{"report_id":"bbe6132a-968c-4a4a-a11b-16af61fe91f7","version":6,"status":"done","tags":[],"date":"2026-03-22T22:37:27Z","url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"title":"大红鹰795388ocm(中国)App Store","dom":{"size":2049,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1396)","md5":"9181ca5f6a2219dbd2845ade9c2325cb","sha1":"b22643f9a12e87124915d224218b2324bc2c93e4","sha256":"61bcf54184822efb50c9cc1c96d70b0d9c725af24d3454ca752738a34c4d2632","sha512":"6ab7a41864b4bd80eb68782e413347d93c4b6449863c77e30384597004ee321f076d6ddeadd2d3cbd2241c408e4f216200684212be3470e6590f8f8063eb5e2a","ssdeep":"","tlshash":"874121af5c40da185aa359e8adfbf60cc86a0026950dcc07f4e9d0ce2ea4fd4082335c","dom_hash":"domhashbbe4ca4e66a8b6025c3760a6ff574296","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":0,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-26T22:37:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"news.jlu.edu.cn","ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-10-19T02:06:49.093228Z","last_seen":"2026-03-22T08:14:26.92816Z","alert_count":0,"request_count":22,"received_data":1023416,"sent_data":10258,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fcl.xueyuxingfeng.com","ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2021-06-17","domain_rank":0,"first_seen":"2021-06-17T13:30:21Z","last_seen":"2026-03-17T00:31:00.03382Z","alert_count":4,"request_count":2,"received_data":7284,"sent_data":872,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"test.xinxiyidiantong.com","ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2019-08-03","domain_rank":0,"first_seen":"2021-06-25T14:04:50Z","last_seen":"2026-03-21T06:33:27.022221Z","alert_count":3,"request_count":3,"received_data":42827,"sent_data":1369,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.share.baidu.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"1999-10-11","domain_rank":1421601,"first_seen":"2013-04-25T14:45:11Z","last_seen":"2026-03-18T23:10:38.734704Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":387,"comment":"","tags":null,"fingerprints":null},{"fqdn":"qiufacai.top","ip":{"addr":"143.92.57.31","port":15668,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2025-02-13","domain_rank":0,"first_seen":"2025-02-16T10:26:31.077897Z","last_seen":"2026-03-19T02:49:54.784912Z","alert_count":0,"request_count":1,"received_data":3071,"sent_data":716,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"push.zhanzhang.baidu.com","ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":1485849,"first_seen":"2015-07-22T05:44:02Z","last_seen":"2026-03-19T01:54:50.296368Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":342,"comment":"","tags":null,"fingerprints":null},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-03-16T04:41:01.468216Z","alert_count":0,"request_count":2,"received_data":733,"sent_data":800,"comment":"","tags":null,"fingerprints":null},{"fqdn":"1248g.3894.9hid.com","ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"domain_registered":"2011-09-02","domain_rank":0,"first_seen":"2025-12-30T03:15:15.515014Z","last_seen":"2025-12-30T03:15:15.515014Z","alert_count":57,"request_count":57,"received_data":1531907,"sent_data":23802,"comment":"","tags":null,"fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d172ad00d001832e479481ad12a7594d","sha1":"3e2e724e25f1d136d221431eaf2174ce1ef47967","sha256":"c052d55ad8ee0753e14b2b0a3deed82162ae2fea3339a7c67979572ac0076421","sha512":"81e5bc4c88294c4730a71fd683a11ce76485548bf85d1e57c6099500e56b10c90825e4b9354324dc18dab9a8c92d8a03d59daf8a27fc990700e752e09849522f","ssdeep":"","tlshash":"e780047d5517c301311110c0505d0fc54371011540057454400c030cc0c55c514cd00d","size":38,"data":"","first_seen":"2025-10-19T02:06:58.361251Z","last_seen":"2026-03-23T01:57:48.210333Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"892db832a0793e0aa8f61210acacdd34","sha1":"d771e3cbe20df7f837f32c9dc27e7e44f393b1c2","sha256":"738f8fb44ea032650edfc9a47ae4eb8e5933c6f507a737ade274eb25e0504145","sha512":"9bc1bff0513d3f144636a2bd64e0e0db4689fb4a210372f099c80e17af37bcabc4a8561a2af31abc86909d7ec297fb52932c0bc77579042ebe806712f446fe9b","ssdeep":"","tlshash":"f0011de8c7c8d85b6edc6d43ea18deca21b2913b97d971878318fe8c05ad192d45c449","size":737,"data":"","first_seen":"2025-01-01T02:43:40.345281Z","last_seen":"2026-03-29T22:22:42.390087Z","times_seen":70,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/index.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a625f940af78110e664ca0a4e96b9420","sha1":"b78f77b88d43e219891a660a09aaa47af92a3fbe","sha256":"e1e47b594d4d6ea5345c81fc5d6fa79fa51ddb0d2dd6ad43079385d50a36aa43","sha512":"48e6b092381f581f6ba0906321f219fce7c72ce231868963ca9b73dbfd6735ed6d4c54485601b6bba8b087155f6f0aa3bdc53e5f13063c1d7a12a3d046cb4621","ssdeep":"","tlshash":"0ed02b31150057fb68be340c6cd5b5dc1090213c7e07719889a18c073caf42071fc14f","size":264,"data":"","first_seen":"2025-10-19T02:06:58.086552Z","last_seen":"2026-03-23T01:57:48.193788Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3a95d86dee5814a8be901650b7b49c8","sha1":"ea39feb97f2de86ebdaaad0ab0838411486ad8a2","sha256":"131f6acc3a2ea8dc01418f7c490744c7637201feb0743fff50e6a1c111a3ffd3","sha512":"76274de4614c2dec6e0144365542bb29f330ac7a2d6849420d74ad4c6ce2e83b6d1ac811231e2776fbcdf1d4ca6fdd695419ae6404268b6ab67472e3e7713ad1","ssdeep":"","tlshash":"c1c04c117fe01b94100a73be580b5ca8570a387faafc2268c64e0040aa9d1771ac2a29","size":152,"data":"","first_seen":"2025-10-19T02:06:58.376734Z","last_seen":"2026-03-23T01:57:48.211717Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"35e0cd65c31da12894ad167d5ee3fd93","sha1":"414e3bc6225a9eabc5d2f80453f7e7f81fea6216","sha256":"a3ce739d443ce55baa92132f34698978dac59ccd9db523b368cec1181ad76cac","sha512":"c5c93a1544ee01f5f42dc2d4c8cda8471d58f85a9ddf85d33f9fbf90bb9c4e3022f481a9588784aad9035b0145f4d876e0e18ad77136e943299ac79bc3044a3c","ssdeep":"","tlshash":"eee0c28601464b31b4ea132d2ce1b4902292002b3c028069b3ed16279f5eb1a28a679c","size":334,"data":"","first_seen":"2025-10-08T02:22:32.075462Z","last_seen":"2026-03-23T01:57:48.21273Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/TouchSlide.1.1.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7b3f449701b95e8137f3fa0e715e821","sha1":"2983ac0a4fc19886b14cb1f361cfdec9921f054f","sha256":"1f9845e51deecf33b043b10a45845e2c5a1a0f0172ccfabc0fd549d3672dbeaa","sha512":"c405ed6bd527a454b65b4a7907f9c97b637264377dfa93c39290d44c4514f31b84f975f9d176642afbf1fb2f5c6676a43834df159b3004352f913a5166d799bb","ssdeep":"96:wTiFUJOshwUqD28rIeYdEj2ubsKjA/pjlWObw86PiScB28ox8zvZ:wTQshwTSDeYC6uoHvvPfMxxavZ","tlshash":"31c1e96336183df75453b3d560ef51482079552afe0a48d89935ec816ebdc8e22d3fe8","size":5804,"data":"","first_seen":"2023-03-07T13:00:55Z","last_seen":"2026-03-29T05:51:35.985222Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"95ed3dec25fdfa5d4ce44648eaea4eda","sha1":"22760357e09b79380218df2b844ddab3781ed5d4","sha256":"f682f1fe528fc0d14582a72c336a91159ac80e818a1988ba68aa3ce35fd475a5","sha512":"b7429f404b9c7a2f849a5190692c84ddfd9a5cddd69428ec2bf04a81a34c5b3f68c13e9f1b9c8ff9f3adbed0cf26a17db603f11ba3f209bb88e08c62c9129c0d","ssdeep":"","tlshash":"09b09290ffa05884100cb376284a1ce8470b387faaf422e8474e0000ba9e0372ada2b9","size":125,"data":"","first_seen":"2025-10-19T02:06:58.390154Z","last_seen":"2026-03-23T01:57:48.213662Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f559cfd76a20b3b21dfb49f4bc6a0de0","sha1":"80dee691763c602631d23a83ef7dde5b32c9785b","sha256":"66c2de4a13d6385752528282071f30c9ee5e7e5ba42344873e91c5ebcd55f9d6","sha512":"3149e5a344c4157f1a11bbb65f1e11b7dcbdd8c4bbf532bdff89dd9e07b2135b6ad677acfffe2cd3450790c607b9f1052e33fb9d43593d8a67ea053ded78e54e","ssdeep":"","tlshash":"fff09e7ee841a1686ad329f85b9bd648d16e0028d409c447a5eac4ce2c38fd4082634c","size":502,"data":"","first_seen":"2025-10-19T02:06:58.366769Z","last_seen":"2026-03-29T22:22:42.423934Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"84439a0fc8e3ee18481934bab277a925","sha1":"5b25f62742334d28d0ac9e5f038a3f92b4d21665","sha256":"4cfce83d35c22b053b41d7fa82eb5e2c6c7d37fcef922dc6a490680c2f35e10e","sha512":"824eb46395a37be306fcbfcef51c750f21bd3dcf6f0bb9da9ac505067ca0590f591b8086e5e1d9fac0d94f1edcb9cec60e0f9719e7c2baa6b294f6f6ccc14e71","ssdeep":"","tlshash":"55c012223ef49a00148ca0bf480a1f25cb02bc2fe6fa3728a10e1044f0cc13b09ca318","size":179,"data":"","first_seen":"2025-10-19T02:06:58.413561Z","last_seen":"2026-03-23T01:57:48.214564Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"79bc8cf2c83c63f8131929abf93e55d4","sha1":"c9a281971ceec218f2cc669581c15d7cccde5aec","sha256":"e1c61a1ace522ec6a93baac161474119b9e5fb5caeb187770bc4e382434d90ef","sha512":"9c9727bbb90a2f2d21424550e9ad47d9ec4de738309b9dae3f0c21ece8e51a737eb4eb9548f527b75ae833479b4d00e1785bcd97a0468c3a7ac57804660002d9","ssdeep":"","tlshash":"09c04c503ea0d9c410a8a47599496c78f60af90fa6f42368551e0125aeec73319e2715","size":152,"data":"","first_seen":"2025-10-19T02:06:58.418825Z","last_seen":"2026-03-23T01:57:48.215445Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"6610d9b12b5715b295cc3f71b9ce1486","sha1":"2bfe05b2a891fb2ab9d8fc35326cb85b15f044f0","sha256":"400b4f6911222c0e663922f1beb34730a402be641a6f4f89815bf4976c0d4523","sha512":"f8a9d7eb12ea1d496239aa1c48507b20dc2d45007db31fb3d064b5b0f0538930ea30ed48adff66571081b1b9cb5641196be8241a9d208845a0e0cae444828be9","ssdeep":"","tlshash":"9ca01108f2a02a00a2b308288b0f0008aaa008cb3803c800380c2880ef080aa8a23ecf","size":86,"data":"","first_seen":"2025-10-19T02:06:58.426825Z","last_seen":"2026-03-23T01:57:48.216316Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0151dab2992e042a168ba6a961436fd1","sha1":"b4386693927b0926367452161cabcfd05348c7e7","sha256":"fdb10f19f659371a56010118e05c1b277b0b1698a55183f9d529a78d69792098","sha512":"5b3031252bd93cbe4050f683e2217eac5e5f4007dc91bfba4933440c9b2fc91a8c10c03601c602e7ec3a68afc0e1f2d97f177661067dffa08903e3ea4648c242","ssdeep":"","tlshash":"dd014c06f1fa0127e1bb212708639798283e0cef85594e74f53d3eb13f58285db65769","size":802,"data":"","first_seen":"2025-10-19T02:06:58.463118Z","last_seen":"2026-03-23T01:57:48.217139Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3bf742b87eab13561c08070eaee6416","sha1":"fd4c07a8cccbfa6136825ee1e464c182ac0ad0d1","sha256":"95f8b67817f438cf0f147a83f95ae7c2846cf875691a1836239095cdf98f752b","sha512":"8dc25424a6738fabba8148bd305777d8238168992299a9ac467547678048ad60eb9cf1a50b98e3bbac3ec89e205f34ad100a3bbeefd4c38266d0663df0cf0afb","ssdeep":"","tlshash":"c1e026aa29721674578419fa992ff92cf1aa627c0554e003f58dfc230424eef4e2ead5","size":345,"data":"","first_seen":"2023-03-11T21:10:52Z","last_seen":"2026-04-05T04:58:55.074767Z","times_seen":2795,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","size":281,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T07:15:15.461149Z","times_seen":20923,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"892db832a0793e0aa8f61210acacdd34","sha1":"d771e3cbe20df7f837f32c9dc27e7e44f393b1c2","sha256":"738f8fb44ea032650edfc9a47ae4eb8e5933c6f507a737ade274eb25e0504145","sha512":"9bc1bff0513d3f144636a2bd64e0e0db4689fb4a210372f099c80e17af37bcabc4a8561a2af31abc86909d7ec297fb52932c0bc77579042ebe806712f446fe9b","ssdeep":"","tlshash":"f0011de8c7c8d85b6edc6d43ea18deca21b2913b97d971878318fe8c05ad192d45c449","size":737,"data":"","first_seen":"2025-01-01T02:43:40.345281Z","last_seen":"2026-03-29T22:22:42.390087Z","times_seen":70,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery-1.9.1.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"90e4193ae3817216f39fc2c29b9a61d6","sha1":"074802fc40c4b6c46510cc33bc542727902ddb8e","sha256":"672907d5c8b56608165d350c8feb9b89b315ae145c8c127a7cb5a33a0ec320c6","sha512":"6d9b8ba2cbc92e92487632ad338542d1e0052290f2aa169d55c20dce425c8917accb201be9227b08efd48256f1a31cc19f3a3cc4de8dd56d3a2d9445e30ae36b","ssdeep":"1536:Znu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rban1RUR:ZdkWgoBhcZRQgmgY2qe","tlshash":"e8932bdd72d2b02257ab31bd006f540ff2361959280d8850f278d8f9bc79a49a277f6d","size":92615,"data":"","first_seen":"2025-10-19T02:06:58.008873Z","last_seen":"2026-03-23T01:57:48.183412Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b8ea1159c99283310ed514ef543026b","sha1":"b90dc9ae9dcf59372f251efa5f680b1b6cb579d2","sha256":"4203753162ab83a587168249d73517143c96526dd9ff0ea4b9f19e2cffff43dc","sha512":"259725cf281a93a4fa6965a99f4f9fb74c8edaa7d3dfc2c522f2d5f86a71942fde3c8d10341a94443ac64764695a2b283cc8d43a4df887e9b955ba7c60adb4d4","ssdeep":"","tlshash":"9cb01288002e155280208566b03116d9a11500f562cb9c2eb0cf098ce718d014058f35","size":91,"data":"","first_seen":"2023-03-07T12:04:23Z","last_seen":"2026-04-02T01:51:38.557509Z","times_seen":503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/advanced/ali/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"ead0945734d2df1393f97b83395ce5a5","sha1":"02075f8db8ec645ac0333d11f29cf592e34fe824","sha256":"acc560eecd34add4d045a64d0261d40c73f6b19af0ed698921622e9d7fe616fe","sha512":"9747e0b01ffa510bf24d56e9c634c930f3c04b61d35e1c9d305087fcb3e00adeb5896cd70542dbeb58d0de07b7331a79d9e5799f15b98c4a0f7bfe37f44d7736","ssdeep":"","tlshash":"39612e94ef8d20338e133165ae6f958c24be68577944eca7f80c64d44fa0d38852beac","size":3361,"data":"","first_seen":"2025-02-18T11:26:37.42474Z","last_seen":"2026-04-04T16:12:34.550874Z","times_seen":330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery-1.9.1.