{"report_id":"bd33b8a7-8ac6-47d2-9c26-4f8777062ce3","version":6,"status":"done","tags":[],"date":"2026-03-16T19:49:12Z","url":{"schema":"http","addr":"s313.cc","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"23.224.177.250","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"x13gpkhrz3ljnb9.com:58011/dh/index.html","fqdn":"x13gpkhrz3ljnb9.com","domain":"x13gpkhrz3ljnb9.com","tld":"com"},"title":"請截圖保存到相冊-新網址","dom":{"size":405,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"79362de9e12846e806b4cef0b0816bc9","sha1":"93b31d8ec5bb85c5f5bc96b69672a435e078efe4","sha256":"ea231f211f2db3ef447f18da0de81ee4c99aa69e233b5e12c930e8d93ff86c6e","sha512":"c3d1082d888ee283148e504fc60ec10eba19cbdfc51ae3f8e129dfb8d6edf0d593c45f1e0e655eab2f6b9e8d19158944bd2edd84ee19d3f6105dc67bef61feaa","ssdeep":"","tlshash":"1ce0f8af2c2880387bb008e8a4bbf44cb8a098bca82dd410c6ecf4404450fe69c1f3c0","dom_hash":"domhash9ce91588d2a71c823270698bac352c92","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"s313.cc","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"23.224.177.250","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-20T19:49:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-16","alert":"Sinkholed","trigger":"img.mresou.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"img.alicdn.com","ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"domain_registered":"2008-06-25","domain_rank":61670,"first_seen":"2015-03-04T07:06:39Z","last_seen":"2026-03-12T01:08:21.62433Z","alert_count":0,"request_count":1,"received_data":174691,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"img.xmshengchao.com","ip":{"addr":"172.247.84.2","port":1688,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2016-07-01","domain_rank":1701637,"first_seen":"2025-06-05T07:33:58.312013Z","last_seen":"2026-03-12T11:05:38.198329Z","alert_count":0,"request_count":1,"received_data":174222,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hm.baidu.com","ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-03-16T02:58:13.619816Z","alert_count":0,"request_count":2,"received_data":30877,"sent_data":1137,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"s313.cc","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-03-28","domain_rank":0,"first_seen":"2026-02-15T09:58:01.168359Z","last_seen":"2026-03-13T17:18:27.646741Z","alert_count":0,"request_count":3,"received_data":1069,"sent_data":1256,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"x13gpkhrz3ljnb9.com","ip":{"addr":"172.247.94.122","port":58011,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-11-23","domain_rank":0,"first_seen":"2026-03-13T17:15:50.597373Z","last_seen":"2026-03-13T17:15:50.597373Z","alert_count":0,"request_count":4,"received_data":13570,"sent_data":1941,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"files.shenqizhilv.com","ip":{"addr":"172.247.94.138","port":36666,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2016-11-05","domain_rank":6175054,"first_seen":"2023-05-31T19:17:43Z","last_seen":"2026-03-12T22:09:32.954978Z","alert_count":0,"request_count":1,"received_data":575,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.asujp.com","ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2018-10-15","domain_rank":7012203,"first_seen":"2023-10-06T14:27:30Z","last_seen":"2026-03-12T22:09:33.745719Z","alert_count":0,"request_count":1,"received_data":562,"sent_data":539,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"users.shenqizhilv.com","ip":{"addr":"172.247.94.122","port":59168,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2016-11-05","domain_rank":5522309,"first_seen":"2023-05-31T19:17:44Z","last_seen":"2026-03-12T22:09:32.672665Z","alert_count":0,"request_count":1,"received_data":3144,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"img.mresou.