWRcIbkWygj3yqVRrgzliaaTa//nSwyOXPKdrYIPMOo=; Expires=Sat, 20-Oct-2035 10:48:52 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=8571091751761130134; Expires=Sat, 20-Oct-2035 10:48:52 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None\nyuidss=8571091751761130134; Expires=Thu, 22-Oct-2026 10:48:54 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nymex=1792666134.yrts.1761130134#1792666134.yrtsi.1761130134; Expires=Thu, 22-Oct-2026 10:48:54 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nbh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 26 Nov 2026 10:48:54 GMT; SameSite=None; Secure\nbh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 26 Nov 2026 10:48:54 GMT; SameSite=None; Secure\r\nlocation: /watch/3/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026page-ref\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A210203917860%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A854459371%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Ast%3A1761130134\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29\u0026redirnss=1\r\nstrict-transport-security: max-age=31536000\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":501,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":315,"timings":{"blocked":152,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":114},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/94492470?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A128343677600%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A868269780%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1761130134%3At%3A33B%20-%20%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E8%A7%86%E9%A2%91\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2)","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/94492470?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A128343677600%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A868269780%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1761130134%3At%3A33B%20-%20%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E8%A7%86%E9%A2%91\u0026t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.hmnc9vy.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: https://www.hmnc9vy.com\r\naccess-control-allow-credentials: true\r\nexpires: Wed, 22-Oct-2025 10:48:54 GMT\r\nlocation: /watch/94492470/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A128343677600%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A868269780%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1761130134%3At%3A33B%20-%20%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E8%A7%86%E9%A2%91\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29\u0026redirnss=1\r\nset-cookie: yabs-sid=1695190701761130134; Path=/; SameSite=None; Secure\ni=wGOpA/XmelmQUxiQtM9wJK+ktAcUzi6uoy9k4eiBiTy9WdnWt2SSkC50O3iW3nL4k6zbAHxWm57gFvFa5tbyddbaYZc=; Expires=Sat, 20-Oct-2035 10:48:53 GMT; Domain=.webvisor.org; Path=/; Secure; HttpOnly; SameSite=None\nyandexuid=1732990711761130134; Expires=Sat, 20-Oct-2035 10:48:53 GMT; Domain=.webvisor.org; Path=/; Secure; SameSite=None\nyuidss=1732990711761130134; Expires=Thu, 22-Oct-2026 10:48:54 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nymex=1792666134.yrts.1761130134#1792666134.yrtsi.1761130134; Expires=Thu, 22-Oct-2026 10:48:54 GMT; Domain=.webvisor.org; Path=/; SameSite=None; Secure\nbh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 26 Nov 2026 10:48:54 GMT; SameSite=None; Secure\nbh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 26 Nov 2026 10:48:54 GMT; SameSite=None; Secure\r\nstrict-transport-security: max-age=31536000\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nlast-modified: Wed, 22-Oct-2025 10:48:54 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":672,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":411,"timings":{"blocked":181,"dns":1,"connect":48,"send":0,"wait":47,"receive":0,"ssl":131},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/vite.svg","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /vite.svg HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nCookie: _ym_uid=1761130134547722796; _ym_d=1761130134; _ym_hostIndex=0-3%2C1-0; _ym_isad=2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:54 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Fri, 17 Oct 2025 10:31:42 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8twBtdDvjlfW63%2BDb36GO2ErVNrGviK3udQlVbgNvfULojBqPboWics9gTwImofYklDTEgQDkWL2h15wfpFrP%2BlhCF0BrLxRo0RbTwS9Ag%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 99286ccd5c0ea0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c0e4675c5aeb0f5d270e3a0cfe08b7db","sha1":"119dc159023e3616e70d2c721f505946be521bb7","sha256":"9434101cdaed5f6b40b5028c9cb0ab20812a230d15f14c8b6417068938ced05a","sha512":"4b8d895e69231817586b9c536a81b9e65fdad0986228828e517c7c75a30192146bd35bd1b2f4a79b6e17182d73642c7dd6f9c8a0312b5f4289b817b194ca801b","ssdeep":"","tlshash":"35113e846ce0c804833102652ff3e10c36a6e71b564ecc48b1ee50761f80fd2889f86c","first_seen":"2025-10-18T02:13:59.986619Z","last_seen":"2025-11-09T03:01:34.966562Z","times_seen":153,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.73533chqpw.com/cmzxtbas.gif","fqdn":"zbb.bbb.73533chqpw.com","domain":"73533chqpw.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.73533chqpw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Oct 2025 07:23:55 GMT","end":"Sun, 04 Jan 2026 07:23:54 GMT"},"fingerprint":{"sha1":"6F:5D:48:EC:06:9D:B6:F4:CB:B6:74:23:D1:A3:7A:19:A0:47:A2:FE","sha256":"8A:DA:26:03:81:42:95:1D:77:2A:57:E5:4A:AD:83:AE:99:16:31:05:31:85:2A:01:2A:9C:91:6C:CD:B7:4F:9B"}}},"request":{"raw":"GET /cmzxtbas.gif HTTP/1.1\r\nHost: zbb.bbb.73533chqpw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 31727\r\nlast-modified: Sat, 26 Jul 2025 07:30:27 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":31727,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"2c3ebec2ae44c7bbd8aba1e6b6ccbd8a","sha1":"ee3eb7810b3038ed76c26fcce801412c56dd5769","sha256":"3aa7adace024251965981646416d6cb6628209437f81ac32aa882bf30a26ed0a","sha512":"76de4d81edd11b0d593f3723ecb6c75c5d2b5f4fde7421bca468c6929d4ae4adfce01e89715d520d9cd17a4cfd8951aa985e9758100fa8c25408b5d338357f3e","ssdeep":"768:RHfwq0BwpGzGrtQOrSk89NoVcZAa7jMzz:RHfmKKTk8+cqa7jOz","tlshash":"37e2e005fb720f26ee19a4b5bef83255326b86c0b7d4d27dfd89885f9cb50398140a63","first_seen":"2025-09-23T01:38:41.273973Z","last_seen":"2026-04-05T07:25:01.92204Z","times_seen":193,"resource_available":false,"data":null}},"time_used":1497,"timings":{"blocked":701,"dns":0,"connect":0,"send":0,"wait":585,"receive":34,"ssl":177},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.hx0iwlk6cb.com/8810hf603.gif","fqdn":"zbb.bbb.hx0iwlk6cb.com","domain":"hx0iwlk6cb.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.hx0iwlk6cb.