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"90e4193ae3817216f39fc2c29b9a61d6","sha1":"074802fc40c4b6c46510cc33bc542727902ddb8e","sha256":"672907d5c8b56608165d350c8feb9b89b315ae145c8c127a7cb5a33a0ec320c6","sha512":"6d9b8ba2cbc92e92487632ad338542d1e0052290f2aa169d55c20dce425c8917accb201be9227b08efd48256f1a31cc19f3a3cc4de8dd56d3a2d9445e30ae36b","ssdeep":"1536:Znu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rban1RUR:ZdkWgoBhcZRQgmgY2qe","tlshash":"e8932bdd72d2b02257ab31bd006f540ff2361959280d8850f278d8f9bc79a49a277f6d","size":92615,"data":"","first_seen":"2025-10-19T02:06:58.008873Z","last_seen":"2026-03-23T01:57:48.183412Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b8ea1159c99283310ed514ef543026b","sha1":"b90dc9ae9dcf59372f251efa5f680b1b6cb579d2","sha256":"4203753162ab83a587168249d73517143c96526dd9ff0ea4b9f19e2cffff43dc","sha512":"259725cf281a93a4fa6965a99f4f9fb74c8edaa7d3dfc2c522f2d5f86a71942fde3c8d10341a94443ac64764695a2b283cc8d43a4df887e9b955ba7c60adb4d4","ssdeep":"","tlshash":"9cb01288002e155280208566b03116d9a11500f562cb9c2eb0cf098ce718d014058f35","size":91,"data":"","first_seen":"2023-03-07T12:04:23Z","last_seen":"2026-04-02T01:51:38.557509Z","times_seen":503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/dynclicks.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea0f5ba0d5be078b6f8f2d8362d5c06b","sha1":"56ad25656fee92af5dec43fde31d70b97a136c9d","sha256":"cb99083b3e09ea268f02b6423c9022cf930100269a24166de84c2b9e87afa25d","sha512":"64514868256f7f230523d466dd66c0880c42b3443152aa6cf470b5169add7134e587358e55c0a314da12f034b16fea6c9adcb50baeca1c34db4538337a5d2502","ssdeep":"","tlshash":"9d41f0f133a8a8a442152df8099d9b40f4b5640b2f28625c853efd55983cdca91f9edb","size":2159,"data":"","first_seen":"2023-10-16T23:09:21Z","last_seen":"2026-03-23T01:57:48.196483Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.la.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3111175d89853720d71826c62c596621","sha1":"1d7f57a9117e5aed7679113b6a9a0c8795189339","sha256":"4b287f9e7d0c9edef0379e86fd7715401b274962c901197abe737b929c10ef09","sha512":"df2c880e15e15578c1ac49397ddfd6db4b617c3cf8055ab7e443ab47734a12ed35f3ac186187a807224fc165442fb1742656647c572a37b110be1f62b91bb4a5","ssdeep":"","tlshash":"cb21149f7c06e2546b622d6633bbedacd9be00315409c80665fac16d2c26ff80617b4c","size":1220,"data":"","first_seen":"2025-10-19T02:06:58.240171Z","last_seen":"2026-03-29T22:22:42.40084Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7b8ea1159c99283310ed514ef543026b","sha1":"b90dc9ae9dcf59372f251efa5f680b1b6cb579d2","sha256":"4203753162ab83a587168249d73517143c96526dd9ff0ea4b9f19e2cffff43dc","sha512":"259725cf281a93a4fa6965a99f4f9fb74c8edaa7d3dfc2c522f2d5f86a71942fde3c8d10341a94443ac64764695a2b283cc8d43a4df887e9b955ba7c60adb4d4","ssdeep":"","tlshash":"9cb01288002e155280208566b03116d9a11500f562cb9c2eb0cf098ce718d014058f35","size":91,"data":"","first_seen":"2023-03-07T12:04:23Z","last_seen":"2026-04-02T01:51:38.557509Z","times_seen":503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/TouchSlide.1.1.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7b3f449701b95e8137f3fa0e715e821","sha1":"2983ac0a4fc19886b14cb1f361cfdec9921f054f","sha256":"1f9845e51deecf33b043b10a45845e2c5a1a0f0172ccfabc0fd549d3672dbeaa","sha512":"c405ed6bd527a454b65b4a7907f9c97b637264377dfa93c39290d44c4514f31b84f975f9d176642afbf1fb2f5c6676a43834df159b3004352f913a5166d799bb","ssdeep":"96:wTiFUJOshwUqD28rIeYdEj2ubsKjA/pjlWObw86PiScB28ox8zvZ:wTQshwTSDeYC6uoHvvPfMxxavZ","tlshash":"31c1e96336183df75453b3d560ef51482079552afe0a48d89935ec816ebdc8e22d3fe8","size":5804,"data":"","first_seen":"2023-03-07T13:00:55Z","last_seen":"2026-03-29T05:51:35.985222Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/foot.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb6e6097308e3d9912378b85c4f58f1","sha1":"0e53a9b97b3a26efa53acaed3bf772e5ca3f1b74","sha256":"3e993693aab78908b18bde6ce869b000bdca7a7b951c7167afea9a10e1df98e8","sha512":"e04de4965d35d03d80c53af80f47a14572a9847b5040cc389a0e2bdc1d6ce13910c50cd1b2322ff4c7697331f1e2dada440bce80fd7d9447c9dc97a415ed733e","ssdeep":"96:cqOhewDeDDg+qoko8LJtDOyDRJMCkghp4es31/p4D3bKt7V60ND+QK4D+nD+QKTe:cqOhew2RqlL9tNlJMDgces31eD3bex63","tlshash":"b3b19734f3041b7eb0fe13b5195db1cda320163aeb088055b6e8685a6b7dbee311bb45","size":5159,"data":"","first_seen":"2025-10-08T02:22:32.050023Z","last_seen":"2026-03-23T01:57:48.185143Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/advanced/ali/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"ead0945734d2df1393f97b83395ce5a5","sha1":"02075f8db8ec645ac0333d11f29cf592e34fe824","sha256":"acc560eecd34add4d045a64d0261d40c73f6b19af0ed698921622e9d7fe616fe","sha512":"9747e0b01ffa510bf24d56e9c634c930f3c04b61d35e1c9d305087fcb3e00adeb5896cd70542dbeb58d0de07b7331a79d9e5799f15b98c4a0f7bfe37f44d7736","ssdeep":"","tlshash":"39612e94ef8d20338e133165ae6f958c24be68577944eca7f80c64d44fa0d38852beac","size":3361,"data":"","first_seen":"2025-02-18T11:26:37.42474Z","last_seen":"2026-04-04T16:12:34.550874Z","times_seen":330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/advanced/ali/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"ead0945734d2df1393f97b83395ce5a5","sha1":"02075f8db8ec645ac0333d11f29cf592e34fe824","sha256":"acc560eecd34add4d045a64d0261d40c73f6b19af0ed698921622e9d7fe616fe","sha512":"9747e0b01ffa510bf24d56e9c634c930f3c04b61d35e1c9d305087fcb3e00adeb5896cd70542dbeb58d0de07b7331a79d9e5799f15b98c4a0f7bfe37f44d7736","ssdeep":"","tlshash":"39612e94ef8d20338e133165ae6f958c24be68577944eca7f80c64d44fa0d38852beac","size":3361,"data":"","first_seen":"2025-02-18T11:26:37.42474Z","last_seen":"2026-04-04T16:12:34.550874Z","times_seen":330,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/counter.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ebfa2d857ab3dbef6017ecc86f9ef10","sha1":"575c2dc977f762b7821198d2946360b08bc97249","sha256":"acced8552b2f49a96c10c24fc95c3c0825f892fdb0aa69f9ee474e5fb11fd671","sha512":"856d2d4a86c7e7860c438fd7a467dddd84afd42a87b8cc6935a8e1f7530b842fe39548ec0eec7d610bcbe5a4c6d0712347c248e823f70990ade687ef6656eed1","ssdeep":"","tlshash":"932135e12cb70ce79e1db721a50712aebc65e571561dc0305904d13011b36caf0b7e39","size":1256,"data":"","first_seen":"2023-03-11T23:05:41Z","last_seen":"2026-04-04T00:47:48.101604Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce2aa1e5b96a3f52dee3c5e6ee4351fc","sha1":"23e9d79ff99694df72ae8e874b6ed16c6bed5762","sha256":"84576680a3d4eaad17aa6de22a7be6ee1a0716a63b2d4aa73d7baf813bd4b553","sha512":"7fd67a65763205df7f4e7533bb1be40b5980144454a89536470225fa3013b2ce801a85a2c63bb6ab2bc1592842de102de641a3854eff65f7a1ebcfd47866ff18","ssdeep":"1536:HXRKUpVgklsdZuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:te8FbGzA81+xRRi1Z3","tlshash":"7993e7d9b2d6716387b731bc50af510bb13698aa784c8c50f068d8e4be74a48907bf7d","size":93895,"data":"","first_seen":"2025-10-19T02:06:57.97612Z","last_seen":"2026-03-23T01:57:48.199147Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/index.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a625f940af78110e664ca0a4e96b9420","sha1":"b78f77b88d43e219891a660a09aaa47af92a3fbe","sha256":"e1e47b594d4d6ea5345c81fc5d6fa79fa51ddb0d2dd6ad43079385d50a36aa43","sha512":"48e6b092381f581f6ba0906321f219fce7c72ce231868963ca9b73dbfd6735ed6d4c54485601b6bba8b087155f6f0aa3bdc53e5f13063c1d7a12a3d046cb4621","ssdeep":"","tlshash":"0ed02b31150057fb68be340c6cd5b5dc1090213c7e07719889a18c073caf42071fc14f","size":264,"data":"","first_seen":"2025-10-19T02:06:58.086552Z","last_seen":"2026-03-23T01:57:48.193788Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/dynclicks.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea0f5ba0d5be078b6f8f2d8362d5c06b","sha1":"56ad25656fee92af5dec43fde31d70b97a136c9d","sha256":"cb99083b3e09ea268f02b6423c9022cf930100269a24166de84c2b9e87afa25d","sha512":"64514868256f7f230523d466dd66c0880c42b3443152aa6cf470b5169add7134e587358e55c0a314da12f034b16fea6c9adcb50baeca1c34db4538337a5d2502","ssdeep":"","tlshash":"9d41f0f133a8a8a442152df8099d9b40f4b5640b2f28625c853efd55983cdca91f9edb","size":2159,"data":"","first_seen":"2023-10-16T23:09:21Z","last_seen":"2026-03-23T01:57:48.196483Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/TouchSlide.1.1.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7b3f449701b95e8137f3fa0e715e821","sha1":"2983ac0a4fc19886b14cb1f361cfdec9921f054f","sha256":"1f9845e51deecf33b043b10a45845e2c5a1a0f0172ccfabc0fd549d3672dbeaa","sha512":"c405ed6bd527a454b65b4a7907f9c97b637264377dfa93c39290d44c4514f31b84f975f9d176642afbf1fb2f5c6676a43834df159b3004352f913a5166d799bb","ssdeep":"96:wTiFUJOshwUqD28rIeYdEj2ubsKjA/pjlWObw86PiScB28ox8zvZ:wTQshwTSDeYC6uoHvvPfMxxavZ","tlshash":"31c1e96336183df75453b3d560ef51482079552afe0a48d89935ec816ebdc8e22d3fe8","size":5804,"data":"","first_seen":"2023-03-07T13:00:55Z","last_seen":"2026-03-29T05:51:35.985222Z","times_seen":108,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/vsbscreen.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb321d224fc58c1b299d2dffa86b3b1e","sha1":"b17fbc82216eeb29a7b8e0731c810702feebccde","sha256":"9fa51b4a2a6b761aecd2e9dc5fa8bd0ecc247ec8d42b916d5d3e1095ef67c687","sha512":"89124daa801bdecc4b0552ce85f089173280bac1661564cb2b16217e4bdace3407cb4f22586243bdffcea57441242d8ae98e954277d0c23c9a74915d562a6c6d","ssdeep":"","tlshash":"8c512374f15daaae4373be253c2e2305a0a66d12c84ee503d781d934a4f8e872572f3d","size":3103,"data":"","first_seen":"2023-03-13T20:20:17Z","last_seen":"2026-03-23T01:57:48.198251Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/counter.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ebfa2d857ab3dbef6017ecc86f9ef10","sha1":"575c2dc977f762b7821198d2946360b08bc97249","sha256":"acced8552b2f49a96c10c24fc95c3c0825f892fdb0aa69f9ee474e5fb11fd671","sha512":"856d2d4a86c7e7860c438fd7a467dddd84afd42a87b8cc6935a8e1f7530b842fe39548ec0eec7d610bcbe5a4c6d0712347c248e823f70990ade687ef6656eed1","ssdeep":"","tlshash":"932135e12cb70ce79e1db721a50712aebc65e571561dc0305904d13011b36caf0b7e39","size":1256,"data":"","first_seen":"2023-03-11T23:05:41Z","last_seen":"2026-04-04T00:47:48.101604Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-04-05T07:45:35.102707Z","times_seen":81715,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce2aa1e5b96a3f52dee3c5e6ee4351fc","sha1":"23e9d79ff99694df72ae8e874b6ed16c6bed5762","sha256":"84576680a3d4eaad17aa6de22a7be6ee1a0716a63b2d4aa73d7baf813bd4b553","sha512":"7fd67a65763205df7f4e7533bb1be40b5980144454a89536470225fa3013b2ce801a85a2c63bb6ab2bc1592842de102de641a3854eff65f7a1ebcfd47866ff18","ssdeep":"1536:HXRKUpVgklsdZuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:te8FbGzA81+xRRi1Z3","tlshash":"7993e7d9b2d6716387b731bc50af510bb13698aa784c8c50f068d8e4be74a48907bf7d","size":93895,"data":"","first_seen":"2025-10-19T02:06:57.97612Z","last_seen":"2026-03-23T01:57:48.199147Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/foot.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb6e6097308e3d9912378b85c4f58f1","sha1":"0e53a9b97b3a26efa53acaed3bf772e5ca3f1b74","sha256":"3e993693aab78908b18bde6ce869b000bdca7a7b951c7167afea9a10e1df98e8","sha512":"e04de4965d35d03d80c53af80f47a14572a9847b5040cc389a0e2bdc1d6ce13910c50cd1b2322ff4c7697331f1e2dada440bce80fd7d9447c9dc97a415ed733e","ssdeep":"96:cqOhewDeDDg+qoko8LJtDOyDRJMCkghp4es31/p4D3bKt7V60ND+QK4D+nD+QKTe:cqOhew2RqlL9tNlJMDgces31eD3bex63","tlshash":"b3b19734f3041b7eb0fe13b5195db1cda320163aeb088055b6e8685a6b7dbee311bb45","size":5159,"data":"","first_seen":"2025-10-08T02:22:32.050023Z","last_seen":"2026-03-23T01:57:48.185143Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/index.