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-04-12","domain_rank":4701765,"first_seen":"2022-06-04T02:54:19Z","last_seen":"2026-03-11T02:32:22.893133Z","alert_count":1,"request_count":1,"received_data":136794,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?38ce17e5ef2191b2c5929506808e2c73","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"58c2d660a42395a11a93e9af2535428f","sha1":"00a27c1fcd485c66cf2eee14b5c47f0e6c133fbe","sha256":"e7256b3de13b32cc0f70b28464b0c08502d92960f43a620a41a6ab8e8d6f7af2","sha512":"791209d997403703bfb089d8ab08ebdc612650bd5d7ec7865b04c05dc9951831b88a488937fa85457c40b0cc3a5dd9e516b4716f56aedd9946382527dee7e96c","ssdeep":"384:cGJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:cG4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"aed2c9a9b282713293a324a5153f724ef07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29895,"data":"","first_seen":"2026-03-16T19:49:19.867008Z","last_seen":"2026-03-16T19:49:19.867008Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s313.cc/","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e4725da8352954697c5041ef516d3b88","sha1":"82d57bae58a0cb48f84b7ce6f31f17ba57a4422c","sha256":"36704e7308900dbb36d9e4ddf29f6c4eb9b38f694d1b4c1be222dc3a32d3b0f5","sha512":"c533cf76e4c5cb0d5aea94fc948fa0a0fb64defc00a0614b35f59f19909536ee98aaf4043fab23833eb432af664571dd2547def3beef987e8328ea8147fd8e27","ssdeep":"","tlshash":"6db0120a3f5bc11c100000d1fdb1c52070baea33cb33fc44a1898a54808ef546c8fc70","size":108,"data":"","first_seen":"2025-05-12T04:16:38.192339Z","last_seen":"2026-04-07T17:20:16.095498Z","times_seen":28,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s313.cc/go.js?v=0.9954779843320304","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"23.224.135.66","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"aec016682dd71b84ed100e40706eb318","sha1":"c6c6a613d4d9c899a89c1a5a87b62b1542c041af","sha256":"b8d6f885aa23d52b078d6f00a87a1869df246ac9b0282c20e97c4e25b1a2df6c","sha512":"f703187f2264b27c72a00f700a228d4bcc123b9eb94f9692dce3fde801022700d806e87c9f73af8697cbf9e5a015954172da38d35a4602793d08ab50c6d1fd80","ssdeep":"","tlshash":"72a022ab0332c00023ca38008a02280a08333ffc2c0cc0c0b302c08c80803f88aae2ac","size":65,"data":"","first_seen":"2026-03-13T17:16:02.921915Z","last_seen":"2026-03-16T19:54:31.260872Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x13gpkhrz3ljnb9.com:58011/dh/index.html","fqdn":"x13gpkhrz3ljnb9.com","domain":"x13gpkhrz3ljnb9.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":58011,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ae32c44c2e020db1cc7edbb65bae0ade","sha1":"2893ebf41f3c23a05da7de44f6545c16824278ff","sha256":"5047e331c5699817207830cf5c1f6bf422cead2bb658a6f113441fbbe894deb7","sha512":"d87cdbe535b491e407643ed7f71fb9bac14eb6cc187cbcac7bf0454b96c195ab016309ec19284760d8d85b8f7878c83c31718ab23fce1cfb02882a1d19597bdf","ssdeep":"","tlshash":"8ec08c177a0ad20d218040d0fca2e8687476eb238e21ec84546e5684680d9a8984e8b0","size":160,"data":"","first_seen":"2025-05-12T04:16:38.198529Z","last_seen":"2026-04-14T16:55:04.390691Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.shenqizhilv.com:36666/js/tj.js","fqdn":"files.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":36666,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bb58678f34e96b713547007d11b913df","sha1":"405d1d727595776164ce74ac60911566e18d7fee","sha256":"1b97f997ba0aaf74b21a52aba026e8e702471a29069910c61e0a9831388c9ce5","sha512":"116f89d968c5d03be72e898e2e2ad9befd6bdbd0c2f0ff8510ccd4df4ddcc8fc02d455aaa2de76b43667a82915bd9956f94a28c09b4d33b61b05ccaa44cafbe2","ssdeep":"","tlshash":"b7e02bff0025870a0702154272708b493665e036732694b0f9fc5812f3f0e95a462fde","size":292,"data":"","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-04-14T16:55:09.139164Z","times_seen":42,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-15T21:27:04.110539Z","times_seen":105538,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"337d0003f1fb591369e32703fbb86523","sha1":"8e8384e2b30d9af4c7be3a292f33829a83cf09f3","sha256":"e7feef93f0b7d476b45576cc9a1cb2d03f9de46286a25e88b23b2e96e6aecc33","sha512":"433765479b5a7e9339babef9cf2cdb0325af52e188de0c1415f80e3ab665a685042573610823423fe4af0eec921756ce86cf137e4fe6f1e55898ad99888133f1","ssdeep":"","tlshash":"4be07dfe31d2c41c1ba63d955067705c60a63e393810ddc4ad101057285be3b9c0095e","size":320,"data":"","first_seen":"2026-03-16T19:49:19.876718Z","last_seen":"2026-03-16T19:49:19.876718Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"users.shenqizhilv.com:59168/dh/dh.js?v=0.9456506677920212","fqdn":"users.