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:31:55 GMT","end":"Mon, 12 Jan 2026 11:31:54 GMT"},"fingerprint":{"sha1":"E3:C5:FB:83:CD:F2:3D:36:02:65:89:22:F1:41:CB:DE:1F:2E:29:41","sha256":"8B:86:74:19:5C:CA:5A:A1:AD:1D:52:03:05:0F:94:5E:DD:9D:48:A2:DC:DC:F3:5D:FC:86:24:85:60:EA:57:7E"}}},"request":{"raw":"GET /8810hf603.gif HTTP/1.1\r\nHost: zbb.bbb.hx0iwlk6cb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 110990\r\nlast-modified: Tue, 03 Jun 2025 10:20:44 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":110990,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 100","md5":"b1c835bb501b4f63153f4008edc86e4b","sha1":"dcc24c7fb1d4fb1e7b6bdf57333cee44defda2db","sha256":"29825537cda8271764931b8d40ef6fe17fc4ecf209a4c93ce1906aa65b16cb93","sha512":"3568371db31ffbc29a6b1fdb08139d966b93596c4d1e45bb41256f54af0a7a3e18c8ae5af1956b5b90de25af09d70b2efd5ca465ec9e514fca97f4b1b59cf279","ssdeep":"3072:emNXGOgttwc9GkpRp5Jp/hEu4//aUa2vjm:bzgt68pRXJpZEB/aD2vq","tlshash":"bcb3021f8d048402d66568b6d2f21df147e3e7a5e482fa940dfef5260b8cefd8846d86","first_seen":"2025-05-22T20:27:36.443272Z","last_seen":"2025-10-28T18:37:21.232992Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1181,"timings":{"blocked":-1,"dns":215,"connect":157,"send":0,"wait":157,"receive":478,"ssl":174},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.59a63383.com:1443/p2/ee0cff472473c9bf7a26b15583948f57.webp","fqdn":"i.59a63383.com","domain":"59a63383.com","tld":"com"},"ip":{"addr":"172.247.125.52","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"59a63383.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:48:23 GMT","end":"Sat, 29 Nov 2025 15:48:22 GMT"},"fingerprint":{"sha1":"C9:59:BE:83:EA:13:48:20:AA:08:26:AC:11:AB:14:2A:05:41:26:D3","sha256":"5B:9C:0E:64:63:64:E2:82:C7:BA:2C:E6:74:29:64:CF:31:DE:DA:2A:A9:C6:73:00:23:AE:63:9E:53:16:AC:13"}}},"request":{"raw":"GET /p2/ee0cff472473c9bf7a26b15583948f57.webp HTTP/1.1\r\nHost: i.59a63383.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 30660\r\nlast-modified: Wed, 27 Aug 2025 02:17:07 GMT\r\netag: \"68ae6aa3-77c4\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30660,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a07b08ecee96bd4d143f335337304be6","sha1":"ec9ce9efd43fc90c7696997f8bd90b97f992f02e","sha256":"cf43290af400d4d99741ab589509f500eaf4b468972f41f0c33ec2ae6da3f851","sha512":"7503585440fcd1735caced29442127653bda27150086defe060b325422f070a82181b096f04d647ab218319e8ee8f373a97ea00e2ff510c0abdddd034753c4bb","ssdeep":"768:68Nti1nL8ShGN78YoQX+0m9/FooWDqjwjIkPOJrqF61i:FsdxN0m99ooWmjwhP0E","tlshash":"05d2021cb66cedc67bca1ea35f376629ad44232978bb1cd67021110e8de3c02767e4e1","first_seen":"2025-10-22T10:49:34.643277Z","last_seen":"2025-10-22T10:49:34.643277Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1084,"timings":{"blocked":364,"dns":0,"connect":0,"send":0,"wait":683,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.59a63383.com:1443/p2/644e7031781aecaab499c368c3ee145f.webp","fqdn":"i.59a63383.com","domain":"59a63383.com","tld":"com"},"ip":{"addr":"172.247.125.52","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"59a63383.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:48:23 GMT","end":"Sat, 29 Nov 2025 15:48:22 GMT"},"fingerprint":{"sha1":"C9:59:BE:83:EA:13:48:20:AA:08:26:AC:11:AB:14:2A:05:41:26:D3","sha256":"5B:9C:0E:64:63:64:E2:82:C7:BA:2C:E6:74:29:64:CF:31:DE:DA:2A:A9:C6:73:00:23:AE:63:9E:53:16:AC:13"}}},"request":{"raw":"GET /p2/644e7031781aecaab499c368c3ee145f.webp HTTP/1.1\r\nHost: i.59a63383.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 37976\r\nlast-modified: Tue, 14 Oct 2025 17:51:22 GMT\r\netag: \"68ee8d9a-9458\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37976,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e874c0e9efc155d2079fc338648f7311","sha1":"16ed5fda5c0cafad30e0cbbcb94ec36ee68147a5","sha256":"e5444b8ccf2a5d1cb7d920d28fc9e28ea39ed58143d13d8b5e3362993fdd6668","sha512":"1d6c1eb1ff07f279448c78659a54ea176f16e2d9f3ab0498e2379beaea85b6c1b1cc977e7b5222876dc8211410d5d60ba702f6a0a0a6074878f767f39b79c3d2","ssdeep":"768:hMqiAnvv75YPAGJz+6xZpmftmZG5ovBy8NqDdRae/H:hPi89Y4GJz+6xZhGm5NqPaeP","tlshash":"c803f19ff93141d7e6c33ec4d133689b3033c867ea49621d7a435d89b4aa39e9420ce9","first_seen":"2025-10-22T10:49:34.645692Z","last_seen":"2025-10-25T12:30:47.83301Z","times_seen":2,"resource_available":false,"data":null}},"time_used":988,"timings":{"blocked":351,"dns":0,"connect":0,"send":0,"wait":591,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/b5eb9077b81e8aafd9dc2d38193f6d13.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/b5eb9077b81e8aafd9dc2d38193f6d13.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 43986\r\nlast-modified: Tue, 19 Aug 2025 02:28:35 GMT\r\netag: \"68a3e153-abd2\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43986,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a285a57a30c784dfe6b53510208343c6","sha1":"b2a56ed7a1cd4ae38c436e2f5323189437b1447e","sha256":"0bb63e4b6e09c2f98c0dd9fede10ef954f7f450953da244cbe6a1e869688e205","sha512":"46e1a6ace1d3a542ddcb5a1f1d5f252430c7d9c632eb7db2bdbe13402a33e46b7fa4deb55d789e5dd37070a9ce04de3d31f04155e0446ce80d31266532a67a30","ssdeep":"768:nNub/OHfG0RUsN9AxhvQNNcGlzS4lSKRiyaVIu0ceDqL60CM2haZ3VwcgCGvR+:nN/HfrRUsnAxdQNCGlGRKRiAL7Dmgdc7","tlshash":"7a13021e8b21bdb3788bc4048e3fd53177468e97072dace5024bada38b0e97d1547a79","first_seen":"2025-10-22T10:49:34.651299Z","last_seen":"2025-10-22T10:49:34.651299Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1143,"timings":{"blocked":324,"dns":0,"connect":0,"send":0,"wait":723,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.hx0iwlk6cb.com/v3881tb.gif","fqdn":"zbb.bbb.hx0iwlk6cb.com","domain":"hx0iwlk6cb.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.hx0iwlk6cb.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:31:55 GMT","end":"Mon, 12 Jan 2026 11:31:54 GMT"},"fingerprint":{"sha1":"E3:C5:FB:83:CD:F2:3D:36:02:65:89:22:F1:41:CB:DE:1F:2E:29:41","sha256":"8B:86:74:19:5C:CA:5A:A1:AD:1D:52:03:05:0F:94:5E:DD:9D:48:A2:DC:DC:F3:5D:FC:86:24:85:60:EA:57:7E"}}},"request":{"raw":"GET /v3881tb.gif HTTP/1.1\r\nHost: zbb.bbb.hx0iwlk6cb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 179997\r\nlast-modified: Thu, 12 Jun 2025 07:44:14 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":179997,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"ad393329219fe24791019dba29aaa6cd","sha1":"4c89e032717d67a45aecec43940871d9df18b17a","sha256":"035b6529760fae8a920c523e1d8f3136b4941b4b8367116844b413cba2938025","sha512":"1aaffb03729474aac2b4004c223f7f0a32916e0d21a477d917294af36604af782f5cbfc29ba6d89a0e59861785a12fa28d32c48016c33e9b918f0803adda9aac","ssdeep":"3072:UgHR5gHR5gHR5gHRjjyIjyIjyIjyAv2ipNv2ipNv2ipNv2ipNv2it5:LoooNjZjZjZjTdddZ5","tlshash":"b704f259c6cd5559636482b2219333bd45a3e4b0e2cbde3433ae488e3eda07cf4b485b","first_seen":"2025-05-22T20:27:36.44535Z","last_seen":"2026-04-05T07:25:01.939859Z","times_seen":397,"resource_available":false,"data":null}},"time_used":1523,"timings":{"blocked":-1,"dns":262,"connect":159,"send":0,"wait":649,"receive":259,"ssl":190},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/sync_cookie_image_check","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /sync_cookie_image_check HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nCookie: yabs-sid=1695190701761130134; i=wGOpA/XmelmQUxiQtM9wJK+ktAcUzi6uoy9k4eiBiTy9WdnWt2SSkC50O3iW3nL4k6zbAHxWm57gFvFa5tbyddbaYZc=; yandexuid=1732990711761130134; yuidss=1732990711761130134; ymex=1792666134.yrts.1761130134#1792666134.yrtsi.1761130134; bh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org\u0026token=10827.sD7tcMVjGaYZWI2npkBrYgPpujMzvcFSm4gw0m9hVs98X5skQJ_slSfpDP0yMUxr.43Ze6lkxuzlTJNoe89UcQ9Azj2Y%2C\r\nstrict-transport-security: max-age=31536000\r\nx-xss-protection: 1; mode=block\r\nset-cookie: sync_cookie_csrf=1792115820fake; Expires=Wed, 22-Oct-2025 10:58:54 GMT; Domain=.mc.webvisor.org; Path=/; SameSite=None; Secure\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.hx0iwlk6cb.com/v3677icon.gif","fqdn":"zbb.bbb.hx0iwlk6cb.com","domain":"hx0iwlk6cb.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.hx0iwlk6cb.