{"report_id":"b435182c-8f69-4b68-a604-6e0cf3fd1a9e","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-04-25T03:06:04Z","url":{"schema":"http","addr":"bless.zanggu.net","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":0,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"final":{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"title":"Bless Token — Ecosystem Allocation","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"bless.zanggu.net","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":0,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-30T03:06:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T03:05:42Z","timestamp":1777086342,"ip_dst":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"Client IP","port":42976,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)","source":"{\"timestamp\":\"2026-04-25T03:05:42.046338+0000\",\"flow_id\":426418035363022,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":42976,\"dest_ip\":\"149.154.166.110\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033967,\"rev\":1,\"signature\":\"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_09_16\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_09_16\"]}},\"tls\":{\"sni\":\"api.telegram.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":789,\"bytes_toclient\":4500,\"start\":\"2026-04-25T03:05:42.003278+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-25T03:05:42Z","timestamp":1777086342,"ip_dst":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"Client IP","port":42970,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)","source":"{\"timestamp\":\"2026-04-25T03:05:42.052083+0000\",\"flow_id\":96805065198585,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":42970,\"dest_ip\":\"149.154.166.110\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033967,\"rev\":1,\"signature\":\"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_09_16\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_09_16\"]}},\"tls\":{\"sni\":\"api.telegram.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":918,\"bytes_toclient\":4500,\"start\":\"2026-04-25T03:05:42.003065+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"bless.zanggu.net/visitors.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"ipapi.co","ip":{"addr":"104.26.9.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-04-22T16:23:58.927309Z","alert_count":0,"request_count":1,"received_data":2497,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-19T22:20:23.925162Z","alert_count":0,"request_count":1,"received_data":13321,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.telegram.org","ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"domain_registered":"2003-12-15","domain_rank":206724,"first_seen":"2015-06-25T10:09:00Z","last_seen":"2026-04-18T12:36:39.613476Z","alert_count":0,"request_count":2,"received_data":1272,"sent_data":1135,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pulse.walletconnect.org","ip":{"addr":"172.66.157.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-03-26","domain_rank":247907,"first_seen":"2023-10-09T08:23:11Z","last_seen":"2026-04-19T18:48:18.770197Z","alert_count":0,"request_count":1,"received_data":251,"sent_data":579,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cca-lite.coinbase.com","ip":{"addr":"104.18.35.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-07-02","domain_rank":2742073,"first_seen":"2023-08-12T20:47:03Z","last_seen":"2026-04-19T17:22:04.115937Z","alert_count":0,"request_count":2,"received_data":2261,"sent_data":1005,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"bless.zanggu.net","ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":9,"received_data":8590921,"sent_data":3852,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-19T22:16:46.237507Z","alert_count":0,"request_count":4,"received_data":197468,"sent_data":2224,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"bless.zanggu.net/visitors.js","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"md5":"b52df120dd3efa3c72a24e6b6f36b015","sha1":"b1d5c8cf7bc6cf17210