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":59168,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3fd3688e336e8e0533faf2734808360d","sha1":"527aaafd1fa2a0ab79cf6d0f17787b2e30621447","sha256":"9a6600757faf6f555f04e284b603a7c320a86238a159b41adc4a345ffe47f8f7","sha512":"2479a1e830431abc189056f1b7665dddf52cdf6ccecfc1cf7d70cc1d30366a37d9e9015a6448f86858280d5b8d5828ce02591c4f95944cf336a28cc75eb0a83b","ssdeep":"","tlshash":"63513193a141543f06ea7bb67507938d6462401f7d42e44179bc79c0aff0ae980fd6dd","size":2855,"data":"","first_seen":"2026-03-13T17:16:02.918329Z","last_seen":"2026-03-16T19:54:31.236046Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"fed6cb69d417791b9f836929057c1f37","sha1":"9ab0a7580f8520088b83facab1a1d80167191bae","sha256":"92a3ccb600db9bcc29533c3976e3112b2285bd5bb5f52c8a626d98743f00dde5","sha512":"c2702733eeffcb82f274b1c2c7b1a2dd817b2d99e82e3244d8cc928e6895ff3036b56dcd4cdaa3bb2616a4d12aed47130437f6c123132413bef36c2e31cd1efd","ssdeep":"","tlshash":"c9d0971f2c68283873b5087c61bbf98cb46264ac107de000c0dde8404960ee19c2e7c8","size":254,"data":"","first_seen":"2025-05-12T04:16:38.176064Z","last_seen":"2026-04-14T16:55:09.17221Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-04-15T21:27:04.110539Z","times_seen":105538,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"4a552ad4c20e704f1177e98c7c8c5e8f","sha1":"dca01598a4b888afe1b554d6a4013824df5e6bf2","sha256":"a55f0aa28d454f63fc6275e99f89740fbccf7a593f28665d5237a0e6b44c6c5b","sha512":"f818977cf07070b5694ac5fc04d8d562dab9fde02b86c2187f7d626a9260d1a420443bdbeb959b75e12f4334b8980de3e2ad51c3049f28274a3ec8133c8c376a","ssdeep":"","tlshash":"74a011822c2ac20808020a88eaa0e028b020e000e228cc88e28808282088be88802c00","size":74,"data":"","first_seen":"2026-03-16T19:49:19.882588Z","last_seen":"2026-03-16T19:49:19.882588Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bccc2ba9dd8d17b66cea079f6de0793e","sha1":"a85bf70a75289190ad558dbd654a4c30db6156d6","sha256":"f20a2c5efccdae544dd9b541b4e4ba2e23083656b55597afa8a901bb8e66a245","sha512":"06cce596c8dc06e6f892c7b364878d905c3d60df75ab171d6c542aa1f83784bb45586985db34c6aeae53e52f2a0005d426ec938c39e9ca959bfac240a6f68d85","ssdeep":"","tlshash":"f6b022030c0ac00a2080a8c8eca0f8aca00ab3000a80c888aaea208838082e8ce0a880","size":126,"data":"","first_seen":"2026-03-16T19:49:19.883751Z","last_seen":"2026-03-16T19:49:19.883751Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=8524A76620014F5E\u0026cc=0\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=35\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=609612534\u0026si=38ce17e5ef2191b2c5929506808e2c73\u0026su=https%3A%2F%2Fx13gpkhrz3ljnb9.com%3A58011%2F\u0026v=1.3.2\u0026lv=1\u0026sn=51297\u0026r=0\u0026ww=0\u0026u=https%3A%2F%2Fwww.asujp.com%3A58081%2Fapi.html","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.asujp.com:58081/api.html","date":"2026-03-16T19:48:57.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=8524A76620014F5E\u0026cc=0\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=35\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=609612534\u0026si=38ce17e5ef2191b2c5929506808e2c73\u0026su=https%3A%2F%2Fx13gpkhrz3ljnb9.com%3A58011%2F\u0026v=1.3.2\u0026lv=1\u0026sn=51297\u0026r=0\u0026ww=0\u0026u=https%3A%2F%2Fwww.asujp.com%3A58081%2Fapi.html HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.asujp.com:58081/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Mon, 16 Mar 2026 19:48:57 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=663C842EF7DD39B9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-15T21:27:04.070451Z","times_seen":335570,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.alicdn.com/imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif","fqdn":"img.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"155.102.215.179","port":443,"asn":0,"as":"","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:55.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif HTTP/1.1\r\nHost: img.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/gif\r\ncontent-length: 173807\r\ndate: Sun, 18 Jan 2026 10:28:46 GMT\r\nlast-modified: Wed, 26 Nov 2025 08:20:44 GMT\r\npicasso-ret-code: SUCCESS\r\npicasso-cache-info: L4-HIT\r\nrequest-time: 0.025\r\ntraceid: 9b66d7a117687321261363014e\r\nx-powered-by: Picasso\r\npicasso-image-type: normal\r\npicasso-fmt: gif2avif\r\ncache-control: max-age=31536000\r\nvia: ens-cache9.l2de4[27,27,200-0,M], ens-cache7.l2de4[29,0], ens-cache21.se3[0,0,200-0,H], ens-cache19.se3[5,0]\r\naccess-control-allow-origin: *\r\nage: 4958410\r\nali-swift-global-savetime: 1768732126\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Sun, 