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:31:55 GMT","end":"Mon, 12 Jan 2026 11:31:54 GMT"},"fingerprint":{"sha1":"E3:C5:FB:83:CD:F2:3D:36:02:65:89:22:F1:41:CB:DE:1F:2E:29:41","sha256":"8B:86:74:19:5C:CA:5A:A1:AD:1D:52:03:05:0F:94:5E:DD:9D:48:A2:DC:DC:F3:5D:FC:86:24:85:60:EA:57:7E"}}},"request":{"raw":"GET /v3677icon.gif HTTP/1.1\r\nHost: zbb.bbb.hx0iwlk6cb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 63605\r\nlast-modified: Thu, 12 Jun 2025 07:44:14 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63605,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 96 x 96","md5":"5da32448c2ebbd0bcc6ab636433ff61a","sha1":"fa5d2f06b4b1bfbfec629097decb06cb019b56a2","sha256":"ff3a652b56f95f69c96786b4a501d7fa9e8689cdeb48b430c25bb0340d082dd6","sha512":"30ec5d3bce1bf75f62f025779fb944cdd3bd3debd42b88e29b08633ae0741c3abab106d67b35099f4dc16dce21e552d7d3bddbcdad7dc22c94c4a0bde65c81ef","ssdeep":"1536:325jbG8bSv57P2qlYlTzGiMiV0UKOvSvSW:3QjKvtTYTzWiV7JvSvSW","tlshash":"3e53f19b65b5dcb7c20830fdac55a6b68fecd8c0924492bcd74b28f4667d45c826c1ce","first_seen":"2025-05-22T20:27:36.472364Z","last_seen":"2025-10-28T18:37:21.228582Z","times_seen":334,"resource_available":false,"data":null}},"time_used":2063,"timings":{"blocked":636,"dns":282,"connect":160,"send":0,"wait":690,"receive":101,"ssl":185},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.k99clxltt5.com/majiang-0158-480*100.gif","fqdn":"zbb.bbb.k99clxltt5.com","domain":"k99clxltt5.com","tld":"com"},"ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zbb.bbb.k99clxltt5.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:33:16 GMT","end":"Mon, 12 Jan 2026 11:33:15 GMT"},"fingerprint":{"sha1":"B0:4A:A8:3D:A7:D6:7C:1D:3E:27:19:93:CD:7A:49:33:CC:C1:3C:75","sha256":"20:82:C9:E3:AD:DA:65:4C:02:A1:58:AD:A3:1D:95:3A:99:7B:93:A6:61:52:A0:D7:9D:C3:B9:E0:E6:B7:47:36"}}},"request":{"raw":"GET /majiang-0158-480*100.gif HTTP/1.1\r\nHost: zbb.bbb.k99clxltt5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:56 GMT\r\ncontent-type: image/gif\r\ncontent-length: 337904\r\nlast-modified: Thu, 16 Oct 2025 16:32:48 GMT\r\netag: \"68f11e30-527f0\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":337904,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 100","md5":"615e1901dc634739fecf9035ff0e2733","sha1":"46b1cd0e0362acac1c736d4c96e3ef5784ced12c","sha256":"d712b5228170f73e863c7c283da4392ade9192020292b2744ba9368d1230f28b","sha512":"0da848422c4a0eead683f14ca663c3b2a0414854af09d9997101851f7a29f5421155a3e31c93b429bbfc0526d042a862ffb8f393cf44acd3ebc68b593ce444fc","ssdeep":"6144:XYS5ps9FJbhZXSyjpnY46H3DP0kGnjerj9hfIwW1RLeIMSv8oP:oSPs9bhZCyjxUDPWSrjCL4Sv8U","tlshash":"767423db499d03748f263691bcae83f76091ef54d6b4a306e90e7ce135447c09aee70a","first_seen":"2025-10-16T20:00:53.5042Z","last_seen":"2026-03-19T07:55:27.415537Z","times_seen":62,"resource_available":false,"data":null}},"time_used":1603,"timings":{"blocked":-1,"dns":232,"connect":157,"send":0,"wait":526,"receive":362,"ssl":325},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/assets/index-iyM3w45l.css","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /assets/index-iyM3w45l.css HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:52 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 17 Oct 2025 10:31:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f21b0e-499a\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A4A0gRZ%2B7BOxBHQAA6Zxk%2BIWsOlPKrdNfocGlObZ7viF9Pjc8dEzDFyROg2g8v0%2BPgb3stAsn1bALiZlgCNRG2%2FDanZWwGCT%2BrYwzYMaNQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99286cbd4be5a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18842,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (18841)","md5":"88c58fb017ec09f5bb095a044e4d3766","sha1":"48ccae181092f62ebea1cd33de79ea81fd83a757","sha256":"d392155eacc5e9c50d49dfbc46cf37880dadbf0e4208529e48636a6c868b8c36","sha512":"f4425aeffa001518c7292421c4f98c5d0fb5584caa0ce32506dfaba0d94e0ed8c30e8c39d1038a1d21b7699bbfb2df67fdadfa42c42346726def7a5a09779527","ssdeep":"192:O9JyW9JyyxwOP72+g2YusiNsfb0SvjcC8ynLCUqrFsf6llZltl:kwk7gXTihStpeUqrh1","tlshash":"d982862dab50142b6c6781f6e5d5f65df226b0c0df399aeaf98255209bc63e31c83604","first_seen":"2025-10-18T02:14:00.00499Z","last_seen":"2025-11-09T03:01:34.964495Z","times_seen":146,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":219,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/3/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026page-ref\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A210203917860%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A854459371%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Ast%3A1761130134\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29\u0026redirnss=1","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/3/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026page-ref\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A2%3Adp%3A0%3Als%3A210203917860%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A854459371%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Ast%3A1761130134\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29\u0026redirnss=1 HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.hmnc9vy.com\r\nReferer: https://www.hmnc9vy.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: yabs-sid=226381771761130134; i=TQst7PwRssNYeTeYlzw2/dq6prMU1ksEsDKgwfCLgWrimu7SgWRcIbkWygj3yqVRrgzliaaTa//nSwyOXPKdrYIPMOo=; yandexuid=8571091751761130134; yuidss=8571091751761130134; ymex=1792666134.yrts.1761130134#1792666134.yrtsi.1761130134; bh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 501\r\nstrict-transport-security: max-age=31536000\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\ncontent-type: application/json; charset=utf-8\r\nx-xss-protection: 1; mode=block\r\naccess-control-allow-origin: https://www.hmnc9vy.com\r\npragma: no-cache\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\nlast-modified: Wed, 22-Oct-2025 10:48:54 GMT\r\nexpires: Wed, 22-Oct-2025 10:48:54 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":501,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"792e7d67724958892d741dd7902cdd20","sha1":"43017ec38765bf04aeb0d83043f7ed90af4bd14b","sha256":"2f42936da3b452c0566cbd7e7f11a720ed42570a30046e65758f620e7614d8a4","sha512":"25c6ffb429fabd3380ef984e622ab06446ac929c8172bd67dc6b04899878927c0abaa5abccef03d3d3d80064744aa10d0c7e4662eff49e46f117508f0ef9e8de","ssdeep":"","tlshash":"1ff00524dd800c2b5285c622c4a67e871b785000e8d343961b26d3c91cbfffc3926630","first_seen":"2025-10-22T10:49:34.671498Z","last_seen":"2025-10-22T10:49:34.671498Z","times_seen":1,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.59a63383.com:1443/p2/34216108026ae98146a0cbcd3bb4af51.webp","fqdn":"i.59a63383.com","domain":"59a63383.com","tld":"com"},"ip":{"addr":"172.247.125.52","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"59a63383.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:48:23 GMT","end":"Sat, 29 Nov 2025 15:48:22 GMT"},"fingerprint":{"sha1":"C9:59:BE:83:EA:13:48:20:AA:08:26:AC:11:AB:14:2A:05:41:26:D3","sha256":"5B:9C:0E:64:63:64:E2:82:C7:BA:2C:E6:74:29:64:CF:31:DE:DA:2A:A9:C6:73:00:23:AE:63:9E:53:16:AC:13"}}},"request":{"raw":"GET /p2/34216108026ae98146a0cbcd3bb4af51.webp HTTP/1.1\r\nHost: i.59a63383.