b3472b54709b43f9630c9","sha256":"502be4d6fd23024de737faa09e0dc0d80e5bb43e152ad03aeeb61a31f6564e4d","sha512":"7dbda1f2dce3c524017b9fcbc3ab600abe0e0422f2d08c19654636ed75459ff6985345fa9fb48728a8a1a3d4845a465d94b1796d1ca2f5f1ca698a422be02b84","size":2274,"token":"8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E","is_revoked":false,"bot":{"token":"8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E","user_id":"8720547580","username":"Visitdhehjebot","first_name":"Visit","last_name":"","chat":{"chat_id":"-1002631734661","title":"Work","type":"supergroup","bot_is":"member","total_users":15,"active_members":null,"admins":[{"user_id":7943997111,"username":"John777John","first_name":"John","last_name":"","is_bot":false},{"user_id":6424847572,"username":"jsy_pkmn","first_name":"Клим","last_name":"","is_bot":false},{"user_id":8279387209,"username":"heybroheybro","first_name":"empty","last_name":"","is_bot":false}]},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe939cf3f0791aa4393c2e098237378a","sha1":"45a838d73a4c606d484413fc4cd18f297f525b78","sha256":"373bcdaea9398c1f586404f0a39045e09a11949d361ec9c58a46ca5e010f75a4","sha512":"b37d1247e638dc4a9390521e286cb785b14762697361c79d70d05afad9cf8b920e149817aa036b409f55b7ab888684589b5fb98bab250946a3e15d01ee8e9a74","ssdeep":"1536:vKoxoAlcC30xcdayrkrWkhAW87hPsrRET6kjOWDWX:y94c80adayQrW9mdX","tlshash":"d883289cf385b23543f75075e52f2602773b1e09e849c4a4e166eac52cb94ce6223b7e","size":83300,"data":"","first_seen":"2025-07-30T09:26:14.123327Z","last_seen":"2026-05-01T13:52:25.363375Z","times_seen":1599,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":true,"md5":"6d8878ecf1a696dd76349f4cd415a5f7","sha1":"bcf6b4ba81e05238ee28588d75d30a3d6b5d5fe6","sha256":"17fe30c9f104930b504cf75d5cce0c0a5e6ed25f2d9cb25d74118e0d7f4536d8","sha512":"701588cdd3f8306b9991acde1797f8e3d592e0a2151f5000eca45d1926b2c92aa9262b5126857309275ea70269c612af81b1e2123cc610a7f71fbb70617e8818","ssdeep":"96:em4dMrSMCYB96r/uK8yGdshLgg/3dehoFo:eTHS96/upgPdehoFo","tlshash":"b6b1a64631b328340057e2f78fd756482620202b7a89cda87d5d97256fc3b25d9f3aed","size":5397,"data":"","first_seen":"2026-04-25T03:06:09.82282Z","last_seen":"2026-04-25T03:06:09.82282Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-01T17:34:10.29075Z","times_seen":215234,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/visitors.js","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b52df120dd3efa3c72a24e6b6f36b015","sha1":"b1d5c8cf7bc6cf17210b3472b54709b43f9630c9","sha256":"502be4d6fd23024de737faa09e0dc0d80e5bb43e152ad03aeeb61a31f6564e4d","sha512":"7dbda1f2dce3c524017b9fcbc3ab600abe0e0422f2d08c19654636ed75459ff6985345fa9fb48728a8a1a3d4845a465d94b1796d1ca2f5f1ca698a422be02b84","ssdeep":"","tlshash":"f041636d08b6092c1a16702bee0fa5083543e13f398bda6475ec4b455fd206ec5757d8","size":2274,"data":"","first_seen":"2026-04-25T03:06:09.814197Z","last_seen":"2026-04-25T03:06:54.970451Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"bless.zanggu.net/visitors.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-01T17:37:20.978175Z","times_seen":636747,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-25T03:05:40.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:41 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sun, 19 Apr 2026 13:57:11 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69e4df37-6ba2\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":27554,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (939)","md5":"74f19861469a9359394dcaeb53d7f416","sha1":"a8c22010382be611456b82f02d2bb6e9ebc2ea50","sha256":"6453381b26c8a27851c25e6c440d393d6e546fd7cc63b1029862bff40e4c6b8c","sha512":"3a43cbd1891faee7d979629c590d65b41ce1140b780186cfbf7b5cb03bfde42aca02fbe8dc41233cdfe36b603623bd4c1c96d12b17a1dd0d8d2f2a431b13c9d7","ssdeep":"384:dAxIGU/hVXw+khdNvi/m0J6/guiou96/nPdPh:aGGU/hVXw+kv/gu7fh","tlshash":"47c2d91662a52429a50392f67f9b971e2329e053e20ac57c3edc0254cf8fb94c9b37dc","first_seen":"2026-04-25T03:06:09.812779Z","last_seen":"2026-04-25T03:06:09.812779Z","times_seen":1,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":99,"dns":26,"connect":30,"send":0,"wait":31,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/visitors.js","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /visitors.js HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bless.zanggu.