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a625f940af78110e664ca0a4e96b9420","sha1":"b78f77b88d43e219891a660a09aaa47af92a3fbe","sha256":"e1e47b594d4d6ea5345c81fc5d6fa79fa51ddb0d2dd6ad43079385d50a36aa43","sha512":"48e6b092381f581f6ba0906321f219fce7c72ce231868963ca9b73dbfd6735ed6d4c54485601b6bba8b087155f6f0aa3bdc53e5f13063c1d7a12a3d046cb4621","ssdeep":"","tlshash":"0ed02b31150057fb68be340c6cd5b5dc1090213c7e07719889a18c073caf42071fc14f","size":264,"data":"","first_seen":"2025-10-19T02:06:58.086552Z","last_seen":"2026-03-23T01:57:48.193788Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/foot.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb6e6097308e3d9912378b85c4f58f1","sha1":"0e53a9b97b3a26efa53acaed3bf772e5ca3f1b74","sha256":"3e993693aab78908b18bde6ce869b000bdca7a7b951c7167afea9a10e1df98e8","sha512":"e04de4965d35d03d80c53af80f47a14572a9847b5040cc389a0e2bdc1d6ce13910c50cd1b2322ff4c7697331f1e2dada440bce80fd7d9447c9dc97a415ed733e","ssdeep":"96:cqOhewDeDDg+qoko8LJtDOyDRJMCkghp4es31/p4D3bKt7V60ND+QK4D+nD+QKTe:cqOhew2RqlL9tNlJMDgces31eD3bex63","tlshash":"b3b19734f3041b7eb0fe13b5195db1cda320163aeb088055b6e8685a6b7dbee311bb45","size":5159,"data":"","first_seen":"2025-10-08T02:22:32.050023Z","last_seen":"2026-03-23T01:57:48.185143Z","times_seen":40,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/counter.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ebfa2d857ab3dbef6017ecc86f9ef10","sha1":"575c2dc977f762b7821198d2946360b08bc97249","sha256":"acced8552b2f49a96c10c24fc95c3c0825f892fdb0aa69f9ee474e5fb11fd671","sha512":"856d2d4a86c7e7860c438fd7a467dddd84afd42a87b8cc6935a8e1f7530b842fe39548ec0eec7d610bcbe5a4c6d0712347c248e823f70990ade687ef6656eed1","ssdeep":"","tlshash":"932135e12cb70ce79e1db721a50712aebc65e571561dc0305904d13011b36caf0b7e39","size":1256,"data":"","first_seen":"2023-03-11T23:05:41Z","last_seen":"2026-04-04T00:47:48.101604Z","times_seen":201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ce2aa1e5b96a3f52dee3c5e6ee4351fc","sha1":"23e9d79ff99694df72ae8e874b6ed16c6bed5762","sha256":"84576680a3d4eaad17aa6de22a7be6ee1a0716a63b2d4aa73d7baf813bd4b553","sha512":"7fd67a65763205df7f4e7533bb1be40b5980144454a89536470225fa3013b2ce801a85a2c63bb6ab2bc1592842de102de641a3854eff65f7a1ebcfd47866ff18","ssdeep":"1536:HXRKUpVgklsdZuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:te8FbGzA81+xRRi1Z3","tlshash":"7993e7d9b2d6716387b731bc50af510bb13698aa784c8c50f068d8e4be74a48907bf7d","size":93895,"data":"","first_seen":"2025-10-19T02:06:57.97612Z","last_seen":"2026-03-23T01:57:48.199147Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"892db832a0793e0aa8f61210acacdd34","sha1":"d771e3cbe20df7f837f32c9dc27e7e44f393b1c2","sha256":"738f8fb44ea032650edfc9a47ae4eb8e5933c6f507a737ade274eb25e0504145","sha512":"9bc1bff0513d3f144636a2bd64e0e0db4689fb4a210372f099c80e17af37bcabc4a8561a2af31abc86909d7ec297fb52932c0bc77579042ebe806712f446fe9b","ssdeep":"","tlshash":"f0011de8c7c8d85b6edc6d43ea18deca21b2913b97d971878318fe8c05ad192d45c449","size":737,"data":"","first_seen":"2025-01-01T02:43:40.345281Z","last_seen":"2026-03-29T22:22:42.390087Z","times_seen":70,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/vsbscreen.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb321d224fc58c1b299d2dffa86b3b1e","sha1":"b17fbc82216eeb29a7b8e0731c810702feebccde","sha256":"9fa51b4a2a6b761aecd2e9dc5fa8bd0ecc247ec8d42b916d5d3e1095ef67c687","sha512":"89124daa801bdecc4b0552ce85f089173280bac1661564cb2b16217e4bdace3407cb4f22586243bdffcea57441242d8ae98e954277d0c23c9a74915d562a6c6d","ssdeep":"","tlshash":"8c512374f15daaae4373be253c2e2305a0a66d12c84ee503d781d934a4f8e872572f3d","size":3103,"data":"","first_seen":"2023-03-13T20:20:17Z","last_seen":"2026-03-23T01:57:48.198251Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery-1.9.1.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"90e4193ae3817216f39fc2c29b9a61d6","sha1":"074802fc40c4b6c46510cc33bc542727902ddb8e","sha256":"672907d5c8b56608165d350c8feb9b89b315ae145c8c127a7cb5a33a0ec320c6","sha512":"6d9b8ba2cbc92e92487632ad338542d1e0052290f2aa169d55c20dce425c8917accb201be9227b08efd48256f1a31cc19f3a3cc4de8dd56d3a2d9445e30ae36b","ssdeep":"1536:Znu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rban1RUR:ZdkWgoBhcZRQgmgY2qe","tlshash":"e8932bdd72d2b02257ab31bd006f540ff2361959280d8850f278d8f9bc79a49a277f6d","size":92615,"data":"","first_seen":"2025-10-19T02:06:58.008873Z","last_seen":"2026-03-23T01:57:48.183412Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/dynclicks.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ea0f5ba0d5be078b6f8f2d8362d5c06b","sha1":"56ad25656fee92af5dec43fde31d70b97a136c9d","sha256":"cb99083b3e09ea268f02b6423c9022cf930100269a24166de84c2b9e87afa25d","sha512":"64514868256f7f230523d466dd66c0880c42b3443152aa6cf470b5169add7134e587358e55c0a314da12f034b16fea6c9adcb50baeca1c34db4538337a5d2502","ssdeep":"","tlshash":"9d41f0f133a8a8a442152df8099d9b40f4b5640b2f28625c853efd55983cdca91f9edb","size":2159,"data":"","first_seen":"2023-10-16T23:09:21Z","last_seen":"2026-03-23T01:57:48.196483Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/vsbscreen.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb321d224fc58c1b299d2dffa86b3b1e","sha1":"b17fbc82216eeb29a7b8e0731c810702feebccde","sha256":"9fa51b4a2a6b761aecd2e9dc5fa8bd0ecc247ec8d42b916d5d3e1095ef67c687","sha512":"89124daa801bdecc4b0552ce85f089173280bac1661564cb2b16217e4bdace3407cb4f22586243bdffcea57441242d8ae98e954277d0c23c9a74915d562a6c6d","ssdeep":"","tlshash":"8c512374f15daaae4373be253c2e2305a0a66d12c84ee503d781d934a4f8e872572f3d","size":3103,"data":"","first_seen":"2023-03-13T20:20:17Z","last_seen":"2026-03-23T01:57:48.198251Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"901e03a2f96e81ac37e36d4b8ad266b7","sha1":"286058c395626f582d23b4ea125672342a5f86ed","sha256":"f09a3709d8e5c1d3909a39a32040e8ddb5e8ae69a3154d4ad2ea3b15372de549","sha512":"f3780b4e3653d5e5743a873edc0c1c5bf3c53e8be68659f09bee7f150ae191b465a5511d6be681be2b80c152de39cef487c1c44fb22fea2dd38850755de03de5","ssdeep":"","tlshash":"30f09eeedc41a25816e368b957ebd648d06f0064d40ac403a4d5c6cd6c39fc4062734c","size":502,"data":"","first_seen":"2023-11-23T08:13:45Z","last_seen":"2026-04-02T00:41:45.485877Z","times_seen":88,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"43fcf6ef9e40e47544c52319eb3b379c","sha1":"321ed8a950b357ce3b734f528aca5375f9176840","sha256":"f40156b70668bcbf3e1ca0835a625b3b0225773330adf56d79d018095e5985c7","sha512":"b1673f2224cab696a3b1909eb989c0d91f93a6a07c35a2c05d4fbbd8effa309a733aa8cd496569e4fc7dcfb994f9f7132b875f28f75145139644dce18307d78f","ssdeep":"","tlshash":"e1c02b531e11c81941014ac5d0a3fc2cc0d0f0398614dccdc0d074cc31845c908112d4","size":138,"data":"","first_seen":"2023-06-18T16:45:46Z","last_seen":"2026-04-02T00:41:45.519518Z","times_seen":135,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c053f5372f01d07b9e9e7c2c0deb61b8","sha1":"b2735104e0645d80a856dac3157222bd428ad449","sha256":"78db8f7901298745505ac4abb6c4ee895819f3f97c2227236adff7e3626543c5","sha512":"9f326aa063122d9e7d692ab5bcd3dfc6368cc9e827665f06302bbf0564a3854be37d6b19d3fa1218acf528faedac679cde4b240efc09f8acd539271fd1247463","ssdeep":"","tlshash":"f4f046771881680f6370c235f8dab495e8428547826c9892f088309f5ff0f68e4c329d","size":602,"data":"","first_seen":"2025-02-18T11:26:37.426626Z","last_seen":"2026-04-03T18:07:01.709307Z","times_seen":175,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1f299efeaa245ccef25bad572b784694","sha1":"656b85cfbe78b164751a5aaf2a7e99f52c8690f8","sha256":"59c7390fb9e4367d782f3f12115454738afbdaccb4f92c39fea2eb66f04b5cb8","sha512":"2d75cf87d0c3186aa74deceba93519674d9f33afb0bb922b39000fb9240b6a0ad7ed79864e803c2717702d417de3b7939792e26352ca8051536d286e6d41cb4e","ssdeep":"","tlshash":"52f09eee5c81e6581ae3689957fbe24cc06f0064140ac403a4e5c6cd7c39fd4062b34c","size":508,"data":"","first_seen":"2023-06-18T16:45:47Z","last_seen":"2026-04-02T00:41:45.523639Z","times_seen":130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b5deaf8a01b543fb70156173f0acd2d3","sha1":"d0d4f16cc52bb83e5b22f417a0f81c324a8ff484","sha256":"a97d6ebb4d22d95e678b88f37b714d190b37af2274be08b9bff0c64e04e452b9","sha512":"f80ebde0e9473f1b9cff0692327f756ff61eccadf4cee5f6de3c349ab1e1bd5de72c8ed0e4d9b680332c5c6a37874467d277d28e1bcda04fc82759a4bf094667","ssdeep":"","tlshash":"aef09e7e6c41e5686ad329d85babd64cc56e00281409c447a5eac4ce3c38fe40c2634c","size":508,"data":"","first_seen":"2025-10-19T02:06:58.547165Z","last_seen":"2026-03-29T22:22:42.444085Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"79403e1d40acab7a8f9a27be31fbea9b","sha1":"758a3a87dc9e98a61a92fdb3b37c8a0306491974","sha256":"3379d506b57052d290b7f0d509c3db8232cb49d7197524c7de9e8fa0641c3c65","sha512":"1139ecbae2ff576ccec7f78aab3e03e1b661d0e8fb76e342790384f83995da9f95441ab7645adb67213b4bbd1f4bee87b55583a1ac5ac8db29981210293112bf","ssdeep":"","tlshash":"28a022033e00c088bc2200e2b0b0f83ce0a23020a882ec0cccf0002a2c823ccce00802","size":77,"data":"","first_seen":"2023-11-23T08:13:45Z","last_seen":"2026-04-02T00:41:45.531316Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/0/E2/D4/AF403BE1D8D1D1B12DE61FF6B94_B1224552_968AC.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /__local/0/E2/D4/AF403BE1D8D1D1B12DE61FF6B94_B1224552_968AC.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 22:40:54 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nLast-Modified: Thu, 16 Oct 2025 07:20:57 GMT\r\nETag: \"968ac-64141754e2840\"\r\nAccept-Ranges: bytes\r\nContent-Length: 616620\r\nCache-Control: max-age=3600\r\nExpires: Sun, 22 Mar 2026 23:40:54 GMT\r\nKeep-Alive: timeout=5, max=199\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":98304,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 846 x 564, 8-bit/color RGBA, non-interlaced","md5":"3c9d77b3b4357c93d33368398c01b9aa","sha1":"be06084dccef4e8e48e2d56e3b6562ab4edb6a0e","sha256":"34c3001438a13de1116ee16b101987479ceacc83ef8c7ee3fe81b84e48dc17b1","sha512":"44ee080523296e601ff21039b2dac3ee4842537d6e20c69e5aa3f3a0afc62ef44f5efd18d09e3ce68788ee096b27fd066057543445fb5eacc8e84ac29c36cd4a","ssdeep":"1536:MmHbgx1L7PkbakUE/7CtE3izJHQo4mRBqzI5J4+mw876ovemL4vrqenZ9Mu9v6B0:MQgz3MukUE/79ydHBqzI5Oz7y3VXMu9T","tlshash":"16a312381ab43d1e24877883e2b96f36d29775b5c1cb33a1fae4e67bb0541b91721903","first_seen":"2025-10-19T03:54:12.571499Z","last_seen":"2026-03-22T22:37:31.636705Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1324,"timings":{"blocked":300,"dns":0,"connect":0,"send":0,"wait":257,"receive":767,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/foot-bg.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.712Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/foot-bg.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/_m/css/css.css\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/foot-bg.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":94,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/C/C6/E0/159D8B6C64B0A623E4C08383627_7F85C08B_A348B.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.381Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/C/C6/E0/159D8B6C64B0A623E4C08383627_7F85C08B_A348B.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/C/C6/E0/159D8B6C64B0A623E4C08383627_7F85C08B_A348B.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":40912,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1239,"timings":{"blocked":1042,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/images/zthd01.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.394Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/zthd01.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:11 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/images/zthd01.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1767,"timings":{"blocked":1583,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/advanced/ali/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fcl.xueyuxingfeng.