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 56426\r\nlast-modified: Thu, 25 Sep 2025 09:46:08 GMT\r\netag: \"68d50f60-dc6a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":56426,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"af0d82358426aa2a200f0411bc7ffeb0","sha1":"334bbba5b6cb13e5ef07d315390ce3211954684b","sha256":"c447db5d2e3dd94cba58ca728fffda50859df952248eaf47df62bb53c3b10256","sha512":"6fc12b136765dba12d24d88625cdc9829cdcdca337f9ce984889dc1bd3ec827de2bd5878e4119cb63252578034c9d207d40fe09135d25c6c35253f03317ded41","ssdeep":"1536:yduzoQQFZgxra4xAbt5e3FM2q1OiZ2XeX5zd9:jP2Zgn0b222XeB","tlshash":"0d4302a369b0b9ac63c1433570f5aa47f9ac48c418d94f74678cdc36f92a8d2c6921fc","first_seen":"2025-10-22T10:49:34.675859Z","last_seen":"2025-10-22T10:49:34.675859Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1218,"timings":{"blocked":370,"dns":44,"connect":153,"send":0,"wait":307,"receive":170,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/d85a102da18b17a84573b9b1ccc8ee9e.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/d85a102da18b17a84573b9b1ccc8ee9e.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 37222\r\nlast-modified: Tue, 05 Aug 2025 08:15:35 GMT\r\netag: \"6891bda7-9166\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37222,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5ecad839114245f7dc239b22019626fa","sha1":"b32c35f2de665087c5546a34f49110d5468b9388","sha256":"061d79f2820e6a7fcd5679e682c682b7db6f3c210caf6eae64cadf38c6f9c08a","sha512":"05bc894dd956db353fd292ff127534a00e556b90c322c102a4a85d88a44e7e25a2069f8763e4b571b96b79be619dd09ae17bc3c87029b1dbf781fd3fce52bd7c","ssdeep":"768:zPDA2dz7MmPwrWhOe+nipRQELt1TngwDcE0vQuLjL0oO6ndjCYFkhQ:zbTz7MCCaOeOip3LtzDcE0DLj4rujCGJ","tlshash":"9af2f174b0e3a74dfeacf39e7434eecb68aa85006525595c98e04f682d76c0011bb5ef","first_seen":"2025-10-22T10:49:34.680402Z","last_seen":"2025-10-22T10:49:34.680402Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1081,"timings":{"blocked":330,"dns":21,"connect":158,"send":0,"wait":158,"receive":240,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.59a63383.com:1443/p2/cb36c3668ab336aae220466eb438af5e.webp","fqdn":"i.59a63383.com","domain":"59a63383.com","tld":"com"},"ip":{"addr":"172.247.125.52","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"59a63383.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:48:23 GMT","end":"Sat, 29 Nov 2025 15:48:22 GMT"},"fingerprint":{"sha1":"C9:59:BE:83:EA:13:48:20:AA:08:26:AC:11:AB:14:2A:05:41:26:D3","sha256":"5B:9C:0E:64:63:64:E2:82:C7:BA:2C:E6:74:29:64:CF:31:DE:DA:2A:A9:C6:73:00:23:AE:63:9E:53:16:AC:13"}}},"request":{"raw":"GET /p2/cb36c3668ab336aae220466eb438af5e.webp HTTP/1.1\r\nHost: i.59a63383.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25952\r\nlast-modified: Sun, 07 Sep 2025 02:12:52 GMT\r\netag: \"68bcea24-6560\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":25952,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"410deabd3dd944f66a8850483be30c30","sha1":"8e8027a41bb0c3c8d6a0e18f8f72c4c1393e4a10","sha256":"fbdd1838bff388971fb3c351d17c045fa57ab2fb74b31a5509f961f0bddfd7a3","sha512":"a11bc83ec2ce977450e21b59d2177999a64f6898d4e1426efa3b585f26e75f1b32088680189fa46a5198255510f19a179a2053a6f80d63497d5aed08d7d13bb6","ssdeep":"384:8HBylTWHto6pG5NMv+06NXxigtRNa3/kjAbF4alZ/eSBa9iOWEMkrTs15LA2+Ozc:80luB2WmMgtn4SbcjjArg1rVS3","tlshash":"8bc2f1d2449dc063781cd26b7a6fc7456b52820672f57bd4c2eda129113cbe36e23857","first_seen":"2025-10-22T10:49:34.686351Z","last_seen":"2025-10-22T10:49:34.686351Z","times_seen":1,"resource_available":false,"data":null}},"time_used":891,"timings":{"blocked":344,"dns":0,"connect":0,"send":0,"wait":523,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.73533chqpw.com/cmzxtbxm.gif","fqdn":"zbb.bbb.73533chqpw.com","domain":"73533chqpw.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.73533chqpw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Oct 2025 07:23:55 GMT","end":"Sun, 04 Jan 2026 07:23:54 GMT"},"fingerprint":{"sha1":"6F:5D:48:EC:06:9D:B6:F4:CB:B6:74:23:D1:A3:7A:19:A0:47:A2:FE","sha256":"8A:DA:26:03:81:42:95:1D:77:2A:57:E5:4A:AD:83:AE:99:16:31:05:31:85:2A:01:2A:9C:91:6C:CD:B7:4F:9B"}}},"request":{"raw":"GET /cmzxtbxm.gif HTTP/1.1\r\nHost: zbb.bbb.73533chqpw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 49723\r\nlast-modified: Sat, 26 Jul 2025 07:43:06 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":49723,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"b75b847877e776405d71803a94598950","sha1":"6b93ac112398ea8a136ec83c7c9a7fbb1b2d894f","sha256":"94d6f15691f1e81ad3ae3c352c25eb8599b38aff20871eefcdd2f5793ae20cf0","sha512":"e8bbfc3c620c41a70ae58ed9dd5fe5a1f3a1da46b97eef5af80119f231d5f9356a0237f0f10f81408b9a017f0f3a98dffca01e042d863037831e42067231f17f","ssdeep":"768:0SQlbE8sWg1AmDtPjUFQfARC+hCrBG+j+OWh7/utDeMafwyOWh7/utJ:0Siq39hAQfAR1eFK/7Ofav/7S","tlshash":"aa23e13ff8012c50d42efab854bf6187907acd503f919a323af799295a8693d484d98f","first_seen":"2025-09-23T01:38:41.250353Z","last_seen":"2026-04-05T07:25:01.960844Z","times_seen":274,"resource_available":false,"data":null}},"time_used":1952,"timings":{"blocked":701,"dns":371,"connect":155,"send":0,"wait":456,"receive":86,"ssl":179},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/api/combined_data","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /api/combined_data HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nContent-Type: application/json\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:55 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Authorization, Origin, X-Requested-With, Content-Type, Accept, Sign, Timestamp\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, GET, POST, OPTIONS, PUT, DELETE\r\naccess-control-allow-origin: *, *\r\nx-system-goroutines: 25\r\nx-system-memory-mb: 225\r\nx-system-memory-percent: 67.58\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CCmHixm3K4lZaPrqZC%2Bd3x7ueXHbUjrbRwLJ66TzlC9r4h91TLPcAXTU0JJ0WpihUyTE7x5UzoyaGbPNCHAw9pqG%2Fask0TyplUXd3NBRew%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99286cbef81aa0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3548,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5ad6a6cf78972372438b903d700dd5a4","sha1":"7f05db9ec178f2199caa272b6ad0ae2775028c12","sha256":"4cc14ce395b99b0749a282e413cb6e2e0d2c1a5bbf097b843aad8ba941c72b1d","sha512":"0b252ee05621a11bc9e48ae5de854cd47e3c2cd9d132f14aa5748ecbbcbf24262bd59309b68265cb5aeac0011a12803c2c4948119c5578bd355bec4065b188c9","ssdeep":"","tlshash":"12713797039e5a3a1306bbc249eb2e0cc49e760b5cd0adaac645ee1cd17caf5c51846f","first_seen":"2025-10-22T10:49:34.692441Z","last_seen":"2025-10-22T12:58:32.233585Z","times_seen":3,"resource_available":false,"data":null}},"time_used":2814,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2814,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hasidundianqi.com/utils/video-js.css","fqdn":"hasidundianqi.com","domain":"hasidundianqi.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hasidundianqi.