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2274\r\nLast-Modified: Sun, 12 Apr 2026 19:19:14 GMT\r\nConnection: keep-alive\r\nETag: \"69dbf032-8e2\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":2274,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b52df120dd3efa3c72a24e6b6f36b015","sha1":"b1d5c8cf7bc6cf17210b3472b54709b43f9630c9","sha256":"502be4d6fd23024de737faa09e0dc0d80e5bb43e152ad03aeeb61a31f6564e4d","sha512":"7dbda1f2dce3c524017b9fcbc3ab600abe0e0422f2d08c19654636ed75459ff6985345fa9fb48728a8a1a3d4845a465d94b1796d1ca2f5f1ca698a422be02b84","ssdeep":"","tlshash":"f041636d08b6092c1a16702bee0fa5083543e13f398bda6475ec4b455fd206ec5757d8","first_seen":"2026-04-25T03:06:09.814197Z","last_seen":"2026-04-25T03:06:54.970451Z","times_seen":2,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":70,"dns":1,"connect":30,"send":0,"wait":30,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-25","alert":"Detects file containing Telegram Bot API","trigger":"bless.zanggu.net/visitors.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189119\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T17:38:35.650867Z","times_seen":162101,"resource_available":false,"data":null}},"time_used":861,"timings":{"blocked":421,"dns":12,"connect":7,"send":0,"wait":11,"receive":2,"ssl":405},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:43.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"HEAD / HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:43 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sun, 19 Apr 2026 13:57:11 GMT\r\nConnection: keep-alive\r\nETag: W/\"69e4df37-6ba2\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T17:39:27.62522Z","times_seen":14482959,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/after.js","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /after.js HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bless.zanggu.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 8543862\r\nLast-Modified: Sun, 19 Apr 2026 06:00:59 GMT\r\nConnection: keep-alive\r\nETag: \"69e46f9b-825e76\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8543862,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65532), with no line terminators","md5":"e7c15b4d334c67c82cd70f8a328c39f0","sha1":"634c69b923d8be872f45ed76e8a85352a4467aa4","sha256":"04b3ff90044b9c6874f4a012c37a575c1088be1bcd3708991ea5cdeff90bdec6","sha512":"6caa161b72ab0905989acd35fcb8f5e218a8b7aacb1f783d314512d99e68304ddc4a25d974bdb3bc648e581b4722fd58e7ad126ea705ffac898fa9c32e1abd2b","ssdeep":"24576:WCCMEDSwSqlKXhy32NmPua2Wb9FsMAkBvbmRm+39CLksEvp4I7MkcIZnLyvsDFF3:WCC3/vWnQEWdwrYefx1lC8B+ATSQQk2O","tlshash":"e9251ad1a36021f8034b1af7b62769c9d01f3d6ef4c86cfad094bd356aa6318c5d5a38","first_seen":"2026-04-21T08:45:58.898145Z","last_seen":"2026-04-28T19:18:38.152763Z","times_seen":8,"resource_available":false,"data":null}},"time_used":636,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":605,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"104.26.9.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Apr 2026 20:25:59 GMT","end":"Wed, 15 Jul 2026 21:25:52 GMT"},"fingerprint":{"sha1":"76:B2:7F:DD:D1:3A:92:49:08:6F:F6:9D:93:7F:FA:A4:E7:AF:1E:04","sha256":"D3:90:F8:60:D1:C0:1C:19:C5:12:68:B2:54:72:DC:42:A3:9F:4C:D8:10:D6:0D:5B:71:0C:1C:EB:AF:AA:AF:F1"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 03:05:41 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: OPTIONS, POST, HEAD, OPTIONS, GET\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://bless.zanggu.net\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6IpAg5nx0bVbXZecO5zwswZuczUFdZ8vjw6CTs5QXERmvUUo%2FULxhuVZbk8CAb6dW4E4AwKL%2FTFrp8bHm541bMMBS6y83gVw04xiwcBbOvSe4WsiW24HX0ZO\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9f1a20a33a5bb4fd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":744,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"080170d2d7d392e63d1dbda285dc26e0","sha1":"1c901cc38d4bf0751031b28e015eceaf0b38de69","sha256":"5c18306f43331d1e2232bf78aec93a9068ca8dc2ed461b6a7aabaef9faf7e0d7","sha512":"084f7164a35f570999efcdd15d3c3b1a7986d7b28f16c28a5792570ac62750284765d4ee6c437d73b2e43c6af2e171835ff423a1f6424d6db3d151c064ce75f4","ssdeep":"","tlshash":"c301df68e4690ebb9cb9136cb4686907127422075e56398e7fd09b4d0f8e9bf30b534e","first_seen":"2026-04-22T09:52:17.391649Z","last_seen":"2026-05-01T17:38:17.610694Z","times_seen":635,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":99,"dns":57,"connect":3,"send":0,"wait":255,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189118\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T17:38:35.650867Z","times_seen":162101,"resource_available":false,"data":null}},"time_used":851,"timings":{"blocked":405,"dns":13,"connect":11,"send":0,"wait":8,"receive":10,"ssl":381},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/settings.json","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:42.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /settings.json HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:42 GMT\r\nContent-Type: application/json\r\nContent-Length: 647\r\nLast-Modified: Sun, 19 Apr 2026 06:00:59 GMT\r\nConnection: keep-alive\r\nETag: \"69e46f9b-287\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":647,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e42b1212df5409f426b072c81f65cc53","sha1":"5bbd089d435f6fc5cad9606665e90e5db462ea68","sha256":"0460838548f21490567e13d5a3a8e5c9ec09d1284abfd6d1c4a454caf0ff4fbe","sha512":"4aa9ca058e48ebd172fe11deab23d16dc202e12e8661034d2b5622acf2a12850fd984713100394e1a1b2241c71eebf7e1c8040b1e9433469d95216d565cb0d3d","ssdeep":"","tlshash":"acf09e8ccdbc1b166fc4125d707c799a58220e3b4a107d15a2c27d5c9b0d657537078b","first_seen":"2026-04-25T03:06:09.817312Z","last_seen":"2026-04-25T03:06:09.817312Z","times_seen":1,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bless.zanggu.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 25 Apr 2026 03:05:41 GMT\r\ndate: Sat, 25 Apr 2026 03:05:41 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12635,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f04de8ad1ef740d940ec0f534a8f6474","sha1":"3b31756e84c8887867417c7d6cc64501c9d9193c","sha256":"2f1ac0c31bc3ede8317cf72e9d28051ec727c9a0014aa69cff495abd6256bb4e","sha512":"69afede137c125294044274e463f30c02594f379ec879285e0b3ee41097f503dfb8272487759870f547e4dc4cf8828a2c1efaa806deb2f3124b7f6d67c638783","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:8KYXuM0p2+4","tlshash":"28427892002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:44:19.218006Z","last_seen":"2026-05-01T17:37:08.769315Z","times_seen":18737,"resource_available":false,"data":null}},"time_used":287,"timings":{"blocked":131,"dns":1,"connect":7,"send":0,"wait":22,"receive":0,"ssl":123},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/logo.png","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bless.zanggu.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:41 GMT\r\nContent-Type: image/png\r\nContent-Length: 14117\r\nLast-Modified: Sun, 12 Apr 2026 19:19:14 GMT\r\nConnection: keep-alive\r\nETag: \"69dbf032-3725\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14117,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, baseline, precision 8, 400x400, components 3","md5":"6f4a0de7440543a9b3e4efded0b70a37","sha1":"ce85c70b9e13820da97a4af69ba4d61158b17da4","sha256":"8daa543af2ee9dacf94d2cfcde07d7ac488b10890b48f1a1c341e2262d6be74c","sha512":"e577fc0e72483650e782f9a053112158f7286d0538f9bbd3ee16b7e19463c16a1e2d5eeb31bc6863b57389fe5b8680dd9f88a26897bb1f684f29ba014b1617c3","ssdeep":"384:0irKMlvMlVjZYoNznX13B5UC3JyKvnCy8:0irRMlFZYoNzXFB5UC51C5","tlshash":"a452bfe4b416ca42cf17c2b652dfa01a9a77e752b0868c1d4b6dca38ef02ae05775098","first_seen":"2026-04-15T10:50:36.681363Z","last_seen":"2026-04-25T03:06:09.818771Z","times_seen":2,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":35,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:42.