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 02:39:06 GMT","end":"Mon, 15 Jun 2026 02:39:05 GMT"},"fingerprint":{"sha1":"9C:02:BC:FD:E6:FD:6F:73:A8:FF:02:17:D8:7B:9B:7F:1C:15:3C:76","sha256":"C8:B1:53:77:6B:D6:88:15:FD:58:31:16:AE:D3:12:44:08:D5:BD:EF:E6:F5:9E:D4:9A:66:25:E8:50:22:88:B1"}}},"request":{"raw":"GET /advanced/ali/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 13 Feb 2025 10:31:33 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67adca05-d24\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3364,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"ead0945734d2df1393f97b83395ce5a5","sha1":"02075f8db8ec645ac0333d11f29cf592e34fe824","sha256":"acc560eecd34add4d045a64d0261d40c73f6b19af0ed698921622e9d7fe616fe","sha512":"9747e0b01ffa510bf24d56e9c634c930f3c04b61d35e1c9d305087fcb3e00adeb5896cd70542dbeb58d0de07b7331a79d9e5799f15b98c4a0f7bfe37f44d7736","ssdeep":"","tlshash":"39612e94ef8d20338e133165ae6f958c24be68577944eca7f80c64d44fa0d38852beac","first_seen":"2025-02-18T11:26:37.42474Z","last_seen":"2026-04-04T16:12:34.550874Z","times_seen":330,"resource_available":true,"data":null}},"time_used":2068,"timings":{"blocked":887,"dns":1,"connect":294,"send":0,"wait":293,"receive":0,"ssl":590},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/style1.css","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/style1.css HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:13 GMT\r\nContent-Type: text/css\r\nLast-Modified: Mon, 24 Apr 2023 11:24:01 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"644666d1-2acf\"\r\nExpires: Sun, 22 Mar 2026 23:37:13 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10959,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (465), with CRLF line terminators","md5":"9dcee9f3e3a9adc3a8fd044d18aff03a","sha1":"222a22156013ec694b2088c0a92e22e95cadfeb0","sha256":"53143bf9cab52824338170fc6c349fddcec4f52dd1cb999c83f7865365445d8a","sha512":"782456493e261dc963ab94961e51482abd496641b98dc345b87bd8f6d220abddc3b747fd3bad55aefc2d89435f82eccb5bb08438ad29379d05b1094c0c2445e9","ssdeep":"192:YttDBv+hilwO09z0GgvfmLkyGtKwk6NxCiGgxE3M3EEVuo0Kkzxl8AjnHI0rGLd4:YttDBoilwO09z0GgvfmLkyGtKwk6NxCp","tlshash":"48327b2b9340288f745bc77868d77599f639c064fe3dd95ea31a33a6422298e1037fc5","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.057064Z","times_seen":1714,"resource_available":false,"data":null}},"time_used":2105,"timings":{"blocked":897,"dns":20,"connect":295,"send":0,"wait":295,"receive":0,"ssl":596},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.345Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 737\r\nLast-Modified: Sat, 18 Oct 2025 04:51:39 GMT\r\nConnection: keep-alive\r\nETag: \"68f31cdb-2e1\"\r\nExpires: Sun, 22 Mar 2026 23:37:09 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":737,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (737), with no line terminators","md5":"892db832a0793e0aa8f61210acacdd34","sha1":"d771e3cbe20df7f837f32c9dc27e7e44f393b1c2","sha256":"738f8fb44ea032650edfc9a47ae4eb8e5933c6f507a737ade274eb25e0504145","sha512":"9bc1bff0513d3f144636a2bd64e0e0db4689fb4a210372f099c80e17af37bcabc4a8561a2af31abc86909d7ec297fb52932c0bc77579042ebe806712f446fe9b","ssdeep":"","tlshash":"f0011de8c7c8d85b6edc6d43ea18deca21b2913b97d971878318fe8c05ad192d45c449","first_seen":"2025-01-01T02:43:40.345281Z","last_seen":"2026-03-29T22:22:42.390087Z","times_seen":70,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/7/CD/81/C4FB7315C8896F14A0DFBFF6E8E_80ADEAE8_27106.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.385Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/7/CD/81/C4FB7315C8896F14A0DFBFF6E8E_80ADEAE8_27106.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/7/CD/81/C4FB7315C8896F14A0DFBFF6E8E_80ADEAE8_27106.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1421,"timings":{"blocked":1223,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/4-n.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.388Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/4-n.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/4-n.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1419,"timings":{"blocked":1232,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/vsbscreen.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.537Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/js/vsbscreen.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":3103,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (3103), with no line terminators","md5":"bb321d224fc58c1b299d2dffa86b3b1e","sha1":"b17fbc82216eeb29a7b8e0731c810702feebccde","sha256":"9fa51b4a2a6b761aecd2e9dc5fa8bd0ecc247ec8d42b916d5d3e1095ef67c687","sha512":"89124daa801bdecc4b0552ce85f089173280bac1661564cb2b16217e4bdace3407cb4f22586243bdffcea57441242d8ae98e954277d0c23c9a74915d562a6c6d","ssdeep":"","tlshash":"8c512374f15daaae4373be253c2e2305a0a66d12c84ee503d781d934a4f8e872572f3d","first_seen":"2023-03-13T20:20:17Z","last_seen":"2026-03-23T01:57:48.198251Z","times_seen":38,"resource_available":true,"data":null}},"time_used":448,"timings":{"blocked":266,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/css/public.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.354Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/css/public.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2888,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3b7a19a5901d4ada0479eb7c977434ca","sha1":"abe3558de2ee54d2d2b5d0e069d1fc614c874f61","sha256":"624dee76b7e2111bfa6b67c6f984adb5639f0ebcb1e8c1375caa4ad5fd66192b","sha512":"7e1063c8e8bc6336bd73cef741c6e0eef2d42581b24047c68317966db3d409a0f54d70c930222cff2e11ebd17f02c259c642dc3c822933e0da8087b92d00e95a","ssdeep":"","tlshash":"67516920bf2904cdf02b4b14c7d60ea5057cf2b2d9122e6a734a755ba3cb59c435c351","first_seen":"2025-10-19T02:06:58.280627Z","last_seen":"2026-03-23T01:57:48.172832Z","times_seen":37,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/sanquan011.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.180Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/sanquan011.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.363Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/jquery.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":93918,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)","md5":"ce2aa1e5b96a3f52dee3c5e6ee4351fc","sha1":"23e9d79ff99694df72ae8e874b6ed16c6bed5762","sha256":"84576680a3d4eaad17aa6de22a7be6ee1a0716a63b2d4aa73d7baf813bd4b553","sha512":"7fd67a65763205df7f4e7533bb1be40b5980144454a89536470225fa3013b2ce801a85a2c63bb6ab2bc1592842de102de641a3854eff65f7a1ebcfd47866ff18","ssdeep":"1536:HXRKUpVgklsdZuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:te8FbGzA81+xRRi1Z3","tlshash":"7993e7d9b2d6716387b731bc50af510bb13698aa784c8c50f068d8e4be74a48907bf7d","first_seen":"2025-10-19T02:06:57.97612Z","last_seen":"2026-03-23T01:57:48.199147Z","times_seen":37,"resource_available":true,"data":null}},"time_used":597,"timings":{"blocked":118,"dns":9,"connect":148,"send":0,"wait":173,"receive":149,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/images/zthd01.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.185Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/zthd01.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/TouchSlide.1.1.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.362Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/TouchSlide.1.1.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":5804,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5369)","md5":"a7b3f449701b95e8137f3fa0e715e821","sha1":"2983ac0a4fc19886b14cb1f361cfdec9921f054f","sha256":"1f9845e51deecf33b043b10a45845e2c5a1a0f0172ccfabc0fd549d3672dbeaa","sha512":"c405ed6bd527a454b65b4a7907f9c97b637264377dfa93c39290d44c4514f31b84f975f9d176642afbf1fb2f5c6676a43834df159b3004352f913a5166d799bb","ssdeep":"96:wTiFUJOshwUqD28rIeYdEj2ubsKjA/pjlWObw86PiScB28ox8zvZ:wTQshwTSDeYC6uoHvvPfMxxavZ","tlshash":"31c1e96336183df75453b3d560ef51482079552afe0a48d89935ec816ebdc8e22d3fe8","first_seen":"2023-03-07T13:00:55Z","last_seen":"2026-03-29T05:51:35.985222Z","times_seen":108,"resource_available":true,"data":null}},"time_used":451,"timings":{"blocked":119,"dns":11,"connect":148,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/counter.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.377Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/js/counter.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1256,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (1256), with no line terminators","md5":"0ebfa2d857ab3dbef6017ecc86f9ef10","sha1":"575c2dc977f762b7821198d2946360b08bc97249","sha256":"acced8552b2f49a96c10c24fc95c3c0825f892fdb0aa69f9ee474e5fb11fd671","sha512":"856d2d4a86c7e7860c438fd7a467dddd84afd42a87b8cc6935a8e1f7530b842fe39548ec0eec7d610bcbe5a4c6d0712347c248e823f70990ade687ef6656eed1","ssdeep":"","tlshash":"932135e12cb70ce79e1db721a50712aebc65e571561dc0305904d13011b36caf0b7e39","first_seen":"2023-03-11T23:05:41Z","last_seen":"2026-04-04T00:47:48.101604Z","times_seen":201,"resource_available":true,"data":null}},"time_used":446,"timings":{"blocked":278,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/3/68/70/2D4087E3EF0905C7A162759A617_491F6688_32FA9.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.386Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/3/68/70/2D4087E3EF0905C7A162759A617_491F6688_32FA9.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/3/68/70/2D4087E3EF0905C7A162759A617_491F6688_32FA9.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1421,"timings":{"blocked":1235,"dns":0,"connect":0,"send":0,"wait":186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/8/C3/0C/66B9F663C9EE854EB3A841AAEAA_769B857F_E2499.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.384Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/8/C3/0C/66B9F663C9EE854EB3A841AAEAA_769B857F_E2499.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/8/C3/0C/66B9F663C9EE854EB3A841AAEAA_769B857F_E2499.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1413,"timings":{"blocked":1222,"dns":0,"connect":0,"send":0,"wait":191,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/ebdf38c7756071069.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.843Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/ebdf38c7756071069.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/logo.png","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:12.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/logo.png HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:13 GMT\r\nContent-Type: image/png\r\nContent-Length: 27927\r\nLast-Modified: Fri, 22 Oct 2021 07:29:32 GMT\r\nConnection: keep-alive\r\nETag: \"6172685c-6d17\"\r\nExpires: Tue, 21 Apr 2026 22:37:13 GMT\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 255 x 85, 8-bit/color RGBA, non-interlaced","md5":"1555066b01ba12346071989c467ccf25","sha1":"50c92c270ddc54e309f1499dde7e04fddcdee8c4","sha256":"a8102cc2e6a32d0e128a3757c711489f1d7426123617283cf8d3cb1fd838f101","sha512":"859208a96a6ea1d6030470c159a9dda03a06203d106e19bd71885909d8b329ea6bba0b9068629fbf8d5a1ef693d36239dbde79788f082177e745b9584af1f319","ssdeep":"768:OVmJDb1mQ/HASD6KkXkbJzKyV3Tp1I+JZ:fJD5r4S2KjzKylI+JZ","tlshash":"d5c2e189f1e16d8c20d1e40d5f916979b7d7e0c19554f6f2a0c8f8266e3a249ed08cd7","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.064391Z","times_seen":1726,"resource_available":false,"data":null}},"time_used":2994,"timings":{"blocked":1189,"dns":20,"connect":295,"send":0,"wait":585,"receive":11,"ssl":590},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/vsbscreen.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.374Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/js/vsbscreen.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3103,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (3103), with no line terminators","md5":"bb321d224fc58c1b299d2dffa86b3b1e","sha1":"b17fbc82216eeb29a7b8e0731c810702feebccde","sha256":"9fa51b4a2a6b761aecd2e9dc5fa8bd0ecc247ec8d42b916d5d3e1095ef67c687","sha512":"89124daa801bdecc4b0552ce85f089173280bac1661564cb2b16217e4bdace3407cb4f22586243bdffcea57441242d8ae98e954277d0c23c9a74915d562a6c6d","ssdeep":"","tlshash":"8c512374f15daaae4373be253c2e2305a0a66d12c84ee503d781d934a4f8e872572f3d","first_seen":"2023-03-13T20:20:17Z","last_seen":"2026-03-23T01:57:48.198251Z","times_seen":38,"resource_available":true,"data":null}},"time_used":452,"timings":{"blocked":280,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/7/C8/86/F4D8A422B331AD2006F8A03439A_744A66BC_56D7C.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.381Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/7/C8/86/F4D8A422B331AD2006F8A03439A_744A66BC_56D7C.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/7/C8/86/F4D8A422B331AD2006F8A03439A_744A66BC_56D7C.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":355708,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1225,"timings":{"blocked":1043,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/6e641de5f22e366115ee83bb0870a7e.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.395Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/6e641de5f22e366115ee83bb0870a7e.