{"report_id":"c3dcc2f8-cf5b-4228-83d1-0b4a92132dd4","version":6,"status":"done","tags":[],"date":"2026-01-11T05:53:24Z","url":{"schema":"http","addr":"0149ttcai.lol/","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":0,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"0149ttcai.lol/","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"title":"0149ttcai.lol/","dom":{"size":24647,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2305)","md5":"615e556ebf1ab62faef523dbda9081e4","sha1":"cfe8a3d991abbb2767acc2dbfca77ae8d19b1712","sha256":"0a817fb87360d1ad46fb76df0c4e1fc0393603be9b026a69c9495fd99d06ee00","sha512":"b788ddfcd89e0527d34723c2cecef8afe98809356ef8dda5df3ea4236e7c824ec70c58329651071752144432ac9d5f348467c94d42a0910f8b40e9f7d6724701","ssdeep":"384:jaKxuXjH2THOCzX+sIKb7+wiyCp8HuwRarC:jaKxuXjH2THOC6s3bamo8HuwRarC","tlshash":"4fb20220e3f22116b03385e679ab7f5125e44123f14315adfabda6b98bcdc943423757","dom_hash":"domhash9b2c313b85308a790573cc7826d17580","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"0149ttcai.lol/","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":0,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-15T05:53:24Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-11","alert":"Sinkholed","trigger":"num.duoduoba.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"num.duoduoba.xyz","ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":1137,"sent_data":1102,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"127.0.0.1","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":0,"sent_data":528,"comment":"","tags":null,"fingerprints":null},{"fqdn":"0149ttcai.lol","ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":14,"received_data":1226471,"sent_data":6749,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"111.231.169.247","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-01-05T13:13:41.270215Z","alert_count":0,"request_count":1,"received_data":579,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"at.alicdn.com","ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":96084,"first_seen":"2013-11-28T05:03:29Z","last_seen":"2026-01-05T09:03:01.851064Z","alert_count":0,"request_count":1,"received_data":56835,"sent_data":519,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"y33q88s.babaizai.com","ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"domain_registered":"2024-04-01","domain_rank":0,"first_seen":"2025-06-16T15:31:43.401014Z","last_seen":"2025-06-16T15:31:43.401014Z","alert_count":0,"request_count":13,"received_data":56201,"sent_data":6376,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/chunk-vendors.cbdbc17b.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"74d9773eef5d7061451d33fa0a0277b2","sha1":"c2e3f841bf44321f07bf6577bb2927020fcb8433","sha256":"e220c5a5dcb56069e280b814fb0594b658f2092b025012608dabacf3a42f9f18","sha512":"33c0bcfee7543051848021de5187af0a0d26e09b7a81622460f0c86a8426fa4b70e886a0ddbf8d00eb20dd1475ad9de2b33ff3e84897aa296b7a3f80ac52fb9a","ssdeep":"6144:RomCH9tzZobap187n/fDvlhvtwTf34Gb/0gGjv4NTMvYEvm/4E+QhGoFv4zIWVbL:etSUOfBh1wTfWgi4t1iEVv4zL1IGABg","tlshash":"1215088cf2c6b0b616e760b5403f220bb2376969b40a94d4f675e4d0ad7894e6237f3d","size":932585,"data":"","first_seen":"2026-01-11T05:53:34.558106Z","last_seen":"2026-01-11T05:53:34.558106Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-chaxun~pages-index-feedback~pages-index-home~pages-index-index~pages-index-mine~pages-in~5a16691e.5a350035.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c37f4f82d6cf5cc9b88814a39a077b3","sha1":"9fff8fb65442c233c02636c70baf750563fa5f89","sha256":"7f736ef72933da0f988e3d51a75159fff17339342aa5e3493e98657ed21829fc","sha512":"ec9954c8c777885d2c25a7b3865c66c344467a69764b89d4b966307956225bb997738426d8240fd8d4bb0390c835361d9c7d640d4fbbc7210461e3318b1ee71b","ssdeep":"192:eHTgAI84COcBTJFE1je5K5qRsO4gl2iuiXiwiriJPbAJfKVCf/OtTxBQrtlR6qt3:bUX9hTbAJfXnKTPQRf67e452","tlshash":"c3a2970cb1ca1cb32fd654c440caa20183ada6525ce16c8673e55bcbcfbe699125fb66","size":22659,"data":"","first_seen":"2026-01-11T05:53:34.540174Z","last_seen":"2026-01-11T05:53:34.540174Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-index.4c040c4c.