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 12:23:20 GMT","end":"Sat, 29 Nov 2025 12:23:19 GMT"},"fingerprint":{"sha1":"D7:98:B5:08:A9:F6:EA:8E:D6:8D:8B:EC:9C:56:61:FD:82:CF:EE:2A","sha256":"FA:C5:F4:34:30:C8:2B:32:06:51:BB:D2:E6:93:BC:49:1A:CD:5A:F2:43:DB:F5:7E:29:95:3D:1C:A4:E5:B7:82"}}},"request":{"raw":"GET /utils/video-js.css HTTP/1.1\r\nHost: hasidundianqi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 29 Sep 2025 19:01:27 GMT\r\ncontent-encoding: gzip\r\netag: W/\"68dad787-cb63\"\r\nserver: openresty\r\ndate: Fri, 03 Oct 2025 09:23:48 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-length: 12742\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 15177349608158077205\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":52067,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7288)","md5":"44e9d576b868846f76a7fe15713d455e","sha1":"e6deef9c1cbc85dbb1d8c90a3fdcf5be47623955","sha256":"4398326f7e2725e7813cb5d11c650a7890fe1605a9d56bce34d7454eeb79dcb1","sha512":"3d7975a99dffae772d69970cc5fde92b2de81af4400bf4b6b48b7cad179d1b8a0c81ab9779f7722af4a93a18fb06aaae5bf24b6cdff812737550aaf06e26f913","ssdeep":"768:3VGmgN6zb1wizpU0pK0HOM9RkKKhljtGvIW:wmgs9XzpzMEOM9RkKKhljtGvv","tlshash":"88337680b4b9cee4026d8080fec2db21672df459cd89ecac97e3395c9ee924575627cd","first_seen":"2023-10-28T15:33:06Z","last_seen":"2026-03-31T02:56:07.339216Z","times_seen":380,"resource_available":false,"data":null}},"time_used":2163,"timings":{"blocked":1086,"dns":0,"connect":273,"send":0,"wait":496,"receive":22,"ssl":282},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/api/indexlist","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /api/indexlist HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nContent-Type: application/json\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:52 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Authorization, Origin, X-Requested-With, Content-Type, Accept, Sign, Timestamp\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, GET, POST, OPTIONS, PUT, DELETE\r\naccess-control-allow-origin: *, *\r\nx-system-goroutines: 25\r\nx-system-memory-mb: 225\r\nx-system-memory-percent: 67.58\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HOmL5jbDN8aI%2BYDenp3HrOuaE8tzDAZPr3MyHmKOZB18ZJwNPDSHeUUrrJuIXooiY8J3WAMkggYjRTcvFPAU2iamiVI5EXcT8y1jyZY8cQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99286cc0bc73a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11447,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aa1cfd3d9be124243049e9cb0b0e4d1b","sha1":"1aff452772934857676dfa2950e7122e757480e3","sha256":"fc93b6a2272d48635d9ecccc0e93e8c25d634d82a4bae78eecb4055fe447dc12","sha512":"44f6f767646840c4cafff912a4142adf3eb18c6c437b6a0e9fcf1ebb37874e2cecbefba737e563c0359f06b938abde1c20ec571ba5021380d6d43fee88ff5424","ssdeep":"192:BD9/SBVfzB/HurOKsCVtW6sFGLI9Gzf9OU+8s+IzPAWXaK:b6Ll/HurOK9o6soLI9Gzf9OUy9PAWXaK","tlshash":"0d3202a7ab647d786314a3814a573049f0dd316e36eaefd94e28db1240fc7f840b52b6","first_seen":"2025-10-22T10:49:34.69919Z","last_seen":"2025-10-22T10:49:34.69919Z","times_seen":1,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hasidundianqi.com/utils/video.min.js","fqdn":"hasidundianqi.com","domain":"hasidundianqi.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:53.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hasidundianqi.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 12:23:20 GMT","end":"Sat, 29 Nov 2025 12:23:19 GMT"},"fingerprint":{"sha1":"D7:98:B5:08:A9:F6:EA:8E:D6:8D:8B:EC:9C:56:61:FD:82:CF:EE:2A","sha256":"FA:C5:F4:34:30:C8:2B:32:06:51:BB:D2:E6:93:BC:49:1A:CD:5A:F2:43:DB:F5:7E:29:95:3D:1C:A4:E5:B7:82"}}},"request":{"raw":"GET /utils/video.min.js HTTP/1.1\r\nHost: hasidundianqi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Mon, 29 Sep 2025 19:01:27 GMT\r\ncontent-encoding: gzip\r\netag: W/\"68dad787-9aa2f\"\r\nserver: openresty\r\ndate: Fri, 03 Oct 2025 09:23:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-length: 186180\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 15492530142108873779\r\nx-cache-lookup: Cache Hit\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":633391,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65137)","md5":"df43342fd9e73505eff7475192bccff4","sha1":"827727cf88f9dfd127a77733152549d85bc8450f","sha256":"760af543f1c477a5be950ff40af9ea80b3102b375063ddab73dff45ca661119c","sha512":"fbd061490676fd2dac0ef0161e3ff89e0883ae65da7bb055cc78694ad4af8a3ea2bc66952f3b42a2a59edf229ecd1dc3d38d5649c14e30641e8f9b36bafde02a","ssdeep":"6144:z4OeXfu6nzoHcSCNHSqRyYc8MYbONUHVkiH5YeYhoIA7fe9oR3lf7vfNLeGg+eE0:z4/XfumS8K3UHfYeYS51R3Xq","tlshash":"20d45bd4b394613606daa0e7a46e1301723a996d5804c06cf92dfeda2ce4e4db17ffb4","first_seen":"2025-10-03T01:03:10.108202Z","last_seen":"2026-03-31T02:56:07.340205Z","times_seen":141,"resource_available":true,"data":null}},"time_used":515,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":265,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/metrika/advert.gif","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /metrika/advert.gif HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 43\r\nexpires: Wed, 22 Oct 2025 11:48:54 GMT\r\nstrict-transport-security: max-age=31536000\r\ncache-control: max-age=3600\r\nlast-modified: Mon, 20 Oct 2025 14:57:07 GMT\r\ndate: Wed, 22 Oct 2025 10:48:54 GMT\r\nset-cookie: bh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==; Path=/; Domain=.webvisor.org; Expires=Thu, 26 Nov 2026 10:48:54 GMT; SameSite=None; Secure\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\netag: \"68f64dc3-2b\"\r\naccept-ranges: bytes\r\ncontent-type: image/gif\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"df3e567d6f16d040326c7a0ea29a4f41","sha1":"ea7df583983133b62712b5e73bffbcd45cc53736","sha256":"548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87","sha512":"b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041","ssdeep":"","tlshash":"c2900003caa08002c2a2c0300a0a03002f88a2300228030e80bc30acec3a3a22c02000","first_seen":"2023-04-05T03:49:37Z","last_seen":"2026-04-05T13:35:16.498225Z","times_seen":91775,"resource_available":true,"data":null}},"time_used":442,"timings":{"blocked":202,"dns":16,"connect":49,"send":0,"wait":47,"receive":0,"ssl":125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.k99clxltt5.com/zlxx.gif","fqdn":"zbb.bbb.k99clxltt5.com","domain":"k99clxltt5.com","tld":"com"},"ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zbb.bbb.k99clxltt5.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:33:16 GMT","end":"Mon, 12 Jan 2026 11:33:15 GMT"},"fingerprint":{"sha1":"B0:4A:A8:3D:A7:D6:7C:1D:3E:27:19:93:CD:7A:49:33:CC:C1:3C:75","sha256":"20:82:C9:E3:AD:DA:65:4C:02:A1:58:AD:A3:1D:95:3A:99:7B:93:A6:61:52:A0:D7:9D:C3:B9:E0:E6:B7:47:36"}}},"request":{"raw":"GET /zlxx.gif HTTP/1.1\r\nHost: zbb.bbb.k99clxltt5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:56 GMT\r\ncontent-type: image/gif\r\ncontent-length: 19546\r\nlast-modified: Thu, 19 Jun 2025 08:03:21 GMT\r\netag: \"6853c449-4c5a\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19546,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 98 x 98","md5":"35a20db1af2fdaa88a0a58af7e339216","sha1":"cdd309cd3382d7fc82e388e743a0cde222c40439","sha256":"12c5fecf14f1dfefcd2e3da9d6dedbada7c1535d0ede5da0c5acf36a6798242a","sha512":"2a557811c6ab712bcf181ce33f13b9b028f79cab99e6ed2048fb4e6ba093cbaea616af5e64b2cb009e39d85ddf33b2db6f0fae190d4eb28e4578d49551081282","ssdeep":"384:luo73klmK9sUKtkJ5YwToDY0hKxZTJN2pkalce9vMuYbDKJX:B70lN9fKt6L0sZTJ3M+DQX","tlshash":"e392d08c9905d4a0e8e4446cb5482fff395c698f89a1977ab0d7608783b3e5913ad3c7","first_seen":"2025-06-20T01:37:57.002678Z","last_seen":"2025-10-24T12:12:22.234658Z","times_seen":209,"resource_available":false,"data":null}},"time_used":2277,"timings":{"blocked":771,"dns":290,"connect":157,"send":0,"wait":675,"receive":56,"ssl":322},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3t5adr3f.com/?wmen07=mv4m","fqdn":"3t5adr3f.com","domain":"3t5adr3f.com","tld":"com"},"ip":{"addr":"154.207.79.252","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-22T10:48:51.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"3t5adr3f.