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:11 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/6e641de5f22e366115ee83bb0870a7e.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1773,"timings":{"blocked":1585,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/logo.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.378Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/logo.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/logo.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1602,"timings":{"blocked":1428,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/foot.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.558Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/foot.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":5159,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"5bb6e6097308e3d9912378b85c4f58f1","sha1":"0e53a9b97b3a26efa53acaed3bf772e5ca3f1b74","sha256":"3e993693aab78908b18bde6ce869b000bdca7a7b951c7167afea9a10e1df98e8","sha512":"e04de4965d35d03d80c53af80f47a14572a9847b5040cc389a0e2bdc1d6ce13910c50cd1b2322ff4c7697331f1e2dada440bce80fd7d9447c9dc97a415ed733e","ssdeep":"96:cqOhewDeDDg+qoko8LJtDOyDRJMCkghp4es31/p4D3bKt7V60ND+QK4D+nD+QKTe:cqOhew2RqlL9tNlJMDgces31eD3bex63","tlshash":"b3b19734f3041b7eb0fe13b5195db1cda320163aeb088055b6e8685a6b7dbee311bb45","first_seen":"2025-10-08T02:22:32.050023Z","last_seen":"2026-03-23T01:57:48.185143Z","times_seen":40,"resource_available":true,"data":null}},"time_used":579,"timings":{"blocked":399,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery-1.9.1.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.359Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/jquery-1.9.1.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92618,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32087)","md5":"90e4193ae3817216f39fc2c29b9a61d6","sha1":"074802fc40c4b6c46510cc33bc542727902ddb8e","sha256":"672907d5c8b56608165d350c8feb9b89b315ae145c8c127a7cb5a33a0ec320c6","sha512":"6d9b8ba2cbc92e92487632ad338542d1e0052290f2aa169d55c20dce425c8917accb201be9227b08efd48256f1a31cc19f3a3cc4de8dd56d3a2d9445e30ae36b","ssdeep":"1536:Znu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rban1RUR:ZdkWgoBhcZRQgmgY2qe","tlshash":"e8932bdd72d2b02257ab31bd006f540ff2361959280d8850f278d8f9bc79a49a277f6d","first_seen":"2025-10-19T02:06:58.008873Z","last_seen":"2026-03-23T01:57:48.183412Z","times_seen":37,"resource_available":true,"data":null}},"time_used":602,"timings":{"blocked":122,"dns":8,"connect":147,"send":0,"wait":174,"receive":150,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/index.m.vsb.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.371Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index.m.vsb.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":20,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"b6c7d40e0a743722ccd02ba4fefb3e5d","sha1":"6611047a7ac779c20b78cb431567319f80992dae","sha256":"41cf2320a2fc1fac67e23b93451179398ed9aee084b0e4e700b92b65ec913bc3","sha512":"ae011fcd60f98d0a862c94265375f5f7c6009a4f51f34c85f8311bc04825054ca5c413bf742e434a7195c781b2bff952a812e035a9a0c91557e5cdccf5d0a018","ssdeep":"","tlshash":"89700000ac8a0002082380083000a00200203280a00003283020b200a8c20c82882202","first_seen":"2025-10-19T02:06:57.998753Z","last_seen":"2026-03-23T01:57:48.18007Z","times_seen":37,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":257,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"api.share.baidu.com/s.gif?l=http://1248g.3894.9hid.com/","fqdn":"api.share.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.264Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /s.gif?l=http://1248g.3894.9hid.com/ HTTP/1.1\r\nHost: api.share.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1211,"timings":{"blocked":605,"dns":339,"connect":267,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T22:37:09.005Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":20596,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (554)","md5":"02bd299d6fdb660bb5dae9c83d3c07b1","sha1":"ed7d0e82313e2497008b59f4b05e06804501b7bd","sha256":"7bef0db7a6fb80cdaf5b4b5d42fca2f4baaf7e95a31415b09418c8de6983f01b","sha512":"8b70349e9d8e612395ab3628fc79ec45252525a48f5daf838b71fcfbf5ca14f52906c54aa66aa03f1f11393a82fe27cbbdcef8921886f530cc74c8f14f82eb30","ssdeep":"384:rQW1DZV5sFt1Dfi72snKSC1dSrLGmBiOk9BX4Md0ScCxw10S44jMS5C8ma+l:rQuD6zi72snxkdSrL62Wl","tlshash":"f792172399c2651f032202e80a31e61da5b6c5fdd7339d847bfe26679bccfe68e14409","first_seen":"2025-10-19T02:06:58.092772Z","last_seen":"2026-03-23T01:57:48.166743Z","times_seen":37,"resource_available":true,"data":null}},"time_used":417,"timings":{"blocked":104,"dns":1,"connect":148,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/B/52/EF/D1D0CF6FE36F185899F4A55ACE3_A461C688_C4BE.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /__local/B/52/EF/D1D0CF6FE36F185899F4A55ACE3_A461C688_C4BE.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 22:40:54 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nLast-Modified: Thu, 11 Nov 2021 08:59:24 GMT\r\nETag: \"c4be-5d07f8f1cb300\"\r\nAccept-Ranges: bytes\r\nContent-Length: 50366\r\nCache-Control: max-age=3600\r\nExpires: Sun, 22 Mar 2026 23:40:54 GMT\r\nKeep-Alive: timeout=5, max=199\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50366,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 864x564, components 3","md5":"b52efd1d0cf6fe36f185899f4a55ace3","sha1":"5edf285932f5143a49846aea653fe33ce9a13b97","sha256":"52618afc05aac733725eb64858301aade888ac216f830583ff444664412bc09b","sha512":"ff640f56cd1aaeb6e50a5c1b63181613fe0dc22bebd7589bcf8682f80cee192999969c82721506b18cb7035d2cd25920581174eddb474b018838a1b0e8dd0b97","ssdeep":"1536:28cuRFUwjn45JKwso6d6tdzw2qdvSns+0W7wYp6E3We:sxLG6t9w2qdY0W7Fpb3We","tlshash":"7033e0634c8e4e8ba028b7f8fd2d0d8825195f1cd5a4bcec216b4edebfe151e649150b","first_seen":"2025-10-19T03:53:31.202462Z","last_seen":"2026-03-22T22:37:31.658311Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1074,"timings":{"blocked":302,"dns":0,"connect":0,"send":0,"wait":258,"receive":514,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qiufacai.top:15668/fcl.php?keyword=%E5%A4%A7%E7%BA%A2%E9%B9%B0795388ocm(%E4%B8%AD%E5%9B%BD)App%20Store\u0026from=pc\u0026originUrl=http%3A%2F%2F1248g.3894.9hid.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=3247","fqdn":"qiufacai.top","domain":"qiufacai.top","tld":"top"},"ip":{"addr":"143.92.57.31","port":15668,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"qiufacai.top","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 10 Feb 2026 00:57:45 GMT","end":"Mon, 11 May 2026 00:57:44 GMT"},"fingerprint":{"sha1":"02:F2:AE:0F:D8:87:61:E3:23:57:A1:A0:F5:34:B5:14:1F:9B:A7:2B","sha256":"E3:BB:EA:23:75:57:BD:5A:08:6F:50:35:3D:F4:36:BC:86:D8:F0:54:48:74:FB:C1:6F:1F:92:85:D3:FA:94:F9"}}},"request":{"raw":"GET /fcl.php?keyword=%E5%A4%A7%E7%BA%A2%E9%B9%B0795388ocm(%E4%B8%AD%E5%9B%BD)App%20Store\u0026from=pc\u0026originUrl=http%3A%2F%2F1248g.3894.9hid.com%2F\u0026referer=\u0026userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026v=3247 HTTP/1.1\r\nHost: qiufacai.top:15668\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: http://1248g.3894.9hid.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:11 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nAccess-Control-Allow-Origin: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":2804,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"7a805909a2ebce91f857e6055e399b0c","sha1":"e3ef9389df2fa88494344d3b022dd2b1f751c6e2","sha256":"190054453155c96ffc734bb35a6f21f5cc468cb464ccf2236752a29bd38d1841","sha512":"e3070bb1b63d27649fa35bb6c299f77cdaadbf578ab0651a2a20a1867eaed037cbfdb06404d2eb15d36b51e1ab5c6dc7f8c3ec7cd0ae0bb8f775096a410acc12","ssdeep":"","tlshash":"9951bff796c958660ab3c2e6b9b07774fce2800fce559982f4ac125b0b60e51b44368d","first_seen":"2026-03-19T02:50:08.726151Z","last_seen":"2026-03-23T01:57:48.174724Z","times_seen":13,"resource_available":false,"data":null}},"time_used":2087,"timings":{"blocked":886,"dns":1,"connect":292,"send":0,"wait":315,"receive":0,"ssl":590},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/js/100zn11.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.013Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/100zn11.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"test.xinxiyidiantong.com:2096/images/favicon.ico","fqdn":"test.xinxiyidiantong.com","domain":"xinxiyidiantong.com","tld":"com"},"ip":{"addr":"27.124.44.50","port":2096,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:12.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"test.xinxiyidiantong.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 02:32:06 GMT","end":"Tue, 16 Jun 2026 02:32:05 GMT"},"fingerprint":{"sha1":"F2:3E:4A:2C:AE:0F:1A:DC:04:1B:0A:91:04:E5:C8:80:09:CC:AD:F9","sha256":"C8:04:B0:6D:F6:48:F8:59:49:78:07:B9:83:C7:73:52:35:C4:D4:82:9E:3E:61:44:90:D3:1F:8A:03:C5:BD:87"}}},"request":{"raw":"GET /images/favicon.ico HTTP/1.1\r\nHost: test.xinxiyidiantong.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:13 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 3066\r\nLast-Modified: Fri, 22 Oct 2021 08:11:14 GMT\r\nConnection: keep-alive\r\nETag: \"61727222-bfa\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"00b726752e8713453d31b694d4f74b89","sha1":"122742a4ce71b668801ddcc8db72f07730db290c","sha256":"45d8a46c7758c43f32db8794520cbf03604db83734c969ca80d3b356f8360b37","sha512":"75660a291825839b5fd42b269bd501a9c81a5426adaab17d7b368687194da769a1373b3b5c20476085909c6f0fa5391e9b3c30714bc4be5b6e405ac018814367","ssdeep":"","tlshash":"e9515d9712b1080bc4797cb20f41bc5e95251237402dfaa57cf332d5ba80e9d629bed1","first_seen":"2023-05-06T09:29:06Z","last_seen":"2026-04-04T22:45:47.066966Z","times_seen":1723,"resource_available":false,"data":null}},"time_used":836,"timings":{"blocked":536,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"test.xinxiyidiantong.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/dynclicks.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.541Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/js/dynclicks.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2159,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (2159), with no line terminators","md5":"ea0f5ba0d5be078b6f8f2d8362d5c06b","sha1":"56ad25656fee92af5dec43fde31d70b97a136c9d","sha256":"cb99083b3e09ea268f02b6423c9022cf930100269a24166de84c2b9e87afa25d","sha512":"64514868256f7f230523d466dd66c0880c42b3443152aa6cf470b5169add7134e587358e55c0a314da12f034b16fea6c9adcb50baeca1c34db4538337a5d2502","ssdeep":"","tlshash":"9d41f0f133a8a8a442152df8099d9b40f4b5640b2f28625c853efd55983cdca91f9edb","first_seen":"2023-10-16T23:09:21Z","last_seen":"2026-03-23T01:57:48.196483Z","times_seen":43,"resource_available":true,"data":null}},"time_used":591,"timings":{"blocked":403,"dns":0,"connect":0,"send":0,"wait":188,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.368Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_sitegray/_sitegray.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":91,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"7b8ea1159c99283310ed514ef543026b","sha1":"b90dc9ae9dcf59372f251efa5f680b1b6cb579d2","sha256":"4203753162ab83a587168249d73517143c96526dd9ff0ea4b9f19e2cffff43dc","sha512":"259725cf281a93a4fa6965a99f4f9fb74c8edaa7d3dfc2c522f2d5f86a71942fde3c8d10341a94443ac64764695a2b283cc8d43a4df887e9b955ba7c60adb4d4","ssdeep":"","tlshash":"9cb01288002e155280208566b03116d9a11500f562cb9c2eb0cf098ce718d014058f35","first_seen":"2023-03-07T12:04:23Z","last_seen":"2026-04-02T01:51:38.557509Z","times_seen":503,"resource_available":true,"data":null}},"time_used":286,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":168,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/8/83/F7/4CDFB134C5074B5AE5A1B468E5D_746E2D7E_8AF96.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.382Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/8/83/F7/4CDFB134C5074B5AE5A1B468E5D_746E2D7E_8AF96.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/8/83/F7/4CDFB134C5074B5AE5A1B468E5D_746E2D7E_8AF96.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32768,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1239,"timings":{"blocked":1041,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/C/C6/E0/159D8B6C64B0A623E4C08383627_7F85C08B_A348B.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /__local/C/C6/E0/159D8B6C64B0A623E4C08383627_7F85C08B_A348B.