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"OPTIONS /bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://bless.zanggu.net/\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.18.0\r\ndate: Sat, 25 Apr 2026 03:05:42 GMT\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: content-type\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T17:39:27.62522Z","times_seen":14482959,"resource_available":true,"data":null}},"time_used":403,"timings":{"blocked":189,"dns":1,"connect":20,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:42.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"POST /bot8720547580:AAHsdBAD9gkV5I--cIcqa8O3GqFS-WEk23E/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nContent-Type: application/json\r\nContent-Length: 250\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0\r\ndate: Sat, 25 Apr 2026 03:05:42 GMT\r\ncontent-type: application/json\r\ncontent-length: 541\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":541,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e41bc614e16eb94963dd4d088ccf00db","sha1":"95dc31853ca812c86c466b3980ece25d67e9f94f","sha256":"083a3319433cc9349b15f5c588328a2e20e48fc6c51d52ddf998d1760991e14d","sha512":"e02134e91e381ad833cbae0d5265a5551d68ea1a549d0387292ee995480549b32b2c47e82cb0361f02ba2e60477e4b912bba2e944638e87a33176343c9942ce9","ssdeep":"","tlshash":"d7f0c02300140d6b118eabc6c4c37f4ac6b93073c18ee420c4ddeb508385bd8e11a5ab","first_seen":"2026-04-25T03:06:09.819665Z","last_seen":"2026-04-25T03:06:09.819665Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/favicon.ico","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:43.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bless.zanggu.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-05-01T16:47:00.106143Z","times_seen":21691,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pulse.walletconnect.org/e?projectId=d284513936c9f1778e474422f04c9753\u0026st=appkit\u0026sv=html-wagmi-1.7.8","fqdn":"pulse.walletconnect.org","domain":"walletconnect.org","tld":"org"},"ip":{"addr":"172.66.157.155","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:43.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"walletconnect.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Apr 2026 21:24:31 GMT","end":"Thu, 09 Jul 2026 22:24:14 GMT"},"fingerprint":{"sha1":"14:D5:ED:85:23:60:DF:07:0F:87:F6:27:31:48:57:E7:3D:EC:B3:51","sha256":"98:75:A7:34:74:35:55:95:78:E2:84:28:02:E1:7F:C5:BF:C2:D6:6B:1B:9E:63:9E:E8:16:BE:13:A2:E4:17:22"}}},"request":{"raw":"POST /e?projectId=d284513936c9f1778e474422f04c9753\u0026st=appkit\u0026sv=html-wagmi-1.7.8 HTTP/1.1\r\nHost: pulse.walletconnect.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 225\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":225,"data":"{\"eventId\":\"a8f4ea92-b5ab-4f13-a7cc-165476899a15\",\"url\":\"https://bless.zanggu.net/\",\"domain\":\"bless.zanggu.net\",\"timestamp\":1777086343460,\"props\":{\"type\":\"track\",\"event\":\"DISCONNECT_SUCCESS\",\"properties\":{\"namespace\":\"all\"}}}"}},"response":{"raw":"HTTP/2 202 Accepted\r\ndate: Sat, 25 Apr 2026 03:05:43 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9f1a20aefc2a49c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T17:39:27.62522Z","times_seen":14482959,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":44,"dns":20,"connect":1,"send":0,"wait":108,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cca-lite.coinbase.com/metrics","fqdn":"cca-lite.coinbase.com","domain":"coinbase.com","tld":"com"},"ip":{"addr":"104.18.35.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:48.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coinbase.