18 Jan 2026 10:28:46 GMT\r\nx-swift-cachetime: 31536000\r\nback_uri: /imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif_.avif\r\nvary: Accept\r\ns-rt: 5\r\ntiming-allow-origin: *\r\neagleid: 9b66d7a717736905360966090e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":173807,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 640 x 150","md5":"2402ee44cb711133d92bdb1ebef733a0","sha1":"385f2fd79a996edbcc9c327d0425f616d7be75c2","sha256":"4338a5737b31ad8039de005e41272bc546d3153b8fee936def8711e691114842","sha512":"96803ab5f6687e836e9bb56098587404a4143d01fae90241a64ecfbbd2fbfd0bfe01d972b26159b8d88945221cc28358a26f037a2ae6ad246982177f08edabc0","ssdeep":"3072:tlcJZ0ddZ0ddZ0ddZ0FgBGNNGeRSwmGeRSwmGeRSwmGeRSB:jryyqgQNNGekGekGekGem","tlshash":"ed040293ad87f24fef838f37f848322435e005b4f698dc5cfa28de6617997590652612","first_seen":"2025-05-12T04:16:38.1739Z","last_seen":"2026-04-14T16:55:04.389599Z","times_seen":29,"resource_available":false,"data":null}},"time_used":1002,"timings":{"blocked":484,"dns":454,"connect":10,"send":0,"wait":13,"receive":21,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s313.cc/","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-16T19:48:51.301Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: s313.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T21:38:41.569918Z","times_seen":13799339,"resource_available":true,"data":null}},"time_used":863,"timings":{"blocked":863,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s313.cc/","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"23.224.135.66","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-16T19:48:52.347Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: s313.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 16 Mar 2026 19:48:38 GMT\r\nContent-Type: text/html\r\nContent-Length: 434\r\nLast-Modified: Sun, 27 Nov 2022 14:21:20 GMT\r\nConnection: keep-alive\r\nETag: \"63837260-1b2\"\r\nSet-Cookie: SITE_TOTAL_ID=7f77600f92358a53fed06a9cf4f349a2; Path=/; Max-Age=259200000; HttpOnly\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":434,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"99b599ea7513742be54a78dc16386ed3","sha1":"40db5659479a7607fdfeb3052d3bc4cad5ed47a8","sha256":"1bbbf09993ea58977f4ebfd2ecbefe8ceda8fe24c0bb0ae13b88fd75ca0fc5e0","sha512":"62a09b8e83cbf7b828f163fbbae44cb79e31a24a10e7da61d1be99a107322904433535a184993b52d70c1bd6ad1bba64743fbeb75b41a923e278f8866933cbb9","ssdeep":"","tlshash":"9de055536c13cc1c506042f1eca2e094d4aaad30a313ac40d1c4b85f1ccaf84dd9baa5","first_seen":"2023-06-02T23:30:32Z","last_seen":"2026-04-07T17:20:16.087164Z","times_seen":37,"resource_available":true,"data":null}},"time_used":485,"timings":{"blocked":161,"dns":1,"connect":161,"send":0,"wait":162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x13gpkhrz3ljnb9.com:58011/dh/index.html","fqdn":"x13gpkhrz3ljnb9.com","domain":"x13gpkhrz3ljnb9.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":58011,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-16T19:48:52.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saia13.youporn-saia.top","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Mon, 24 Nov 2025 06:06:36 GMT","end":"Thu, 24 Dec 2026 06:06:35 GMT"},"fingerprint":{"sha1":"BB:FC:04:0B:B9:1A:ED:1D:FF:CC:03:5C:A4:A7:E2:74:16:F4:BD:2D","sha256":"B9:DE:DD:9D:4B:95:A4:F2:D0:91:6D:2F:F6:BE:EA:FA:F9:26:BA:A4:74:6A:F0:7F:92:03:7F:92:BF:C0:0C:CD"}}},"request":{"raw":"GET /dh/index.html HTTP/1.1\r\nHost: x13gpkhrz3ljnb9.com:58011\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://s313.cc/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 13 Mar 2026 06:24:38 GMT\r\nContent-Type: text/html\r\nLast-Modified: Fri, 13 Mar 2026 05:57:59 GMT\r\nETag: \"69b3a767-8f0\"\r\nExpires: Fri, 13 Mar 2026 06:25:38 GMT\r\nContent-Length: 1133\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nConnection: keep-alive\r\nCache-Control: max-age=306\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2288,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"c5339d057b4b72b906fbc759608f750f","sha1":"90626dadb673a697e17824caba5c416e8eb62db0","sha256":"5966261127268bbfc893da8e0495b3e939b5c09d71937a0e9eb77213aeb2763e","sha512":"a6ea097af7815ee35c8d62cf887f3b5667e5a0116f40285673b3af8bf9f40b9a34895f00f0e9d206d96ed651e1dd628f20d0f6b9dedf171f591eb3d895474cc9","ssdeep":"","tlshash":"9f41b633d6634123f39283f8fdb1e37a40038e03c3865e24678534ee8ac46aa991a57d","first_seen":"2026-03-13T17:16:02.910561Z","last_seen":"2026-03-16T19:54:31.247619Z","times_seen":6,"resource_available":true,"data":null}},"time_used":1303,"timings":{"blocked":571,"dns":19,"connect":159,"send":0,"wait":159,"receive":1,"ssl":391},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"files.shenqizhilv.com:36666/js/tj.js","fqdn":"files.