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 22:40:54 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nLast-Modified: Fri, 17 Oct 2025 03:13:29 GMT\r\nETag: \"a348b-641521e230840\"\r\nAccept-Ranges: bytes\r\nContent-Length: 668811\r\nCache-Control: max-age=3600\r\nExpires: Sun, 22 Mar 2026 23:40:54 GMT\r\nKeep-Alive: timeout=5, max=200\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40912,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 900 x 600, 8-bit/color RGBA, non-interlaced","md5":"38e26a12850009c07ac89b1cbbbc7195","sha1":"1db40f054967b9246d07ef59c854ae1dd84c0cb6","sha256":"bb2e7d2ce44646717c8eb88cd6634c21f9c7b1816d22f7f371a9fce0ae98c8eb","sha512":"dd6ecd370121f1ec8e6084d95caca2d16d806f3b3ab1b0de505412f674bcf97da7be62adc890ab9b7b28bb8138fcc0eb031419b3bcb1f0dd564776c0aace0254","ssdeep":"768:TQDlECddBFJlAnGy2qBiXOw8gi3+y3A3y6f3j3G+XhXkvv:8DV/FJkCyiXOxgGwC6fbG+xkvv","tlshash":"ab03f1d2d82648b6d85e77310bed44bf32768666d3ac1707a038c04d5ddfe7ba1ae111","first_seen":"2026-03-22T22:37:31.661062Z","last_seen":"2026-03-22T22:37:31.661062Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2119,"timings":{"blocked":787,"dns":1,"connect":258,"send":0,"wait":259,"receive":283,"ssl":528},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/code/datainput.jsp?owner=1207890257\u0026e=1\u0026w=1280\u0026h=1024\u0026treeid=1019\u0026refer=\u0026pagename=L2luZGV4LmpzcA%3D%3D\u0026newsid=-1","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.687Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/code/datainput.jsp?owner=1207890257\u0026e=1\u0026w=1280\u0026h=1024\u0026treeid=1019\u0026refer=\u0026pagename=L2luZGV4LmpzcA%3D%3D\u0026newsid=-1 HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":303,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/images/aad0c3c9dee16e5f.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.846Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/aad0c3c9dee16e5f.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fcl.xueyuxingfeng.com:6987/advanced/ali/sj.js","fqdn":"fcl.xueyuxingfeng.com","domain":"xueyuxingfeng.com","tld":"com"},"ip":{"addr":"27.124.44.6","port":6987,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fcl.xueyuxingfeng.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 02:39:06 GMT","end":"Mon, 15 Jun 2026 02:39:05 GMT"},"fingerprint":{"sha1":"9C:02:BC:FD:E6:FD:6F:73:A8:FF:02:17:D8:7B:9B:7F:1C:15:3C:76","sha256":"C8:B1:53:77:6B:D6:88:15:FD:58:31:16:AE:D3:12:44:08:D5:BD:EF:E6:F5:9E:D4:9A:66:25:E8:50:22:88:B1"}}},"request":{"raw":"GET /advanced/ali/sj.js HTTP/1.1\r\nHost: fcl.xueyuxingfeng.com:6987\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Thu, 13 Feb 2025 10:31:33 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"67adca05-d24\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3364,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"ead0945734d2df1393f97b83395ce5a5","sha1":"02075f8db8ec645ac0333d11f29cf592e34fe824","sha256":"acc560eecd34add4d045a64d0261d40c73f6b19af0ed698921622e9d7fe616fe","sha512":"9747e0b01ffa510bf24d56e9c634c930f3c04b61d35e1c9d305087fcb3e00adeb5896cd70542dbeb58d0de07b7331a79d9e5799f15b98c4a0f7bfe37f44d7736","ssdeep":"","tlshash":"39612e94ef8d20338e133165ae6f958c24be68577944eca7f80c64d44fa0d38852beac","first_seen":"2025-02-18T11:26:37.42474Z","last_seen":"2026-04-04T16:12:34.550874Z","times_seen":330,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"fcl.xueyuxingfeng.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jldx1.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.393Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/jldx1.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/js/jldx1.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1597,"timings":{"blocked":1415,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/7/C8/86/F4D8A422B331AD2006F8A03439A_744A66BC_56D7C.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /__local/7/C8/86/F4D8A422B331AD2006F8A03439A_744A66BC_56D7C.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 22:40:54 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nLast-Modified: Fri, 17 Oct 2025 07:10:49 GMT\r\nETag: \"56d7c-641556ee83040\"\r\nAccept-Ranges: bytes\r\nContent-Length: 355708\r\nCache-Control: max-age=3600\r\nExpires: Sun, 22 Mar 2026 23:40:54 GMT\r\nKeep-Alive: timeout=5, max=200\r\nConnection: Keep-Alive\r\nContent-Type: image/jpeg\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":355708,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=21, height=5504, bps=0, orientation=upper-left, width=8256], baseline, precision 8, 846x564, components 3","md5":"7c886f4d8a422b331ad2006f8a03439a","sha1":"d476079cbb62c640c407255d5e3cd03a1e9bb435","sha256":"fac2ca3fa5c51f3d481318411f82107b9a200a48111f796b499c9118a64f0755","sha512":"e4f0e16743633004d00c288c068f6f29e79fb39ab1105f78047e7d6c45e521f2a0aa2d3478e0f12c9af12a2fff56e7377ad31493cdab6c9e54538982ec565a27","ssdeep":"6144:F6Q19OGKcbxhAuvGZN5ajTN/MSrqhkreWK/JFPOXa82WR5a3:F6MQd8WuOLUBUo+kret5mmWza3","tlshash":"747423931308833ce4821d7ff86e4e3d6e06aafc389155c52a26a53cc4d9ab66dc745f","first_seen":"2025-10-19T02:24:30.499138Z","last_seen":"2026-03-22T22:37:31.661925Z","times_seen":12,"resource_available":false,"data":null}},"time_used":1283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":1028,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"push.zhanzhang.baidu.com/push.js","fqdn":"push.zhanzhang.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"180.101.212.103","port":80,"asn":134770,"as":"CHINANET Jiangsu province Suzhou taihu IDC network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.706Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /push.js HTTP/1.1\r\nHost: push.zhanzhang.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Encoding: gzip\r\nContent-Length: 232\r\nContent-Type: text/javascript\r\nServer: bfe\r\nDate: Sun, 22 Mar 2026 22:37:11 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":281,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"1bb5a3267c9865ad4abe8d937734b62b","sha1":"b5478dd2edb3e64242eced1db2dbd945ef81f592","sha256":"674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2","sha512":"33318ed944a49a8fa334983408d68853b1fbe4f80b19adef6235f23d7708b616cd4f8dd28c8b8ebfbb5776aab8088229f3060cd789af34fe1db5038a98bd0d39","ssdeep":"","tlshash":"91d02be874a0c41c0ce710b17fab328cfab20b2755244d40c05b90013614b1f824bfe9","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T07:15:15.461149Z","times_seen":20923,"resource_available":true,"data":null}},"time_used":823,"timings":{"blocked":274,"dns":1,"connect":272,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.534Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_sitegray/_sitegray.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":91,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"7b8ea1159c99283310ed514ef543026b","sha1":"b90dc9ae9dcf59372f251efa5f680b1b6cb579d2","sha256":"4203753162ab83a587168249d73517143c96526dd9ff0ea4b9f19e2cffff43dc","sha512":"259725cf281a93a4fa6965a99f4f9fb74c8edaa7d3dfc2c522f2d5f86a71942fde3c8d10341a94443ac64764695a2b283cc8d43a4df887e9b955ba7c60adb4d4","ssdeep":"","tlshash":"9cb01288002e155280208566b03116d9a11500f562cb9c2eb0cf098ce718d014058f35","first_seen":"2023-03-07T12:04:23Z","last_seen":"2026-04-02T01:51:38.557509Z","times_seen":503,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/images/loading.gif","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.694Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/images/loading.gif HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/_m/css/css.css\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/images/loading.gif\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/7/CD/81/C4FB7315C8896F14A0DFBFF6E8E_80ADEAE8_27106.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.840Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/7/CD/81/C4FB7315C8896F14A0DFBFF6E8E_80ADEAE8_27106.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/4-n.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.844Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/4-n.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/images/loading.gif","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /_m/images/loading.gif HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sun, 22 Mar 2026 22:40:55 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 698\r\nKeep-Alive: timeout=5, max=198\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1264,"timings":{"blocked":706,"dns":0,"connect":0,"send":0,"wait":258,"receive":300,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/logo.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.009Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/logo.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T22:37:05.069Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: text/html;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.9.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":20596,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (554)","md5":"02bd299d6fdb660bb5dae9c83d3c07b1","sha1":"ed7d0e82313e2497008b59f4b05e06804501b7bd","sha256":"7bef0db7a6fb80cdaf5b4b5d42fca2f4baaf7e95a31415b09418c8de6983f01b","sha512":"8b70349e9d8e612395ab3628fc79ec45252525a48f5daf838b71fcfbf5ca14f52906c54aa66aa03f1f11393a82fe27cbbdcef8921886f530cc74c8f14f82eb30","ssdeep":"384:rQW1DZV5sFt1Dfi72snKSC1dSrLGmBiOk9BX4Md0ScCxw10S44jMS5C8ma+l:rQuD6zi72snxkdSrL62Wl","tlshash":"f792172399c2651f032202e80a31e61da5b6c5fdd7339d847bfe26679bccfe68e14409","first_seen":"2025-10-19T02:06:58.092772Z","last_seen":"2026-03-23T01:57:48.166743Z","times_seen":37,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":148,"dns":1,"connect":148,"send":0,"wait":172,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/select_xl01.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.397Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/select_xl01.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:11 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/select_xl01.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1786,"timings":{"blocked":1592,"dns":0,"connect":0,"send":0,"wait":194,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/0/E2/D4/AF403BE1D8D1D1B12DE61FF6B94_B1224552_968AC.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.383Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/0/E2/D4/AF403BE1D8D1D1B12DE61FF6B94_B1224552_968AC.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/0/E2/D4/AF403BE1D8D1D1B12DE61FF6B94_B1224552_968AC.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":98304,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1238,"timings":{"blocked":1040,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/foot.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.398Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/foot.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":5159,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"5bb6e6097308e3d9912378b85c4f58f1","sha1":"0e53a9b97b3a26efa53acaed3bf772e5ca3f1b74","sha256":"3e993693aab78908b18bde6ce869b000bdca7a7b951c7167afea9a10e1df98e8","sha512":"e04de4965d35d03d80c53af80f47a14572a9847b5040cc389a0e2bdc1d6ce13910c50cd1b2322ff4c7697331f1e2dada440bce80fd7d9447c9dc97a415ed733e","ssdeep":"96:cqOhewDeDDg+qoko8LJtDOyDRJMCkghp4es31/p4D3bKt7V60ND+QK4D+nD+QKTe:cqOhew2RqlL9tNlJMDgces31eD3bex63","tlshash":"b3b19734f3041b7eb0fe13b5195db1cda320163aeb088055b6e8685a6b7dbee311bb45","first_seen":"2025-10-08T02:22:32.050023Z","last_seen":"2026-03-23T01:57:48.185143Z","times_seen":40,"resource_available":true,"data":null}},"time_used":568,"timings":{"blocked":405,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/5/A1/38/D83ECD9968FFCA48D5A86B4F041_5DC15FF6_986BD.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /__local/5/A1/38/D83ECD9968FFCA48D5A86B4F041_5DC15FF6_986BD.