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 03:43:54 GMT","end":"Wed, 17 Jun 2026 04:43:51 GMT"},"fingerprint":{"sha1":"09:0C:1A:6D:8E:CD:D8:59:2C:56:C0:BB:30:80:8E:F8:40:F6:B3:CD","sha256":"2E:F7:6F:58:95:1E:70:41:A0:8A:27:66:79:BE:73:05:AF:57:18:BB:7F:4F:4C:27:4B:19:43:C1:0E:19:3E:D5"}}},"request":{"raw":"POST /metrics HTTP/1.1\r\nHost: cca-lite.coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1999\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1999,"data":"{\"metrics\":[{\"metric_name\":\"perf_redirect_time\",\"page_path\":null,\"value\":0,\"tags\":{\"authed\":\"false\",\"platform\":\"web\",\"is_low_end_device\":false,\"is_low_end_experience\":false,\"page_key\":\"\",\"save_data\":false,\"service_worker\":\"unsupported\",\"is_perf_metric\":true,\"project_name\":\"base_account_sdk\",\"version_name\":\"1.0.0\"},\"type\":\"histogram\"},{\"metric_name\":\"perf_time_to_first_byte\",\"page_path\":null,\"value\":156,\"tags\":{\"authed\":\"false\",\"platform\":\"web\",\"is_low_end_device\":false,\"is_low_end_experience\":false,\"page_key\":\"\",\"save_data\":false,\"service_worker\":\"unsupported\",\"is_perf_metric\":true,\"project_name\":\"base_account_sdk\",\"version_name\":\"1.0.0\"},\"type\":\"histogram\"},{\"metric_name\":\"perf_web_vitals_ttfb_good\",\"page_path\":null,\"value\":1,\"tags\":{\"authed\":\"false\",\"platform\":\"web\",\"is_low_end_device\":false,\"is_low_end_experience\":false,\"page_key\":\"\",\"save_data\":false,\"service_worker\":\"unsupported\",\"is_perf_metric\":true,\"project_name\":\"base_account_sdk\",\"version_name\":\"1.0.0\"},\"type\":\"count\"},{\"metric_name\":\"perf_web_vitals_fcp_good\",\"page_path\":null,\"value\":1,\"tags\":{\"authed\":\"false\",\"platform\":\"web\",\"is_low_end_device\":false,\"is_low_end_experience\":false,\"page_key\":\"\",\"save_data\":false,\"service_worker\":\"unsupported\",\"is_perf_metric\":true,\"project_name\":\"base_account_sdk\",\"version_name\":\"1.0.0\"},\"type\":\"count\"},{\"metric_name\":\"perf_storage_estimate_caches\",\"page_path\":null,\"value\":null,\"tags\":{\"authed\":\"false\",\"platform\":\"web\",\"is_low_end_device\":false,\"is_low_end_experience\":false,\"page_key\":\"\",\"save_data\":false,\"service_worker\":\"unsupported\",\"is_perf_metric\":true,\"project_name\":\"base_account_sdk\",\"version_name\":\"1.0.0\"},\"type\":\"histogram\"},{\"metric_name\":\"perf_storage_estimate_indexed_db\",\"page_path\":null,\"value\":null,\"tags\":{\"authed\":\"false\",\"platform\":\"web\",\"is_low_end_device\":false,\"is_low_end_experience\":false,\"page_key\":\"\",\"save_data\":false,\"service_worker\":\"unsupported\",\"is_perf_metric\":true,\"project_name\":\"base_account_sdk\",\"version_name\":\"1.0.0\"},\"type\":\"histogram\"}]}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 03:05:49 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nx-content-type-options: nosniff\r\ntrace-id: 7896139402378448864\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nset-cookie: cb_dm=c326a4ba-a148-4873-9981-5e5e4b81622f; Path=/; Domain=coinbase.com; Expires=Fri, 25 Apr 2036 03:05:49 GMT; HttpOnly; Secure\n__cf_bm=kM_HSQ.CvK8Qz829HOazoVe6uaicBBuHW7c.GQGHNYo-1777086348.5854316-1.0.1.1-d5pxE4B3Uf.G7oiC6Jjmettn8SwTTIuH5i8RpUoeYOrTPswiAkjSkiIxkUX2GMF0PXuGnP6GmQTyM_fhawxl.IveLMcEeNv9YzFSDl.g.Vxp1cfXiIXi1_KGPzDnpNTg; HttpOnly; Secure; Path=/; Domain=coinbase.com; Expires=Sat, 25 Apr 2026 03:35:49 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aFngCFNMMcbG2Am%2BQ8O1%2Bvvoc9B%2BSsY7XqPDOCxISqzLUQS40uBccYFaulKYGEsG1Bc696vWRXzZ3IhNjyvENGWr1kxoPKz%2BpCOva%2FnhyRCt38m8OJ5fIvkoDLYtUH0rQQHIW9%2BY4w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: 9f1a20cea8045695-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T17:39:27.62522Z","times_seen":14482959,"resource_available":true,"data":null}},"time_used":631,"timings":{"blocked":41,"dns":21,"connect":1,"send":0,"wait":549,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cca-lite.coinbase.com/amp","fqdn":"cca-lite.coinbase.com","domain":"coinbase.com","tld":"com"},"ip":{"addr":"104.18.35.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:48.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coinbase.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 03:43:54 GMT","end":"Wed, 17 Jun 2026 04:43:51 GMT"},"fingerprint":{"sha1":"09:0C:1A:6D:8E:CD:D8:59:2C:56:C0:BB:30:80:8E:F8:40:F6:B3:CD","sha256":"2E:F7:6F:58:95:1E:70:41:A0:8A:27:66:79:BE:73:05:AF:57:18:BB:7F:4F:4C:27:4B:19:43:C1:0E:19:3E:D5"}}},"request":{"raw":"POST /amp HTTP/1.1\r\nHost: cca-lite.coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 4458\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bless.zanggu.