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"61c35aa9768f70eab6c475ee265595d1","sha1":"336abf62523c7deb82099f2385aeeb9c51bf5d8f","sha256":"6ba75e4ec4c0d63911aa464ca89255bca982b0d454a8f158333b42e3eddf6044","sha512":"ea2c03f6024a54f921725d88458738a0f6004e3b49dd6b5db9a09b9c823d5b854de77225504425217d1fd06bf08943d626a73b809f52c1c08cc2affadc228b11","ssdeep":"384:q5Mm9CyXbTOiJCXxovoExxhI3fNBNituPkORMeB3FEdqmWochQGjiJ5WjBYfohx3:ijCzPNBotCR2e/gTvUYTfyQiTlV+i","tlshash":"9943b519b88bf96f0a8bc011002f2d18e0336e74d015f548e777da699ed5d872b6bb9c","size":56783,"data":"","first_seen":"2026-01-11T05:53:34.54502Z","last_seen":"2026-01-11T05:53:34.54502Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-detail~pages-index-discover_detail~pages-index-home~pages-index-index~pages-index-resour~bb0fb907.c0dbd7d6.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b6dc91f1e0501e15b9891a500cb9e500","sha1":"29d76e9fd5bbeba10cc99d840db7cf1e934c8fca","sha256":"740ee4e5573fc29e4bed443efb06f7b1c4b62fd4e20f03758184f32dc0750260","sha512":"82c74a4e477547f165d01bd871a9b5abe61c5a6fba47977585d194112ecfe1c3902978c053b2e654775eba476d0bc6eeb60a68ec7755e24a7ee3f5b028905765","ssdeep":"192:rxkdtk93KMUHGzOiO5sxoDHtqRsgRklIr/5hmBZGuHGAG1aaGTtqRsA+RHzt+tTQ:rxkr74/klEqdmAZRQ1+RHzUR/edEM","tlshash":"2052c62e714eb81bc8d3286410df06c561363d3995aba184e3f99df9c7b758a0329f4e","size":13487,"data":"","first_seen":"2026-01-11T05:53:34.543601Z","last_seen":"2026-01-11T05:53:34.543601Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-index~pages-index-mine.465ade43.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2c929c4100adb5f1d937ff817e61bed","sha1":"d43cb296f4d9945d0b351598459a55e5ca4a8091","sha256":"d9bb7c5af4c8e3ad5497ec9a18552dbc124b6f379d775c4640e18292f4a26d84","sha512":"70097b254e3da80ecf6bb66fc87ccbb3bbf7815ed81059212a88fdc7532e34c3da3a68ad4115e587eb00999ccdb40a77e90cb657dff008c4774208b8969038d2","ssdeep":"96:MS2Fn9Po0KqSoRIUjqRsohO0gqDZBO42WqRsohO0kPRdgl6eJVqa:529PoPaIUjqRs29/5qRs6ZVp","tlshash":"e832c457b2eeb42702d78868904b0a1a71663e3dc425f881cff497f40fe964a0726f1e","size":11113,"data":"","first_seen":"2026-01-11T05:53:34.522735Z","last_seen":"2026-01-11T05:53:34.522735Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-chaxun~pages-index-home~pages-index-index~pages-index-mine~pages-index-record~pages-inde~dd7ba825.866415af.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dea52c1353d77f1e7ab23aa1f58f576","sha1":"28e02f9af0b2d211a7bb4435bb870088990aca42","sha256":"4642ff5e0a441946ffc31eda2bb8a58cb3294be65803bd560f12e913e7ed336c","sha512":"eef4b174a51a7ab1c6133306289db6de865fa68d1811df5ccc0ab404442f1d3efb6e5ec2575cd3cc44d1cf48cbddd3badfb32cec94518a315eca97f3884b29e1","ssdeep":"768:iHIG5Ry7p8YHQj0eU6GlEP/kBnRMjFs7jdpCZz3e6Wlh0n1RV:wYQPGlykBnl77YzZ1","tlshash":"90b23b1eb18fb86501d38860445f960d51673e1aad30eac0dbe2dbfb4af1bce1516f19","size":25153,"data":"","first_seen":"2026-01-11T05:53:34.520732Z","last_seen":"2026-01-11T05:53:34.520732Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"93368157fb131b56a45d6f60f8b40342","sha1":"ea2a25edb7b00c3e0a06650f02fded5bd87dfa20","sha256":"c48d4859bc082aa591168f7d7230bef438ecc2b3074e707c83864e11ec1a891f","sha512":"366c90d022f7fd6718d76460de51a154cf6cf8bf8e3aefa2e0e736cbba24ec53506485331abd3c3c2a7e6ae00c9a3b957a9aa675ecdd389afca7863ad8365908","ssdeep":"","tlshash":"c8e068c260a6294c02208016304ac1031bb608729ec149613c4c67a58fb9f4bc46e859","size":352,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-22T01:13:34.940145Z","times_seen":4111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/index.44c419e6.