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 22:40:54 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nLast-Modified: Tue, 16 Nov 2021 08:35:42 GMT\r\nETag: \"986bd-5d0e3cf8f9380\"\r\nAccept-Ranges: bytes\r\nContent-Length: 624317\r\nCache-Control: max-age=3600\r\nExpires: Sun, 22 Mar 2026 23:40:54 GMT\r\nKeep-Alive: timeout=5, max=200\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":442368,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 846 x 564, 8-bit/color RGB, non-interlaced","md5":"3cff929ecfa7b3980966d981b1c6f2b8","sha1":"183dc0de9aa1fbef90aac7da755355f866bc264c","sha256":"76e1e1fc8829f5dcedbbac74f64788b60a725f4d538a33c4aadc05b15acb37c4","sha512":"55eea61ea61aadd9659baaa7061e6422fd6736958a6b3ff089aacf371386dee2763948687ef91a47700046a5cf0baf317c64002d4bedb53a9f30631429fb264f","ssdeep":"12288:MYNKMAsFs2itQCtIdvdshT8uZOaCMbDUS0MYiH:MzMAsO8IIpdEgusTwYS","tlshash":"1d942397c19c24ec7b423c94478fe69dadad861be572f8f900a0d7913f44a47a436be0","first_seen":"2026-03-22T22:37:31.663566Z","last_seen":"2026-03-22T22:37:31.663566Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1346,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":1090,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/js/jldx1.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.014Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/jldx1.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.la.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.999Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.la.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:12 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Sat, 18 Oct 2025 04:51:39 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"68f31cdb-4c4\"\r\nExpires: Sun, 22 Mar 2026 23:37:12 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1220,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with very long lines (554), with CRLF line terminators","md5":"3111175d89853720d71826c62c596621","sha1":"1d7f57a9117e5aed7679113b6a9a0c8795189339","sha256":"4b287f9e7d0c9edef0379e86fd7715401b274962c901197abe737b929c10ef09","sha512":"df2c880e15e15578c1ac49397ddfd6db4b617c3cf8055ab7e443ab47734a12ed35f3ac186187a807224fc165442fb1742656647c572a37b110be1f62b91bb4a5","ssdeep":"","tlshash":"cb21149f7c06e2546b622d6633bbedacd9be00315409c80665fac16d2c26ff80617b4c","first_seen":"2025-10-19T02:06:58.240171Z","last_seen":"2026-03-29T22:22:42.40084Z","times_seen":50,"resource_available":true,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/ico-nav.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.988Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/ico-nav.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1248g.3894.9hid.com/","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-22T22:37:04.755Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":160,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/images/aad0c3c9dee16e5f.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.389Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/aad0c3c9dee16e5f.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/images/aad0c3c9dee16e5f.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1419,"timings":{"blocked":1232,"dns":0,"connect":0,"send":0,"wait":187,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/foot-bg.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /_m/imges/foot-bg.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sun, 22 Mar 2026 22:40:55 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 698\r\nKeep-Alive: timeout=5, max=199\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1436,"timings":{"blocked":885,"dns":0,"connect":0,"send":0,"wait":256,"receive":295,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/6e641de5f22e366115ee83bb0870a7e.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.190Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/6e641de5f22e366115ee83bb0870a7e.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/3/68/70/2D4087E3EF0905C7A162759A617_491F6688_32FA9.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.845Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/3/68/70/2D4087E3EF0905C7A162759A617_491F6688_32FA9.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/css/css.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.514Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/css/css.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":9108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"72a84d638bb2d3e8275a5f6ea716f3b8","sha1":"60cba093b8c1ac24425194bc99a8e45fad78435b","sha256":"88c33545d091f4f6c0ac15d0d1ae077d340a850c3bbe2584004f788e212bdc26","sha512":"e51fba558efe2a6117a750f1907acf80427f07b18a143b0c45f99bf51c7170b21dfba9bc6554c2f20986d39dc2aec9c15b28eccd60b43f30bd42f5bf5992e36d","ssdeep":"192:xAgSI8O3+LRqXEpvmf24DYZYeiX3XV1Fyft9l91R3kiWKgVE:cFOHDDYZYeiX3XV1YfLl91R3UKgVE","tlshash":"44126431d7927109b03787277d01ebde3325c49fe29b5abcbe593528d48e4d926363a0","first_seen":"2025-10-19T02:06:58.034763Z","last_seen":"2026-03-23T01:57:48.190656Z","times_seen":37,"resource_available":false,"data":null}},"time_used":635,"timings":{"blocked":471,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/css/public.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.516Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/css/public.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":2888,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3b7a19a5901d4ada0479eb7c977434ca","sha1":"abe3558de2ee54d2d2b5d0e069d1fc614c874f61","sha256":"624dee76b7e2111bfa6b67c6f984adb5639f0ebcb1e8c1375caa4ad5fd66192b","sha512":"7e1063c8e8bc6336bd73cef741c6e0eef2d42581b24047c68317966db3d409a0f54d70c930222cff2e11ebd17f02c259c642dc3c822933e0da8087b92d00e95a","ssdeep":"","tlshash":"67516920bf2904cdf02b4b14c7d60ea5057cf2b2d9122e6a734a755ba3cb59c435c351","first_seen":"2025-10-19T02:06:58.280627Z","last_seen":"2026-03-23T01:57:48.172832Z","times_seen":37,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":104,"dns":1,"connect":145,"send":0,"wait":182,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/dynclicks.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.380Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/js/dynclicks.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2159,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (2159), with no line terminators","md5":"ea0f5ba0d5be078b6f8f2d8362d5c06b","sha1":"56ad25656fee92af5dec43fde31d70b97a136c9d","sha256":"cb99083b3e09ea268f02b6423c9022cf930100269a24166de84c2b9e87afa25d","sha512":"64514868256f7f230523d466dd66c0880c42b3443152aa6cf470b5169add7134e587358e55c0a314da12f034b16fea6c9adcb50baeca1c34db4538337a5d2502","ssdeep":"","tlshash":"9d41f0f133a8a8a442152df8099d9b40f4b5640b2f28625c853efd55983cdca91f9edb","first_seen":"2023-10-16T23:09:21Z","last_seen":"2026-03-23T01:57:48.196483Z","times_seen":43,"resource_available":true,"data":null}},"time_used":578,"timings":{"blocked":415,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.520Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/jquery.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93918,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)","md5":"ce2aa1e5b96a3f52dee3c5e6ee4351fc","sha1":"23e9d79ff99694df72ae8e874b6ed16c6bed5762","sha256":"84576680a3d4eaad17aa6de22a7be6ee1a0716a63b2d4aa73d7baf813bd4b553","sha512":"7fd67a65763205df7f4e7533bb1be40b5980144454a89536470225fa3013b2ce801a85a2c63bb6ab2bc1592842de102de641a3854eff65f7a1ebcfd47866ff18","ssdeep":"1536:HXRKUpVgklsdZuLP/l+0fGzA8gmtasgx/c9Rzzi4yff8qeLvHHEjam7rSnmBn9gn:te8FbGzA81+xRRi1Z3","tlshash":"7993e7d9b2d6716387b731bc50af510bb13698aa784c8c50f068d8e4be74a48907bf7d","first_seen":"2025-10-19T02:06:57.97612Z","last_seen":"2026-03-23T01:57:48.199147Z","times_seen":37,"resource_available":true,"data":null}},"time_used":586,"timings":{"blocked":102,"dns":1,"connect":148,"send":0,"wait":186,"receive":149,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/css/common.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.352Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/css/common.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10390,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (360)","md5":"6b9a75ca2443149f378c934e1671bd29","sha1":"08c6ec2e51bdba2c516a5635b76f756c08428e2e","sha256":"927efeb928dbf4a2fc658f820e2ac2cd7885f0f056b4e378de87a1a211695109","sha512":"5527e5e5b3a6f25f7e97545c46122eaacd54343d5b47cdfdfc52e5f44e4483b150a0df47732d121568c107e84264b2cb983f1e27273333ea4dd08342d63ce00f","ssdeep":"192:wXDRl1z932jEyjhyQmQvCXRbQFl1P5P6NoZF0RWaohIsCYXleEnqICIkZwd:Wf1JERmQKXRbQFl1xP6SIRtohIxmleEV","tlshash":"79224122a691704db0378932b8c19ae4b535800391520efde76d2e75d18f3bb6a73fd9","first_seen":"2025-10-19T02:06:58.10037Z","last_seen":"2026-03-23T01:57:48.168665Z","times_seen":37,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/5/A1/38/D83ECD9968FFCA48D5A86B4F041_5DC15FF6_986BD.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.387Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/5/A1/38/D83ECD9968FFCA48D5A86B4F041_5DC15FF6_986BD.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/5/A1/38/D83ECD9968FFCA48D5A86B4F041_5DC15FF6_986BD.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":442368,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1221,"timings":{"blocked":1037,"dns":0,"connect":0,"send":0,"wait":184,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/100zn11.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.391Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/100zn11.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/js/100zn11.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1597,"timings":{"blocked":1416,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/sanquan011.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.396Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/sanquan011.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:11 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/sanquan011.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1765,"timings":{"blocked":1585,"dns":0,"connect":0,"send":0,"wait":180,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/_m/imges/select_xl01.jpg","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:11.202Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/select_xl01.jpg HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/8/C3/0C/66B9F663C9EE854EB3A841AAEAA_769B857F_E2499.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.803Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/8/C3/0C/66B9F663C9EE854EB3A841AAEAA_769B857F_E2499.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/ebdf38c7756071069.png","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.390Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/ebdf38c7756071069.png HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/ebdf38c7756071069.png\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1416,"timings":{"blocked":1231,"dns":0,"connect":0,"send":0,"wait":185,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:13.648Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 356\r\nOrigin: http://1248g.3894.9hid.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://1248g.3894.9hid.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 22:37:13 GMT\r\nEO-LOG-UUID: 16750613442321514487\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":295,"timings":{"blocked":20,"dns":1,"connect":19,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.159.107.113","port":80,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:13.664Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 355\r\nOrigin: http://1248g.3894.9hid.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 210 Unknown Status\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: http://1248g.3894.9hid.com\r\nAccess-Control-Allow-Credentials: true\r\nServer: TencentEdgeOne\r\nContent-Length: 0\r\nConnection: keep-alive\r\nDate: Sun, 22 Mar 2026 22:37:13 GMT\r\nEO-LOG-UUID: 1347908253401443307\r\nEO-Cache-Status: MISS\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"Unknown Status","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":316,"timings":{"blocked":24,"dns":1,"connect":23,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/jquery-1.9.1.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.518Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/jquery-1.9.1.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":92618,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32087)","md5":"90e4193ae3817216f39fc2c29b9a61d6","sha1":"074802fc40c4b6c46510cc33bc542727902ddb8e","sha256":"672907d5c8b56608165d350c8feb9b89b315ae145c8c127a7cb5a33a0ec320c6","sha512":"6d9b8ba2cbc92e92487632ad338542d1e0052290f2aa169d55c20dce425c8917accb201be9227b08efd48256f1a31cc19f3a3cc4de8dd56d3a2d9445e30ae36b","ssdeep":"1536:Znu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rban1RUR:ZdkWgoBhcZRQgmgY2qe","tlshash":"e8932bdd72d2b02257ab31bd006f540ff2361959280d8850f278d8f9bc79a49a277f6d","first_seen":"2025-10-19T02:06:58.008873Z","last_seen":"2026-03-23T01:57:48.183412Z","times_seen":37,"resource_available":true,"data":null}},"time_used":575,"timings":{"blocked":103,"dns":1,"connect":147,"send":0,"wait":174,"receive":149,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/TouchSlide.1.1.