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":36666,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:53.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.shenqizhilv.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Mon, 09 Mar 2026 02:05:33 GMT","end":"Thu, 08 Apr 2027 02:05:32 GMT"},"fingerprint":{"sha1":"DA:E6:4B:67:CB:E3:C6:E1:A9:92:F4:35:97:E7:62:0A:CE:C5:34:26","sha256":"4D:33:B0:2B:34:F7:75:E4:D2:2A:29:8D:F8:A6:55:74:78:A8:DB:B7:EF:91:17:B5:38:09:8E:A1:62:C4:56:22"}}},"request":{"raw":"GET /js/tj.js HTTP/1.1\r\nHost: files.shenqizhilv.com:36666\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 16 Mar 2026 19:48:54 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 292\r\nlast-modified: Mon, 08 Jan 2024 12:02:27 GMT\r\netag: \"659be453-124\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":292,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"bb58678f34e96b713547007d11b913df","sha1":"405d1d727595776164ce74ac60911566e18d7fee","sha256":"1b97f997ba0aaf74b21a52aba026e8e702471a29069910c61e0a9831388c9ce5","sha512":"116f89d968c5d03be72e898e2e2ad9befd6bdbd0c2f0ff8510ccd4df4ddcc8fc02d455aaa2de76b43667a82915bd9956f94a28c09b4d33b61b05ccaa44cafbe2","ssdeep":"","tlshash":"b7e02bff0025870a0702154272708b493665e036732694b0f9fc5812f3f0e95a462fde","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-04-14T16:55:09.139164Z","times_seen":42,"resource_available":true,"data":null}},"time_used":1637,"timings":{"blocked":716,"dns":314,"connect":159,"send":0,"wait":159,"receive":0,"ssl":286},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.asujp.com:58081/api.html","fqdn":"www.asujp.com","domain":"asujp.com","tld":"com"},"ip":{"addr":"172.247.94.138","port":58081,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:54.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.asujp.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Fri, 25 Jul 2025 20:38:42 GMT","end":"Sat, 25 Jul 2026 20:38:41 GMT"},"fingerprint":{"sha1":"34:2B:D2:67:52:9A:35:7E:E9:B7:7E:42:CC:9D:16:FA:78:64:B9:4B","sha256":"85:C5:C7:1F:D9:04:26:E8:37:FD:F5:86:28:D9:DB:D7:74:59:B1:78:15:FF:91:D6:B8:94:62:FA:75:66:E6:02"}}},"request":{"raw":"GET /api.html HTTP/1.1\r\nHost: www.asujp.com:58081\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 16 Mar 2026 19:48:56 GMT\r\ncontent-type: text/html\r\ncontent-length: 292\r\nlast-modified: Wed, 05 Jul 2023 21:33:33 GMT\r\netag: \"64a5e1ad-124\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":292,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"d04463cd63e6e531dc0110167b7fcfb7","sha1":"dca049136730245401364f3d0713546224684977","sha256":"be8b6170fb0f1d6f13bb47bcfd0dd5d8a280c4b2598a36153dd9339016e29761","sha512":"07853f3a5c6097d693fe9cec212bee039bc5d79cb8eb5e305f2a9a735c61bc7e659994bdcc51f1453e36b778240d63c5258bca465d1190796943d555d86c7c69","ssdeep":"","tlshash":"24e02b5f2c58583873b405b4517bf88cf9a1a0ac4239d105a1dde8111460ee16c2abc4","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-04-14T16:55:09.14384Z","times_seen":42,"resource_available":false,"data":null}},"time_used":2436,"timings":{"blocked":1138,"dns":637,"connect":160,"send":0,"wait":157,"receive":0,"ssl":342},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"s313.cc/go.js?v=0.9954779843320304","fqdn":"s313.cc","domain":"s313.cc","tld":"cc"},"ip":{"addr":"23.224.135.66","port":80,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://s313.cc/","date":"2026-03-16T19:48:52.759Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /go.js?v=0.9954779843320304 HTTP/1.1\r\nHost: s313.