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 13 Oct 2025 09:51:24 GMT","end":"Sun, 11 Jan 2026 10:49:44 GMT"},"fingerprint":{"sha1":"83:9F:0B:06:F6:2B:D4:62:F3:F0:2C:8A:53:83:4F:32:0F:DE:21:66","sha256":"60:4E:E3:BD:A6:9F:43:DD:B2:B8:E1:DC:09:4F:C2:0A:38:AF:6C:DE:0A:C2:B5:C4:6F:C4:26:78:15:24:15:35"}}},"request":{"raw":"GET /?wmen07=mv4m HTTP/1.1\r\nHost: 3t5adr3f.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 22 Oct 2025 10:48:51 GMT\r\ncontent-type: text/html\r\nlocation: https://www.hmnc9vy.com/?wmen07=mv4m\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ozMkAHXRoYJbUZ5GbLnjKfqolF0sXMknV4fYL%2BnxE74Qyjppik7iq6HxSMmsL71UeiojpyeAWQTDhrvozwHmMVlaABWoGsVgG%2Fo%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nx-content-type-options: nosniff\r\ncf-ray: 99286cb91ecb568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":223,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"3t5adr3f.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.59a63383.com:1443/p2/cb72301a9f443160d8b0a5e5aa1c26aa.webp","fqdn":"i.59a63383.com","domain":"59a63383.com","tld":"com"},"ip":{"addr":"172.247.125.52","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"59a63383.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:48:23 GMT","end":"Sat, 29 Nov 2025 15:48:22 GMT"},"fingerprint":{"sha1":"C9:59:BE:83:EA:13:48:20:AA:08:26:AC:11:AB:14:2A:05:41:26:D3","sha256":"5B:9C:0E:64:63:64:E2:82:C7:BA:2C:E6:74:29:64:CF:31:DE:DA:2A:A9:C6:73:00:23:AE:63:9E:53:16:AC:13"}}},"request":{"raw":"GET /p2/cb72301a9f443160d8b0a5e5aa1c26aa.webp HTTP/1.1\r\nHost: i.59a63383.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 28822\r\nlast-modified: Wed, 13 Aug 2025 12:51:11 GMT\r\netag: \"689c8a3f-7096\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28822,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8df677061a889ad37f08ca16f7023626","sha1":"0722a4dc05176f0cf3a9de2a0f97d1b1e4fb52b6","sha256":"282250a4eee18e4e969e77c72e502d1a68a1079538ffd2eba31c67287de06a9e","sha512":"940a752cf1146cdd89dd4083a3802e3ab91e3fab3a3fd5730605ae377322d99bad41b97a1a21924a5e297c7bf7ff98f02b26ba142981a3a53bf1082f38e740b8","ssdeep":"768:qKi1TCXn5WgzgXsPBsD9U5e8oMbVbyCCT:EInXzgcPX5e8oybS","tlshash":"51d2e122967e51a1ff63a82fc0f08d219e2043792f9c5ec3ebd057150862971ba6f354","first_seen":"2025-10-22T10:49:34.719879Z","last_seen":"2025-10-22T10:49:34.719879Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1041,"timings":{"blocked":361,"dns":0,"connect":0,"send":0,"wait":664,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/2582ae01dc894808edfd26447f66e61b.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/2582ae01dc894808edfd26447f66e61b.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 37788\r\nlast-modified: Fri, 03 Oct 2025 10:49:20 GMT\r\netag: \"68dfaa30-939c\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37788,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"86619194f848c8f0c2e89cf7488c38c4","sha1":"59e0491a6ec7b8f082da846ffbe2f9202f4595e2","sha256":"6bb4ecb3dd995f6a055bbc9fb8056a52e8df2b724fd66ed56eba03714902fb43","sha512":"f549d12b2eb407b89a14f80e2c2414f2ce5262155870b46186bbe556eff8ace266ecaec7eee9ead278aeab8385e84b04cd2c2d4207908c030b6382a730420ab3","ssdeep":"768:9tMZHgrz7MHiB4pL9KvxUfstqOsOHYsCjfPtQ3NF0BgZBvMP4z8GDNFJQU+:IZHcz02wuxsstqOsF1jk0uewz8GDNFSV","tlshash":"b703029e63e87c5819375b73222c2a165f59d0eb821a132bba7c48e69b3fc5c007dc71","first_seen":"2025-10-22T10:49:34.722584Z","last_seen":"2025-10-22T10:49:34.722584Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1169,"timings":{"blocked":327,"dns":0,"connect":0,"send":0,"wait":723,"receive":119,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.quq83bvs.com:1443/pic/20ccb4d3f683fc790c49eb5b0530126f.webp","fqdn":"i.quq83bvs.com","domain":"quq83bvs.com","tld":"com"},"ip":{"addr":"172.247.125.37","port":1443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"quq83bvs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 15:52:00 GMT","end":"Sat, 29 Nov 2025 15:51:59 GMT"},"fingerprint":{"sha1":"79:72:1A:01:E9:1B:6B:5E:49:ED:20:BE:C1:F6:E5:70:C6:54:CD:F5","sha256":"D1:F4:FD:6A:5A:BD:87:DB:52:46:96:B2:6C:E2:BB:4C:1A:72:99:F7:FE:54:17:A8:83:D3:6F:4C:70:70:07:10"}}},"request":{"raw":"GET /pic/20ccb4d3f683fc790c49eb5b0530126f.webp HTTP/1.1\r\nHost: i.quq83bvs.com:1443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:53 GMT\r\ncontent-type: image/webp\r\ncontent-length: 23122\r\nlast-modified: Sun, 17 Aug 2025 13:56:24 GMT\r\netag: \"68a1df88-5a52\"\r\nexpires: Thu, 22 Oct 2026 10:48:53 GMT\r\ncache-control: max-age=31536000\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23122,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 380x235, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a6d194ad9b8efa1d29638bff31cd859","sha1":"aeb59879691a89d260393667bb7f5ac79faefb62","sha256":"a6d3c2ec022475765b441e05c27d3e24546d866a6aa45163277991d7195afcb1","sha512":"ff0dbc49fd15a309a22480c1776f6ddff331c4bb79a21e7dd73c0e72761774cedacea75075bfd2eeeb2eef95fd32a92158a67b9c60e9e64d29de5baa99bba81f","ssdeep":"384:Vd+Xwnezne/sU3p+RPeWgUqCvDRmhoGzn0TnNfK1sUwtk3+cYF/XBVB2i48DMlGp:VQne/smGmWgUqkRYoGwTNfmsUwq3+cAr","tlshash":"eaa2e0d97e1876bd6bc4a3dd345060878c8683185587f3423b622cfe267a995b207ee2","first_seen":"2025-10-22T10:49:34.728107Z","last_seen":"2025-10-22T10:49:34.728107Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1091,"timings":{"blocked":326,"dns":0,"connect":0,"send":0,"wait":723,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.73533chqpw.com/cmzxtbxc.gif","fqdn":"zbb.bbb.73533chqpw.com","domain":"73533chqpw.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zbb.bbb.73533chqpw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 06 Oct 2025 07:23:55 GMT","end":"Sun, 04 Jan 2026 07:23:54 GMT"},"fingerprint":{"sha1":"6F:5D:48:EC:06:9D:B6:F4:CB:B6:74:23:D1:A3:7A:19:A0:47:A2:FE","sha256":"8A:DA:26:03:81:42:95:1D:77:2A:57:E5:4A:AD:83:AE:99:16:31:05:31:85:2A:01:2A:9C:91:6C:CD:B7:4F:9B"}}},"request":{"raw":"GET /cmzxtbxc.gif HTTP/1.1\r\nHost: zbb.bbb.73533chqpw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 11:02:05 GMT\r\ncontent-type: image/gif\r\ncontent-length: 30383\r\nlast-modified: Sat, 26 Jul 2025 07:30:27 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30383,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"7f490a66d7c4dcebed4d247feae441e2","sha1":"5101259d06b07eed013844ad44e11f587b4b054f","sha256":"6a87ae1139c34198d89ef5bf57a40fc1ce7210b8f4bdcb28fd9db90fb1b0752d","sha512":"376b008a57daa515bc7dca8434e9a77cea1d57a8b77da317fc3bfc9a0bec1f7d75b1ce49e3315b38a9130cfb63c0786a6d76ad67b8920de0bc15fede9f7bd0e5","ssdeep":"768:0l8t1y/3ftLcaxx538Jf6zXm6KmjwUsL5Hlu2pbsDvh:e8DUVLcaxHwiTteUsNHlu2+","tlshash":"4bd2f1456f7afc0fe1c48bb180c0dadd90d9d32046c39643b2e6ad0618dd2f6b555ad3","first_seen":"2025-09-23T01:38:41.260215Z","last_seen":"2026-04-04T23:08:42.940523Z","times_seen":229,"resource_available":false,"data":null}},"time_used":1067,"timings":{"blocked":-1,"dns":367,"connect":159,"send":0,"wait":153,"receive":211,"ssl":181},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/api/category","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /api/category HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nContent-Type: application/json\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:52 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, Authorization, Origin, X-Requested-With, Content-Type, Accept, Sign, Timestamp\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, GET, POST, OPTIONS, PUT, DELETE\r\naccess-control-allow-origin: *, *\r\nx-system-goroutines: 25\r\nx-system-memory-mb: 225\r\nx-system-memory-percent: 67.58\r\ncontent-encoding: gzip\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y3YLGr%2FOS0bcAMoQBdvAs5gTQ%2B7mjYVoLGAvrUvQtpDdntj5d5%2FQ2F7Dd7OWiDcLVHRvke9AadFTBBnO4QJa8UK1FiMgo5CvckPG9F0Lrg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99286cbef816a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4802,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c27c4da0957f703e722b71058a6b048f","sha1":"a89ff2dca3d718d3d32ca0b08ccca88e057d4f45","sha256":"00a2f90d980b800d07bb3c0d7b2d2f7715837b103f6620486c0cc4f158201ef8","sha512":"1dc60788db132097a859e7a16082e959dea75358df9d2cd19df2848c45e753e6a08006da50baa7a46324c192e9706a22815b4f5ad1ab16a3445a1b719fdab527","ssdeep":"96:21pu+JS2C8GXgJ6O9MVEsPI8C48XH1lEgbvFnYy7dvj+v/svXf0YNUB/ObT79/Ir:zs95caeZv","tlshash":"c1a16111523eac7a4a887895e4e3209af1cc374481dc5c85c6e0ff78f45ebc69b3822b","first_seen":"2025-10-18T02:13:59.997602Z","last_seen":"2025-12-21T11:32:09.926779Z","times_seen":157,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mc.webvisor.org/watch/94492470/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A128343677600%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A868269780%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1761130134%3At%3A33B%20-%20%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E8%A7%86%E9%A2%91\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29\u0026redirnss=1","fqdn":"mc.webvisor.org","domain":"webvisor.org","tld":"org"},"ip":{"addr":"87.250.251.119","port":443,"asn":13238,"as":"YANDEX LLC","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:54.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mc.webvisor.com","organization":"YANDEX LLC"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 18 Aug 2025 21:05:34 GMT","end":"Mon, 09 Feb 2026 20:59:59 GMT"},"fingerprint":{"sha1":"52:51:83:17:11:3C:6A:D0:47:28:FB:42:75:CF:6A:DA:48:B5:5A:C8","sha256":"69:B8:8D:9D:77:CB:F9:C7:48:04:E2:8C:99:28:7C:EF:5E:C7:2B:43:D6:52:7B:21:D2:99:F6:86:18:A6:0F:80"}}},"request":{"raw":"GET /watch/94492470/1?wmode=7\u0026page-url=https%3A%2F%2Fwww.hmnc9vy.com%2F%3Fwmen07%3Dmv4m\u0026charset=utf-8\u0026browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c82uo0s8%3Afp%3A1000%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A860%3Acn%3A1%3Adp%3A0%3Als%3A128343677600%3Ahid%3A845249475%3Az%3A0%3Ai%3A20251022104854%3Aet%3A1761130134%3Ac%3A1%3Arn%3A868269780%3Arqn%3A1%3Au%3A1761130134547722796%3Aw%3A1280x1024%3As%3A1280x1024x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1761130131333%3Ads%3A8%2C18%2C223%2C1%2C274%2C0%2C%2C419%2C5%2C%2C%2C%2C1016%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1761130134%3At%3A33B%20-%20%E8%A7%82%E7%9C%8B%E6%9C%80%E6%96%B0%E8%A7%86%E9%A2%91\u0026t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29\u0026redirnss=1 HTTP/1.1\r\nHost: mc.webvisor.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.hmnc9vy.com\r\nReferer: https://www.hmnc9vy.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: yabs-sid=1695190701761130134; i=wGOpA/XmelmQUxiQtM9wJK+ktAcUzi6uoy9k4eiBiTy9WdnWt2SSkC50O3iW3nL4k6zbAHxWm57gFvFa5tbyddbaYZc=; yandexuid=1732990711761130134; yuidss=1732990711761130134; ymex=1792666134.yrts.1761130134#1792666134.yrtsi.1761130134; bh=YJbt4scGahfcyuH/CJLYobEDn8/14QzlyPCOA5S2Ag==\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 672\r\nlast-modified: Wed, 22-Oct-2025 10:48:54 GMT\r\npragma: no-cache\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\naccess-control-allow-credentials: true\r\nx-xss-protection: 1; mode=block\r\ncontent-type: application/json; charset=utf-8\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: https://www.hmnc9vy.com\r\nexpires: Wed, 22-Oct-2025 10:48:54 GMT\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":672,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d8045ccaa06d6414565bfd1c4798e3d1","sha1":"7487252419b551d0ee3183e2952b4dab85ea8434","sha256":"e2fae04231eafcc9d132ad994ef2bdb1b2d6e2e77688d5987d61917c9051323f","sha512":"292ef432f58e5954ae65a21357f789b18998167217b04aebcf6a498735a7c7e550966f510a1f492b5e036b3623e008766e1a5b9fcd958429508c1409c2ee76c9","ssdeep":"","tlshash":"f901d3135f0ccd698dc74dd58c6b255315ee71455cda77502991d3c00c8feba75061d6","first_seen":"2025-10-22T10:49:34.755122Z","last_seen":"2025-10-22T10:49:34.755122Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.k99clxltt5.com/96x96-ZFB.gif","fqdn":"zbb.bbb.k99clxltt5.com","domain":"k99clxltt5.com","tld":"com"},"ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zbb.bbb.k99clxltt5.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:33:16 GMT","end":"Mon, 12 Jan 2026 11:33:15 GMT"},"fingerprint":{"sha1":"B0:4A:A8:3D:A7:D6:7C:1D:3E:27:19:93:CD:7A:49:33:CC:C1:3C:75","sha256":"20:82:C9:E3:AD:DA:65:4C:02:A1:58:AD:A3:1D:95:3A:99:7B:93:A6:61:52:A0:D7:9D:C3:B9:E0:E6:B7:47:36"}}},"request":{"raw":"GET /96x96-ZFB.gif HTTP/1.1\r\nHost: zbb.bbb.k99clxltt5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:56 GMT\r\ncontent-type: image/gif\r\ncontent-length: 14022\r\nlast-modified: Thu, 09 Oct 2025 16:31:00 GMT\r\netag: \"68e7e344-36c6\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14022,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 96 x 96","md5":"6f2fc912a560175f43cff2c96948854f","sha1":"14c271f499068b3a5a6fa02cdf5d8640fefecfb1","sha256":"f6b2ecb978740b588c7771c6a4549abdf6f93e1f1e8db3c2689284b0275c7b81","sha512":"fc047e1071e4cfd5d23dfe4f2676fa29544ac9b1b0e1b3328685da18ffb613df6d1df780860db918198eaa152edf67ae9574be5ce927d7f70f06607846c378f1","ssdeep":"192:cLQl1fVjvSoyqTC932er5Xz76BLNdV20807enYutnv2d/dmxWmafw3rl5fwl:T7Hyz2CARdV2ieFWmkmafwp5fwl","tlshash":"1252d013dc286898210ffcb7bbefaaf3636244406410d1529562ff59992426ce749f87","first_seen":"2025-10-10T01:48:14.015647Z","last_seen":"2025-10-30T04:32:19.066795Z","times_seen":129,"resource_available":false,"data":null}},"time_used":1685,"timings":{"blocked":744,"dns":283,"connect":152,"send":0,"wait":167,"receive":23,"ssl":313},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.3jh54h9vfc.com/cmhf-480x100.gif","fqdn":"zbb.bbb.3jh54h9vfc.com","domain":"3jh54h9vfc.com","tld":"com"},"ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zbb.bbb.3jh54h9vfc.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:34:37 GMT","end":"Mon, 12 Jan 2026 11:34:36 GMT"},"fingerprint":{"sha1":"1F:3E:EA:4B:3F:2E:DA:0F:F9:9B:B8:FC:14:27:E1:FF:B5:A3:4D:D6","sha256":"E0:70:68:1E:F9:C9:08:05:1C:B7:94:88:E3:59:71:F6:BB:F4:8E:B8:1B:AC:D3:16:32:D9:5E:01:CA:A9:80:D5"}}},"request":{"raw":"GET /cmhf-480x100.gif HTTP/1.1\r\nHost: zbb.bbb.3jh54h9vfc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:56 GMT\r\ncontent-type: image/gif\r\ncontent-length: 119046\r\nlast-modified: Sat, 18 Oct 2025 11:26:13 GMT\r\netag: \"68f37955-1d106\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119046,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 100","md5":"21cb6cb88e17ddbf6b76efb7eb37fe77","sha1":"190dee3426316c3dcf7955e4a0ce9bbf5edaf52a","sha256":"4cb5c8477f9c18769dec30f064e8ded5df0a20c290c5e778735c74aab9e995d9","sha512":"3358b36dac349cd02ddb2aabc5c6adba91206ed61457512816bf9600cd19ecaf6ebf000256c2cf7889a5c9fadb06a465b84f1bf8c156d9c6fe396b57e3bc4409","ssdeep":"3072:VBLM9OeJHgOTatSSDDHqmntVH1HuL65g4HUhDKws2sTL5BXQPzxuAQ:VBM9pBdTawSDDHqmnX16X4HUhDv65NQq","tlshash":"81c3122aed1b403ab52c0a3123b37772171dc121ace8505bd5a85dbaf680c5d5ef72a7","first_seen":"2025-10-19T01:48:05.432193Z","last_seen":"2025-10-26T16:56:28.639592Z","times_seen":45,"resource_available":false,"data":null}},"time_used":1474,"timings":{"blocked":-1,"dns":256,"connect":157,"send":0,"wait":594,"receive":141,"ssl":326},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbb.bbb.k99clxltt5.com/480x100-ZFB.gif","fqdn":"zbb.bbb.k99clxltt5.com","domain":"k99clxltt5.com","tld":"com"},"ip":{"addr":"23.225.232.114","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zbb.bbb.k99clxltt5.