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.519Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/TouchSlide.1.1.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5804,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5369)","md5":"a7b3f449701b95e8137f3fa0e715e821","sha1":"2983ac0a4fc19886b14cb1f361cfdec9921f054f","sha256":"1f9845e51deecf33b043b10a45845e2c5a1a0f0172ccfabc0fd549d3672dbeaa","sha512":"c405ed6bd527a454b65b4a7907f9c97b637264377dfa93c39290d44c4514f31b84f975f9d176642afbf1fb2f5c6676a43834df159b3004352f913a5166d799bb","ssdeep":"96:wTiFUJOshwUqD28rIeYdEj2ubsKjA/pjlWObw86PiScB28ox8zvZ:wTQshwTSDeYC6uoHvvPfMxxavZ","tlshash":"31c1e96336183df75453b3d560ef51482079552afe0a48d89935ec816ebdc8e22d3fe8","first_seen":"2023-03-07T13:00:55Z","last_seen":"2026-03-29T05:51:35.985222Z","times_seen":108,"resource_available":true,"data":null}},"time_used":418,"timings":{"blocked":102,"dns":1,"connect":145,"send":0,"wait":170,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray_d.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.521Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_sitegray/_sitegray_d.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1238,"timings":{"blocked":118,"dns":1,"connect":165,"send":0,"wait":954,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/index.m.vsb.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.536Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /index.m.vsb.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":20,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"b6c7d40e0a743722ccd02ba4fefb3e5d","sha1":"6611047a7ac779c20b78cb431567319f80992dae","sha256":"41cf2320a2fc1fac67e23b93451179398ed9aee084b0e4e700b92b65ec913bc3","sha512":"ae011fcd60f98d0a862c94265375f5f7c6009a4f51f34c85f8311bc04825054ca5c413bf742e434a7195c781b2bff952a812e035a9a0c91557e5cdccf5d0a018","ssdeep":"","tlshash":"89700000ac8a0002082380083000a00200203280a00003283020b200a8c20c82882202","first_seen":"2025-10-19T02:06:57.998753Z","last_seen":"2026-03-23T01:57:48.18007Z","times_seen":37,"resource_available":false,"data":null}},"time_used":433,"timings":{"blocked":255,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/index.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.559Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/index.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":264,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"a625f940af78110e664ca0a4e96b9420","sha1":"b78f77b88d43e219891a660a09aaa47af92a3fbe","sha256":"e1e47b594d4d6ea5345c81fc5d6fa79fa51ddb0d2dd6ad43079385d50a36aa43","sha512":"48e6b092381f581f6ba0906321f219fce7c72ce231868963ca9b73dbfd6735ed6d4c54485601b6bba8b087155f6f0aa3bdc53e5f13063c1d7a12a3d046cb4621","ssdeep":"","tlshash":"0ed02b31150057fb68be340c6cd5b5dc1090213c7e07719889a18c073caf42071fc14f","first_seen":"2025-10-19T02:06:58.086552Z","last_seen":"2026-03-23T01:57:48.193788Z","times_seen":37,"resource_available":true,"data":null}},"time_used":585,"timings":{"blocked":411,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_sitegray/_sitegray_d.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.366Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_sitegray/_sitegray_d.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1056,"timings":{"blocked":119,"dns":0,"connect":0,"send":0,"wait":937,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/js/index.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.399Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/js/index.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":264,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text","md5":"a625f940af78110e664ca0a4e96b9420","sha1":"b78f77b88d43e219891a660a09aaa47af92a3fbe","sha256":"e1e47b594d4d6ea5345c81fc5d6fa79fa51ddb0d2dd6ad43079385d50a36aa43","sha512":"48e6b092381f581f6ba0906321f219fce7c72ce231868963ca9b73dbfd6735ed6d4c54485601b6bba8b087155f6f0aa3bdc53e5f13063c1d7a12a3d046cb4621","ssdeep":"","tlshash":"0ed02b31150057fb68be340c6cd5b5dc1090213c7e07719889a18c073caf42071fc14f","first_seen":"2025-10-19T02:06:58.086552Z","last_seen":"2026-03-23T01:57:48.193788Z","times_seen":37,"resource_available":true,"data":null}},"time_used":568,"timings":{"blocked":406,"dns":0,"connect":0,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/system/resource/js/counter.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.538Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /system/resource/js/counter.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1256,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (1256), with no line terminators","md5":"0ebfa2d857ab3dbef6017ecc86f9ef10","sha1":"575c2dc977f762b7821198d2946360b08bc97249","sha256":"acced8552b2f49a96c10c24fc95c3c0825f892fdb0aa69f9ee474e5fb11fd671","sha512":"856d2d4a86c7e7860c438fd7a467dddd84afd42a87b8cc6935a8e1f7530b842fe39548ec0eec7d610bcbe5a4c6d0712347c248e823f70990ade687ef6656eed1","ssdeep":"","tlshash":"932135e12cb70ce79e1db721a50712aebc65e571561dc0305904d13011b36caf0b7e39","first_seen":"2023-03-11T23:05:41Z","last_seen":"2026-04-04T00:47:48.101604Z","times_seen":201,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":272,"dns":0,"connect":0,"send":0,"wait":181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/css/css.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.349Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/css/css.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:09 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":9108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"72a84d638bb2d3e8275a5f6ea716f3b8","sha1":"60cba093b8c1ac24425194bc99a8e45fad78435b","sha256":"88c33545d091f4f6c0ac15d0d1ae077d340a850c3bbe2584004f788e212bdc26","sha512":"e51fba558efe2a6117a750f1907acf80427f07b18a143b0c45f99bf51c7170b21dfba9bc6554c2f20986d39dc2aec9c15b28eccd60b43f30bd42f5bf5992e36d","ssdeep":"192:xAgSI8O3+LRqXEpvmf24DYZYeiX3XV1Fyft9l91R3kiWKgVE:cFOHDDYZYeiX3XV1YfLl91R3UKgVE","tlshash":"44126431d7927109b03787277d01ebde3325c49fe29b5abcbe593528d48e4d926363a0","first_seen":"2025-10-19T02:06:58.034763Z","last_seen":"2026-03-23T01:57:48.190656Z","times_seen":37,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/__local/B/52/EF/D1D0CF6FE36F185899F4A55ACE3_A461C688_C4BE.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.388Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /__local/B/52/EF/D1D0CF6FE36F185899F4A55ACE3_A461C688_C4BE.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/__local/B/52/EF/D1D0CF6FE36F185899F4A55ACE3_A461C688_C4BE.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":50366,"size_decoded":0,"mime_type":"image/jpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1233,"timings":{"blocked":1036,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/jquery.min.js","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.512Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:05 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 737\r\nLast-Modified: Sat, 18 Oct 2025 04:51:39 GMT\r\nConnection: keep-alive\r\nETag: \"68f31cdb-2e1\"\r\nExpires: Sun, 22 Mar 2026 23:37:05 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":737,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (737), with no line terminators","md5":"892db832a0793e0aa8f61210acacdd34","sha1":"d771e3cbe20df7f837f32c9dc27e7e44f393b1c2","sha256":"738f8fb44ea032650edfc9a47ae4eb8e5933c6f507a737ade274eb25e0504145","sha512":"9bc1bff0513d3f144636a2bd64e0e0db4689fb4a210372f099c80e17af37bcabc4a8561a2af31abc86909d7ec297fb52932c0bc77579042ebe806712f446fe9b","ssdeep":"","tlshash":"f0011de8c7c8d85b6edc6d43ea18deca21b2913b97d971878318fe8c05ad192d45c449","first_seen":"2025-01-01T02:43:40.345281Z","last_seen":"2026-03-29T22:22:42.390087Z","times_seen":70,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/css/common.css","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:05.515Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/css/common.css HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:06 GMT\r\nContent-Type: text/css;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/5.4.41\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10390,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (360)","md5":"6b9a75ca2443149f378c934e1671bd29","sha1":"08c6ec2e51bdba2c516a5635b76f756c08428e2e","sha256":"927efeb928dbf4a2fc658f820e2ac2cd7885f0f056b4e378de87a1a211695109","sha512":"5527e5e5b3a6f25f7e97545c46122eaacd54343d5b47cdfdfc52e5f44e4483b150a0df47732d121568c107e84264b2cb983f1e27273333ea4dd08342d63ce00f","ssdeep":"192:wXDRl1z932jEyjhyQmQvCXRbQFl1P5P6NoZF0RWaohIsCYXleEnqICIkZwd:Wf1JERmQKXRbQFl1xP6SIRtohIxmleEV","tlshash":"79224122a691704db0378932b8c19ae4b535800391520efde76d2e75d18f3bb6a73fd9","first_seen":"2025-10-19T02:06:58.10037Z","last_seen":"2026-03-23T01:57:48.168665Z","times_seen":37,"resource_available":false,"data":null}},"time_used":641,"timings":{"blocked":477,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"1248g.3894.9hid.com/_m/imges/ico-nav.jpg","fqdn":"1248g.3894.9hid.com","domain":"9hid.com","tld":"com"},"ip":{"addr":"104.206.131.13","port":80,"asn":62904,"as":"AS62904","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:09.379Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /_m/imges/ico-nav.jpg HTTP/1.1\r\nHost: 1248g.3894.9hid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://1248g.3894.9hid.com/\r\nCookie: vsb_screen_reload_count=2; vsb_screen_reload_url=/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 22 Mar 2026 22:37:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.41\r\nLocation: https://news.jlu.edu.cn/_m/imges/ico-nav.jpg\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"PHP:5.4.41","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":1597,"timings":{"blocked":1428,"dns":0,"connect":0,"send":0,"wait":169,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-22","alert":"Sinkholed","trigger":"1248g.3894.9hid.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"news.jlu.edu.cn/__local/8/83/F7/4CDFB134C5074B5AE5A1B468E5D_746E2D7E_8AF96.png","fqdn":"news.jlu.edu.cn","domain":"jlu.edu.cn","tld":"edu.cn"},"ip":{"addr":"202.198.16.80","port":443,"asn":4538,"as":"China Education and Research Network Center","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://1248g.3894.9hid.com/","date":"2026-03-22T22:37:10.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.jlu.edu.cn","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 29 Jun 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A9:8D:4B:95:E4:B8:52:7C:56:01:3E:93:CC:97:97:7B:8C:D4:5F:1C","sha256":"06:2B:DD:A9:34:9F:97:4F:CB:59:23:E2:8E:EE:D8:39:68:57:14:36:33:36:82:F5:AE:6E:3A:B0:6F:79:E6:29"}}},"request":{"raw":"GET /__local/8/83/F7/4CDFB134C5074B5AE5A1B468E5D_746E2D7E_8AF96.png HTTP/1.1\r\nHost: news.jlu.edu.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: http://1248g.3894.9hid.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 22 Mar 2026 22:40:55 GMT\r\nServer: Server\r\nX-Frame-Options: SAMEORIGIN\r\nLast-Modified: Thu, 16 Oct 2025 07:47:57 GMT\r\nETag: \"8af96-64141d5dd6540\"\r\nAccept-Ranges: bytes\r\nContent-Length: 569238\r\nCache-Control: max-age=3600\r\nExpires: Sun, 22 Mar 2026 23:40:55 GMT\r\nKeep-Alive: timeout=5, max=200\r\nConnection: Keep-Alive\r\nContent-Type: image/png\r\nContent-Language: zh-CN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32768,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 846 x 564, 8-bit/color RGB, non-interlaced","md5":"5198890550ab00cbf8d942b674b70d71","sha1":"9e5590e8c7f2408152e6f5265ea5c9093d5f4410","sha256":"c6b17c753196a98d150ffe7301b80b98180682504ccfccadca46e8b553cac38a","sha512":"d7b8fb6ee8b72654c94ef507911de00ddf4097916a3e70c417e57a566ce6cb5f774a0fbc5c3327aeef7e138c0019005dc9b9c7a01a32d526d04c89bba74f68a9","ssdeep":"768:83v7EnnlvJhjkFCgO7KBWzR65Fk9Lk55uyjq07xnoM:8z6nlxhjko5/zpw8iL7xnl","tlshash":"53e2e0dbd3f19b5162f5588c4e469a47f4b200c96f88fe418e48a8ee7274a21936137f","first_seen":"2026-03-22T22:37:31.666939Z","last_seen":"2026-03-22T22:37:31.666939Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2115,"timings":{"blocked":786,"dns":1,"connect":258,"send":0,"wait":259,"receive":278,"ssl":530},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}