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://s313.cc/\r\nCookie: SITE_TOTAL_ID=7f77600f92358a53fed06a9cf4f349a2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 16 Mar 2026 19:48:38 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 65\r\nLast-Modified: Fri, 13 Mar 2026 05:57:45 GMT\r\nConnection: keep-alive\r\nETag: \"69b3a759-41\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with no line terminators","md5":"aec016682dd71b84ed100e40706eb318","sha1":"c6c6a613d4d9c899a89c1a5a87b62b1542c041af","sha256":"b8d6f885aa23d52b078d6f00a87a1869df246ac9b0282c20e97c4e25b1a2df6c","sha512":"f703187f2264b27c72a00f700a228d4bcc123b9eb94f9692dce3fde801022700d806e87c9f73af8697cbf9e5a015954172da38d35a4602793d08ab50c6d1fd80","ssdeep":"","tlshash":"72a022ab0332c00023ca38008a02280a08333ffc2c0cc0c0b302c08c80803f88aae2ac","first_seen":"2026-03-13T17:16:02.921915Z","last_seen":"2026-03-16T19:54:31.260872Z","times_seen":5,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x13gpkhrz3ljnb9.com:58011/dh/link.png","fqdn":"x13gpkhrz3ljnb9.com","domain":"x13gpkhrz3ljnb9.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":58011,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:53.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saia13.youporn-saia.top","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Mon, 24 Nov 2025 06:06:36 GMT","end":"Thu, 24 Dec 2026 06:06:35 GMT"},"fingerprint":{"sha1":"BB:FC:04:0B:B9:1A:ED:1D:FF:CC:03:5C:A4:A7:E2:74:16:F4:BD:2D","sha256":"B9:DE:DD:9D:4B:95:A4:F2:D0:91:6D:2F:F6:BE:EA:FA:F9:26:BA:A4:74:6A:F0:7F:92:03:7F:92:BF:C0:0C:CD"}}},"request":{"raw":"GET /dh/link.png HTTP/1.1\r\nHost: x13gpkhrz3ljnb9.com:58011\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/dh/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 24 Nov 2025 06:54:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 4713\r\nLast-Modified: Sun, 27 Aug 2023 17:08:09 GMT\r\nETag: \"64eb82f9-1269\"\r\nExpires: Mon, 24 Nov 2025 06:55:03 GMT\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nCache-Control: max-age=106\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4713,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 260 x 55, 8-bit colormap, non-interlaced","md5":"d140262c1430c13ac293736aed99d4ed","sha1":"b64c6980a2cdf2de15b037a849a2157fa5c2fa72","sha256":"7f3ef832d89b914b86626a28bda611ad59ec0ca56d5d9147788c2ebaab70f199","sha512":"c9acc955ae33fc04a4cca5bb872d5df4fc41a9fb532103489f29f155826909807800b64a8389762cecc1cdfe864f76cdb00e100f51d094412a9c70692d78dbf1","ssdeep":"96:1QU4WuvSte3otKWPLjsroBNuikOY1WRRAAzAxwoRIxCzyA:1F4J2MopTIroBNuwJRApqDA","tlshash":"48a16e64e762144c9252e00ba4f717730e190c48fe929e51dabec19e3a315f3a44efc9","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-04-14T16:55:04.384934Z","times_seen":57,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"users.shenqizhilv.com:59168/dh/dh.js?v=0.9456506677920212","fqdn":"users.shenqizhilv.com","domain":"shenqizhilv.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":59168,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:53.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.shenqizhilv.com","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Mon, 09 Mar 2026 02:05:33 GMT","end":"Thu, 08 Apr 2027 02:05:32 GMT"},"fingerprint":{"sha1":"DA:E6:4B:67:CB:E3:C6:E1:A9:92:F4:35:97:E7:62:0A:CE:C5:34:26","sha256":"4D:33:B0:2B:34:F7:75:E4:D2:2A:29:8D:F8:A6:55:74:78:A8:DB:B7:EF:91:17:B5:38:09:8E:A1:62:C4:56:22"}}},"request":{"raw":"GET /dh/dh.js?v=0.9456506677920212 HTTP/1.1\r\nHost: users.shenqizhilv.com:59168\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 16 Mar 2026 19:48:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 13 Mar 2026 05:36:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b3a279-b27\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2855,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (490), with CRLF line terminators","md5":"3fd3688e336e8e0533faf2734808360d","sha1":"527aaafd1fa2a0ab79cf6d0f17787b2e30621447","sha256":"9a6600757faf6f555f04e284b603a7c320a86238a159b41adc4a345ffe47f8f7","sha512":"2479a1e830431abc189056f1b7665dddf52cdf6ccecfc1cf7d70cc1d30366a37d9e9015a6448f86858280d5b8d5828ce02591c4f95944cf336a28cc75eb0a83b","ssdeep":"","tlshash":"63513193a141543f06ea7bb67507938d6462401f7d42e44179bc79c0aff0ae980fd6dd","first_seen":"2026-03-13T17:16:02.918329Z","last_seen":"2026-03-16T19:54:31.236046Z","times_seen":6,"resource_available":true,"data":null}},"time_used":1636,"timings":{"blocked":714,"dns":291,"connect":165,"send":0,"wait":163,"receive":0,"ssl":301},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?38ce17e5ef2191b2c5929506808e2c73","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"14.215.182.140","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.asujp.com:58081/api.html","date":"2026-03-16T19:48:56.