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4458,"data":"e=%5B%7B%22device_id%22%3A%2253c7277c-76d8-4256-a563-f02be4d5f6ac%22%2C%22user_id%22%3Anull%2C%22timestamp%22%3A1777086343534%2C%22event_id%22%3A1%2C%22session_id%22%3A1777086348550%2C%22event_type%22%3A%22perf_time_to_first_byte%22%2C%22version_name%22%3A%221.0.0%22%2C%22platform%22%3A%22Web%22%2C%22os_name%22%3A%22Firefox%22%2C%22os_version%22%3A%22134%22%2C%22device_model%22%3A%22Windows%22%2C%22language%22%3A%22en-US%22%2C%22event_properties%22%3A%7B%22action%22%3A%22measurement%22%2C%22duration%22%3A156%2C%22vitalsScore%22%3A%22good%22%2C%22deviceMemory%22%3A0%2C%22hardwareConcurrency%22%3A48%2C%22isLowEndDevice%22%3Afalse%2C%22isLowEndExperience%22%3Afalse%2C%22serviceWorkerStatus%22%3A%22unsupported%22%2C%22auth%22%3A0%2C%22component_type%22%3A%22page%22%2C%22platform%22%3A%22web%22%2C%22project_name%22%3A%22base_account_sdk%22%2C%22locale%22%3Anull%2C%22session_lcc_id%22%3Anull%2C%22time_start%22%3A1777086343476%2C%22has_double_fired%22%3Afalse%2C%22session_uuid%22%3A%22322ee339-392c-471d-a26e-b35f3932d6c9%22%2C%22height%22%3A1024%2C%22width%22%3A1280%7D%2C%22user_properties%22%3A%7B%7D%2C%22uuid%22%3A%22ad49b6fb-3a3b-4b4d-ae7a-a5775d6aac48%22%2C%22library%22%3A%7B%22name%22%3A%22%40cbhq%2Fclient-analytics%22%2C%22version%22%3A%2210.6.0%22%7D%2C%22sequence_number%22%3A1%2C%22user_agent%22%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0%22%7D%2C%7B%22device_id%22%3A%2253c7277c-76d8-4256-a563-f02be4d5f6ac%22%2C%22user_id%22%3Anull%2C%22timestamp%22%3A1777086343535%2C%22event_id%22%3A2%2C%22session_id%22%3A1777086348550%2C%22event_type%22%3A%22perf_first_contentful_paint%22%2C%22version_name%22%3A%221.0.0%22%2C%22platform%22%3A%22Web%22%2C%22os_name%22%3A%22Firefox%22%2C%22os_version%22%3A%22134%22%2C%22device_model%22%3A%22Windows%22%2C%22language%22%3A%22en-US%22%2C%22event_properties%22%3A%7B%22action%22%3A%22measurement%22%2C%22duration%22%3A544%2C%22vitalsScore%22%3A%22good%22%2C%22deviceMemory%22%3A0%2C%22hardwareConcurrency%22%3A48%2C%22isLowEndDevice%22%3Afalse%2C%22isLowEndExperience%22%3Afalse%2C%22serviceWorkerStatus%22%3A%22unsupported%22%2C%22auth%22%3A0%2C%22component_type%22%3A%22page%22%2C%22platform%22%3A%22web%22%2C%22project_name%22%3A%22base_account_sdk%22%2C%22locale%22%3Anull%2C%22session_lcc_id%22%3Anull%2C%22time_start%22%3A1777086343476%2C%22has_double_fired%22%3Afalse%2C%22session_uuid%22%3A%22322ee339-392c-471d-a26e-b35f3932d6c9%22%2C%22height%22%3A1024%2C%22width%22%3A1280%7D%2C%22user_properties%22%3A%7B%7D%2C%22uuid%22%3A%22a5f9e1c6-0e23-4b7d-b3b4-1be0ce944998%22%2C%22library%22%3A%7B%22name%22%3A%22%40cbhq%2Fclient-analytics%22%2C%22version%22%3A%2210.6.0%22%7D%2C%22sequence_number%22%3A2%2C%22user_agent%22%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0%22%7D%2C%7B%22device_id%22%3A%2253c7277c-76d8-4256-a563-f02be4d5f6ac%22%2C%22user_id%22%3Anull%2C%22timestamp%22%3A1777086343548%2C%22event_id%22%3A3%2C%22session_id%22%3A1777086348550%2C%22event_type%22%3A%22perf_storage_estimate%22%2C%22version_name%22%3A%221.0.0%22%2C%22platform%22%3A%22Web%22%2C%22os_name%22%3A%22Firefox%22%2C%22os_version%22%3A%22134%22%2C%22device_model%22%3A%22Windows%22%2C%22language%22%3A%22en-US%22%2C%22event_properties%22%3A%7B%22action%22%3A%22measurement%22%2C%22quota%22%3A6016.7793%2C%22usage%22%3A0%2C%22caches%22%3Anull%2C%22indexedDB%22%3Anull%2C%22serviceWorker%22%3Anull%2C%22deviceMemory%22%3A0%2C%22hardwareConcurrency%22%3A48%2C%22isLowEndDevice%22%3Afalse%2C%22isLowEndExperience%22%3Afalse%2C%22serviceWorkerStatus%22%3A%22unsupported%22%2C%22auth%22%3A0%2C%22component_type%22%3A%22page%22%2C%22platform%22%3A%22web%22%2C%22project_name%22%3A%22base_account_sdk%22%2C%22locale%22%3Anull%2C%22session_lcc_id%22%3Anull%2C%22time_start%22%3A1777086343476%2C%22has_double_fired%22%3Afalse%2C%22session_uuid%22%3A%22322ee339-392c-471d-a26e-b35f3932d6c9%22%2C%22height%22%3A1024%2C%22width%22%3A1280%7D%2C%22user_properties%22%3A%7B%7D%2C%22uuid%22%3A%226308ecf1-64c4-40af-8401-7e3eeb7504ae%22%2C%22library%22%3A%7B%22name%22%3A%22%40cbhq%2Fclient-analytics%22%2C%22version%22%3A%2210.6.0%22%7D%2C%22sequence_number%22%3A3%2C%22user_agent%22%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0%22%7D%5D\u0026v=2\u0026upload_time=1777086348553\u0026client=c66737ad47ec354ced777935b0af822e\u0026checksum=053c0891ff8fba5edbee3d277a55b682"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 