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Oct 2025 11:33:16 GMT","end":"Mon, 12 Jan 2026 11:33:15 GMT"},"fingerprint":{"sha1":"B0:4A:A8:3D:A7:D6:7C:1D:3E:27:19:93:CD:7A:49:33:CC:C1:3C:75","sha256":"20:82:C9:E3:AD:DA:65:4C:02:A1:58:AD:A3:1D:95:3A:99:7B:93:A6:61:52:A0:D7:9D:C3:B9:E0:E6:B7:47:36"}}},"request":{"raw":"GET /480x100-ZFB.gif HTTP/1.1\r\nHost: zbb.bbb.k99clxltt5.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Wed, 22 Oct 2025 10:48:56 GMT\r\ncontent-type: image/gif\r\ncontent-length: 58733\r\nlast-modified: Thu, 09 Oct 2025 16:32:22 GMT\r\netag: \"68e7e396-e56d\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58733,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 100","md5":"8642410f3bfd18a5d5b5e9f4258a375e","sha1":"2ff1046e4371d168cc11e0f8ea61b7ac7d5a6edc","sha256":"7143d7a74126200548ef1a771ac189bbdb7578ccb73aba25063dd825489ae084","sha512":"8628e59f21286279443fa28626caef59b270ecf208e2993149f43305453b80d88d37636d30d998703e961c8590f0aef3ba55a6cc51f1a011330a6df7304769ed","ssdeep":"768:GyVIxfkoD1jCXdrlTEYJMS/P/93bqmSpN2bsBElmIw9uT1oqXu9k7oO707xrSdhs:qkqpWrBqI93aesWYIEuT1oq+9k7oey2s","tlshash":"dc43f2dbc408bd2a071967e6cf989ffa12358d6e9cf7818e864c4e0f92612ed56834d1","first_seen":"2025-10-10T01:48:14.002706Z","last_seen":"2025-10-23T02:18:23.841883Z","times_seen":97,"resource_available":false,"data":null}},"time_used":1198,"timings":{"blocked":-1,"dns":230,"connect":154,"send":0,"wait":350,"receive":144,"ssl":319},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/?wmen07=mv4m","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-22T10:48:51.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /?wmen07=mv4m HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:51 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Fri, 17 Oct 2025 10:31:42 GMT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eJ7R1sOuxLibCUw2T%2FyrGF4USrhkF%2B5BfZMPjCZzt6gS1hbXyHaOgxUxtzjKgyXonX6NOo3djiGgXNkrtouM%2Bo8ezaVyB1odhxlLnOg%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 99286cbab9250b65-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1035,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"c0e4675c5aeb0f5d270e3a0cfe08b7db","sha1":"119dc159023e3616e70d2c721f505946be521bb7","sha256":"9434101cdaed5f6b40b5028c9cb0ab20812a230d15f14c8b6417068938ced05a","sha512":"4b8d895e69231817586b9c536a81b9e65fdad0986228828e517c7c75a30192146bd35bd1b2f4a79b6e17182d73642c7dd6f9c8a0312b5f4289b817b194ca801b","ssdeep":"","tlshash":"35113e846ce0c804833102652ff3e10c36a6e71b564ecc48b1ee50761f80fd2889f86c","first_seen":"2025-10-18T02:13:59.986619Z","last_seen":"2025-11-09T03:01:34.966562Z","times_seen":153,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":28,"dns":10,"connect":1,"send":0,"wait":224,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tpym9.jcte19.com/g57if.gif","fqdn":"tpym9.jcte19.com","domain":"jcte19.com","tld":"com"},"ip":{"addr":"90.84.160.22","port":443,"asn":2285,"as":"Orange","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:55.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jcte19.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Oct 2025 00:25:36 GMT","end":"Fri, 09 Jan 2026 00:25:35 GMT"},"fingerprint":{"sha1":"8B:D9:21:45:39:37:A3:87:DA:77:C1:69:21:18:B7:A0:2D:A2:83:4A","sha256":"DC:4B:DA:25:57:15:A8:55:EC:47:58:C6:60:B7:21:A7:38:D0:3C:4F:56:CB:7F:5A:E9:C1:E2:C1:63:3F:20:84"}}},"request":{"raw":"GET /g57if.gif HTTP/1.1\r\nHost: tpym9.jcte19.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 22 Oct 2025 10:48:56 GMT\r\nContent-Type: image/gif\r\nContent-Length: 22232\r\nConnection: keep-alive\r\nServer: openresty\r\nLast-Modified: Thu, 08 May 2025 11:21:35 GMT\r\nETag: \"681c93bf-56d8\"\r\nvia: EU-FRA-marseille-EDGE1-CACHE1[5],EU-FRA-marseille-EDGE1-CACHE3[0,TCP_HIT,4],EU-GBR-london-GLOBAL1-CACHE3[20],EU-GBR-london-GLOBAL1-CACHE19[0,TCP_HIT,2],EU-FRA-paris-GLOBAL1-CACHE21[742],EU-FRA-paris-GLOBAL1-CACHE19[713,TCP_MISS,725]\r\nx-hcs-proxy-type: 1\r\nX-CCDN-CacheTTL: 2592000\r\nX-CCDN-REQ-ID-46B1: 7adbdbd51522a863635e7e7c20752734\r\nX-CCDN-Expires: 2172891\r\nnginx-hit: 1\r\nAge: 419109\r\nAccept-Ranges: bytes\r\nStrict-Transport-Security: max-age=5184000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":22232,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 100 x 100","md5":"6abf162630e671a18432e436b71e4ed1","sha1":"284c2a5982dd02a07a7e51744d4c5f3220787034","sha256":"741ccb5430c8f664b1e3e3277a6eebcdf0e04d6a1e8c6fd1812073bcfbd1e8f3","sha512":"262e4b76e98bc9dc0f75a919ae5b483f5180cc25072b4f97753c52e98932f96b60bfd2d67f4d9513bd324cec21d97d2479ccb88aacae4c0ae305ef642a759f12","ssdeep":"384:zEvxT6nM3MLo6NXFUvMjMs8k0qGNDwjLaeP7CksWVOyeyJ6W5ZkVreNYKL:gvrMrLdjMjxwfaeW2gy/J62Zka","tlshash":"3ea2e04490a37da069ee1dbcc7e3f5df08a62d048976a0a14bdce9df79825f7c06704a","first_seen":"2025-05-22T20:27:36.464468Z","last_seen":"2025-11-12T04:40:58.299291Z","times_seen":240,"resource_available":false,"data":null}},"time_used":1523,"timings":{"blocked":-1,"dns":1324,"connect":41,"send":0,"wait":82,"receive":8,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hmnc9vy.com/assets/index-CmRTRgJv.js","fqdn":"www.hmnc9vy.com","domain":"hmnc9vy.com","tld":"com"},"ip":{"addr":"154.207.79.56","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.hmnc9vy.com/?wmen07=mv4m","date":"2025-10-22T10:48:52.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hmnc9vy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 18 Oct 2025 04:29:32 GMT","end":"Fri, 16 Jan 2026 05:28:03 GMT"},"fingerprint":{"sha1":"9F:64:60:70:0E:3E:DD:26:D0:B7:C0:F2:F7:EE:3B:EB:CC:8C:01:A9","sha256":"68:ED:E8:23:5B:50:58:BA:92:C6:F5:27:DE:EB:8A:D1:06:B6:59:73:8B:D9:19:BA:B5:8D:67:90:A3:D6:0D:91"}}},"request":{"raw":"GET /assets/index-CmRTRgJv.js HTTP/1.1\r\nHost: www.hmnc9vy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.hmnc9vy.com/?wmen07=mv4m\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 22 Oct 2025 10:48:52 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Fri, 17 Oct 2025 10:31:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f21b0e-14f5e\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbb0VLzpM%2FYHAQbScJHmsQltAMAH88zYasKtZYK9H%2B9gGSlQADcrWNlv6GtpT1fNPDLFiUCBRGaZrs9HCLUuja%2BTAR3irGURE3sRBcXH8Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 99286cbd4bdfa0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":85854,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64698)","md5":"202eeba3052b073127b6100c58e72d44","sha1":"999f0020d681e057b055d65fa47f10d51506bcbb","sha256":"b3efa5bca6854f6ed741b833a7c057ccdc40ff2cd704161a113f151010547173","sha512":"b9917772397f745efe2fa051927aa184569ce24396688b487284abedddf6ea0cb88d9728c98be5cf31b5d97019e83fe15d9bdd15d6a9792136c9e6ce22485a62","ssdeep":"1536:UH8dXMJEaWHa43rEHSXYcy0l+ximnK2AHx2nKCs78tGiO2cUz/Px:HdcJXWLbRXYcye+V9nKCs78ciO8Z","tlshash":"178319d93285747a62bb04ee105f0101e3746a49bc4fc450e6bcec9a3959dba52eaf3c","first_seen":"2025-10-18T02:14:00.015718Z","last_seen":"2025-11-09T03:01:34.99907Z","times_seen":145,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-22","alert":"Sinkholed","trigger":"www.hmnc9vy.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}