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?38ce17e5ef2191b2c5929506808e2c73 HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.asujp.com:58081/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11289\r\nContent-Type: application/javascript\r\nDate: Mon, 16 Mar 2026 19:48:57 GMT\r\nEtag: b6f1bcc361ff781046da707cc7261617\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=8524A76620014F5E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":29895,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (619)","md5":"58c2d660a42395a11a93e9af2535428f","sha1":"00a27c1fcd485c66cf2eee14b5c47f0e6c133fbe","sha256":"e7256b3de13b32cc0f70b28464b0c08502d92960f43a620a41a6ab8e8d6f7af2","sha512":"791209d997403703bfb089d8ab08ebdc612650bd5d7ec7865b04c05dc9951831b88a488937fa85457c40b0cc3a5dd9e516b4716f56aedd9946382527dee7e96c","ssdeep":"384:cGJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:cG4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"aed2c9a9b282713293a324a5153f724ef07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-03-16T19:49:19.867008Z","last_seen":"2026-03-16T19:49:19.867008Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1871,"timings":{"blocked":777,"dns":12,"connect":253,"send":0,"wait":314,"receive":2,"ssl":510},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x13gpkhrz3ljnb9.com:58011/dh/bk.png","fqdn":"x13gpkhrz3ljnb9.com","domain":"x13gpkhrz3ljnb9.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":58011,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:53.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saia13.youporn-saia.top","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Mon, 24 Nov 2025 06:06:36 GMT","end":"Thu, 24 Dec 2026 06:06:35 GMT"},"fingerprint":{"sha1":"BB:FC:04:0B:B9:1A:ED:1D:FF:CC:03:5C:A4:A7:E2:74:16:F4:BD:2D","sha256":"B9:DE:DD:9D:4B:95:A4:F2:D0:91:6D:2F:F6:BE:EA:FA:F9:26:BA:A4:74:6A:F0:7F:92:03:7F:92:BF:C0:0C:CD"}}},"request":{"raw":"GET /dh/bk.png HTTP/1.1\r\nHost: x13gpkhrz3ljnb9.com:58011\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/dh/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 24 Nov 2025 06:54:04 GMT\r\nContent-Type: image/png\r\nContent-Length: 999\r\nLast-Modified: Sun, 27 Aug 2023 17:08:08 GMT\r\nETag: \"64eb82f8-3e7\"\r\nExpires: Mon, 24 Nov 2025 06:55:04 GMT\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nCache-Control: max-age=182\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":999,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 10 x 10, 8-bit/color RGB, non-interlaced","md5":"ce95f50706fead30fc5c02e6b4f0a6d1","sha1":"a4c43a6a64b5633943ba5824c3c80dba4f2b0c13","sha256":"056829fe951fc1db4ad7c5e9d61f5d729a82b7419a9fd1f3cd5314e9bfd82649","sha512":"d86c61c4b6a79ec8e5a8d570cef37b28b7f038ee87bcb59361a39c7f60d714487da8fabf266e766f2faa14a1ed83fcbe8d638db977f68d2ce81cb8c32d62b416","ssdeep":"","tlshash":"1b11214ee5425801d6dcda4224f7c0579e638880eed1fcbab9cfc42b1a642f6846d9cf","first_seen":"2023-10-19T13:47:14Z","last_seen":"2026-04-14T16:55:04.379851Z","times_seen":52,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":166,"dns":0,"connect":0,"send":0,"wait":159,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.xmshengchao.com:1688/images/a5082cb1-e6a9-44eb-941d-cc022dfa464b","fqdn":"img.xmshengchao.com","domain":"xmshengchao.com","tld":"com"},"ip":{"addr":"172.247.84.2","port":1688,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:54.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"img.xmshengchao.com","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Sat, 31 May 2025 11:05:28 GMT","end":"Tue, 30 Jun 2026 11:05:27 GMT"},"fingerprint":{"sha1":"20:11:F7:D1:C5:30:B5:EB:08:8E:C5:2F:C2:70:DE:32:B4:55:ED:B8","sha256":"76:6B:96:31:6E:51:97:FA:AF:A9:7D:37:14:82:36:87:44:16:66:C5:8B:33:EC:CB:E2:32:1B:91:FB:4E:64:0B"}}},"request":{"raw":"GET /images/a5082cb1-e6a9-44eb-941d-cc022dfa464b HTTP/1.1\r\nHost: img.xmshengchao.com:1688\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\ncache-control: max-age=86400\r\ndate: Mon, 16 Mar 2026 19:48:55 GMT\r\nlocation: https://img.alicdn.com/imgextra/i4/O1CN01y0piD91TKlNS9OPoF_!!6000000002364-1-cib.gif\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: HIT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173807,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-15T21:38:41.569918Z","times_seen":13799339,"resource_available":true,"data":null}},"time_used":1252,"timings":{"blocked":463,"dns":66,"connect":155,"send":0,"wait":326,"receive":0,"ssl":239},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img.mresou.com/img/23112003.gif","fqdn":"img.mresou.com","domain":"mresou.