25 Apr 2026 03:05:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 7\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\nx-content-type-options: nosniff\r\ntrace-id: 6342328237166646108\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EVk3SmIKNGPbxpvIBvXk1da5ke1vFz7uavs3KToyKk1nQbIP0oFR2MkT41JfJNEgOajBPNUEFhx1ZI6D2yrnPj%2FRPuBIUj1krmu2Yd9p%2BYNdfGoe7XjMmJxfD5GBcr5UgmfOlvECuQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nset-cookie: cb_dm=1cefa54e-69d3-4c2c-bdb9-e649919de99a; Path=/; Domain=coinbase.com; Expires=Fri, 25 Apr 2036 03:05:48 GMT; HttpOnly; Secure\n__cf_bm=t.I5xDxvQqdxg.lbVG1cQIoN0DEcCVGMYRMmiBm3L6I-1777086348.5865602-1.0.1.1-GD3L8MCfSoK1qDRkOcpznjS7TqoOaBEx3kDmeGV6VxmyquA0IfX5Qr9yXdJFixER.cBGfixuyUnbJj7aoA8mltAcIdl6._fszlzpCxxS4VCUqxpEn30KBvQ6qPCYZUR.; HttpOnly; Secure; Path=/; Domain=coinbase.com; Expires=Sat, 25 Apr 2026 03:35:48 GMT\r\ncf-ray: 9f1a20ceac104c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T17:39:27.62522Z","times_seen":14482959,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":24,"dns":3,"connect":4,"send":0,"wait":119,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189119\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T17:38:35.650867Z","times_seen":162101,"resource_available":false,"data":null}},"time_used":808,"timings":{"blocked":396,"dns":5,"connect":22,"send":0,"wait":8,"receive":5,"ssl":369},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:41.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://bless.zanggu.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 22 Apr 2026 22:33:43 GMT\r\nexpires: Thu, 22 Apr 2027 22:33:43 GMT\r\ncache-control: public, max-age=31536000\r\nage: 189119\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-01T17:38:35.650867Z","times_seen":162101,"resource_available":false,"data":null}},"time_used":841,"timings":{"blocked":411,"dns":5,"connect":10,"send":0,"wait":9,"receive":6,"ssl":397},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/assets/brotli_wasm_bg-NfWIZley.wasm","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:43.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"GET /assets/brotli_wasm_bg-NfWIZley.wasm HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:43 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-05-01T16:47:00.106143Z","times_seen":21691,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bless.zanggu.net/","fqdn":"bless.zanggu.net","domain":"zanggu.net","tld":"net"},"ip":{"addr":"45.140.205.214","port":443,"asn":35830,"as":"BTT Group Finance Ltd","country":"Israel","country_code":"IL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://bless.zanggu.net/","date":"2026-04-25T03:05:43.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zanggu.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 19:10:20 GMT","end":"Sun, 12 Jul 2026 19:10:19 GMT"},"fingerprint":{"sha1":"CB:DE:35:16:27:F0:0A:56:D6:E8:DE:FC:7C:1C:47:78:41:08:0A:C6","sha256":"FA:36:C4:92:BE:1A:F7:ED:89:6E:D0:9E:51:1C:72:8F:EA:22:21:5A:3E:8D:B3:FC:8F:DE:4D:D5:4E:AC:14:F2"}}},"request":{"raw":"HEAD / HTTP/1.1\r\nHost: bless.zanggu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://bless.zanggu.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Sat, 25 Apr 2026 03:05:43 GMT\r\nContent-Type: text/html\r\nLast-Modified: Sun, 19 Apr 2026 13:57:11 GMT\r\nConnection: keep-alive\r\nETag: W/\"69e4df37-6ba2\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T17:39:27.62522Z","times_seen":14482959,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}