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:54.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mresou.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Feb 2026 03:54:47 GMT","end":"Sun, 10 May 2026 04:53:24 GMT"},"fingerprint":{"sha1":"58:44:4E:20:AF:3D:28:31:7D:87:23:5F:6E:FA:DE:34:1F:34:2D:9B","sha256":"BD:C8:4A:E0:84:A6:39:D4:AC:C0:C6:97:1C:A5:17:9D:31:E7:27:10:76:4D:2E:66:69:F6:A5:33:F8:65:17:3F"}}},"request":{"raw":"GET /img/23112003.gif HTTP/1.1\r\nHost: img.mresou.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 16 Mar 2026 19:48:54 GMT\r\ncontent-type: image/gif\r\ncontent-length: 136346\r\nserver: cloudflare\r\nlast-modified: Mon, 20 Nov 2023 14:02:31 GMT\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\netag: \"655b66f7-2149a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccept-ranges: bytes\r\nage: 6898934\r\ncf-cache-status: HIT\r\ncf-ray: 9dd647331e0707e7-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":136346,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 640 x 200","md5":"726d2998b3400f9ac3e6da5ce5d0423c","sha1":"3cf09d2bc2b100be0806a7f4d0b17516d0b35bd0","sha256":"9e6a4649882b910cdadab83c2d4d2f6770325c63fa542e8e042d39c5549b9afd","sha512":"6e61fd672797b8b2bd12f87c3d16b0764e8bad5e6af2e5fb160bc2df2dfe36ada5be907d563d472b1ff45913f2c4e6d6aba186b51e8f06891671a75e8a0eb1bf","ssdeep":"3072:iMSMJbsyzLvScjRZqKtwLqlmhG5UBYI+Z10Li4cxC5jOy7gaoAd5:LSe/qoLqIqGlF4OcUaoy5","tlshash":"61d31259e9c347aa706565e1c7f3b4d20c7369423c78a1b974b1aa6f8635038e83933f","first_seen":"2024-08-20T11:51:23.192754Z","last_seen":"2026-04-14T16:55:04.383501Z","times_seen":16,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":48,"dns":19,"connect":8,"send":0,"wait":18,"receive":21,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-16","alert":"Sinkholed","trigger":"img.mresou.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"x13gpkhrz3ljnb9.com:58011/favicon.ico","fqdn":"x13gpkhrz3ljnb9.com","domain":"x13gpkhrz3ljnb9.com","tld":"com"},"ip":{"addr":"172.247.94.122","port":58011,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://x13gpkhrz3ljnb9.com:58011/dh/index.html","date":"2026-03-16T19:48:55.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"saia13.youporn-saia.top","organization":""},"issuer":{"commonName":"Certum DV TLS G2 R39 CA","organization":"Asseco Data Systems S.A."},"validity":{"start":"Mon, 24 Nov 2025 06:06:36 GMT","end":"Thu, 24 Dec 2026 06:06:35 GMT"},"fingerprint":{"sha1":"BB:FC:04:0B:B9:1A:ED:1D:FF:CC:03:5C:A4:A7:E2:74:16:F4:BD:2D","sha256":"B9:DE:DD:9D:4B:95:A4:F2:D0:91:6D:2F:F6:BE:EA:FA:F9:26:BA:A4:74:6A:F0:7F:92:03:7F:92:BF:C0:0C:CD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: x13gpkhrz3ljnb9.com:58011\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://x13gpkhrz3ljnb9.com:58011/dh/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 24 Nov 2025 06:54:03 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 4286\r\nLast-Modified: Sun, 05 Mar 2023 17:30:37 GMT\r\nETag: \"6404d1bd-10be\"\r\nExpires: Mon, 24 Nov 2025 06:55:03 GMT\r\nAccept-Ranges: bytes\r\nConnection: keep-alive\r\nCache-Control: max-age=21\r\nX-Cache: HIT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"dfce00c59ba2ba11b46e573410197ada","sha1":"6ea119e7580de2e45fe3f975b3942349d8a23658","sha256":"5f86d83d972a5bed8d627e1a2e84827c318ce8716d95ba6dd2c48d9e4025b421","sha512":"12c22295bfa3a22d07a5d4dcb4dfe3c90415cca51c2dc8c13e938e472684c231cfefe303db1f455cb956250e4c660e29afbcdc00c618ebaca203fd24cd5e5b23","ssdeep":"48:UXHhHhHAsHDHsmdMNeesXBe6OFSFRkcd2Bjt:UXHhHhHAsHDHsmdMNhsXBe6OFSFRABJ","tlshash":"c8917c0bcd07706ad14695fde0c7e33d2a475d8a8435d1b60ce68c8f3265abc696c4f2","first_seen":"2023-06-02T23:30:32Z","last_seen":"2026-04-14T16:55:09.124432Z","times_seen":49,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":159,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}