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"82f448cf64fe6de68247d5f224df88d1","sha1":"d738fa75a82983c48bf29440c6046cd80268928e","sha256":"5feae811bf21ae2957fe797dc7a202a1371f92b78ec05d38351a24ca5cb7f9b4","sha512":"691f059b3f562f7ec9eac0bd9b644a8ab83a36a0bd3da68cfee4b0cd8bbaa04d9b1e726f0d4805e496fda5c9e176ba76e99a90f2129e2e959372e38f33c3cf22","ssdeep":"768:ZR0M+//YA0TRL6nvoTCdZXEn1sWrxj/gXxRhciAcUizgYYGxU1LbxBhKz2ID1wBZ:QM+XYA0levSCdZXEnSWrxj/gXxRDS+S","tlshash":"2b53c55a7c46a7bfa75a3c29641faf0121e73dd1489ca041e37fada46ece047432fa44","size":60823,"data":"","first_seen":"2026-01-11T05:53:34.50471Z","last_seen":"2026-01-11T05:53:34.50471Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3d5272693eb411e5b8b13a243f76c720","sha1":"6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c","sha256":"9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8","sha512":"03fc5614f48fc9a2e3c4a30626fdbacde74c1fda09ffa9d1cde0393d31cd5fe1588e270c241f4cedb473c6e5cc224ff16c141468a29519ea6159accf3e3a18f1","ssdeep":"","tlshash":"a4c08c8350e2080c8210861b848880050b8808b04f9308a22cd85b7ecc9ae88c8f804c","size":148,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-07T08:18:02.151537Z","times_seen":15899,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/zhu.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/zhu.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-709\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1822\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 36, 8-bit colormap, non-interlaced","md5":"b6c1809bc9add29a4b44db2bcc0af172","sha1":"750383bc8f8c176072e4f98e32780e65694a2194","sha256":"5764c10e82b03823f77e1e9bca90d5ae8b62a1b93f955a4eb820751624309a2d","sha512":"0d0d7abe219f9c646ac89aa52fa509adb4d7ff1121218886014593a1fd1a33c1f728d10ea753445c5352e1098d7b2a2ff782e29dad200f97b5a2dcb3f7d83d56","ssdeep":"","tlshash":"24314ab392f9c805ce89abf2891c14f890a16c6b1dd683cf4d607cdafbb1a4ce1a4410","first_seen":"2025-08-31T20:06:03.175348Z","last_seen":"2026-02-01T20:39:02.11542Z","times_seen":4,"resource_available":false,"data":null}},"time_used":341,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":340,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"num.duoduoba.xyz/xingang/app/index/lotteryTime","fqdn":"num.duoduoba.xyz","domain":"duoduoba.xyz","tld":"xyz"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"num.duoduoba.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 14:03:54 GMT","end":"Fri, 10 Apr 2026 14:03:53 GMT"},"fingerprint":{"sha1":"66:18:52:08:C7:A6:72:11:80:CE:E6:1B:74:BB:B7:63:5F:FD:84:25","sha256":"97:8F:CA:0C:0C:21:C2:43:B7:8A:04:54:41:63:8A:95:BD:E1:25:B0:64:50:85:75:83:98:75:E9:1F:FD:59:02"}}},"request":{"raw":"OPTIONS /xingang/app/index/lotteryTime HTTP/1.1\r\nHost: num.duoduoba.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: cache-control,content-type,lotterytype,token\r\nReferer: https://0149ttcai.lol/\r\nOrigin: https://0149ttcai.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:04 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://0149ttcai.lol\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: cache-control, content-type, lotterytype, token\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T01:29:48.472844Z","times_seen":16622693,"resource_available":true,"data":null}},"time_used":1986,"timings":{"blocked":871,"dns":382,"connect":240,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-11","alert":"Sinkholed","trigger":"num.duoduoba.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"127.0.0.1:8060/api/news/list/1","fqdn":"127.0.0.1","domain":"127.0.0.1","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.950Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"OPTIONS /api/news/list/1 HTTP/1.1\r\nHost: 127.0.0.1:8060\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: cache-control,content-type,lotterytype,token\r\nOrigin: https://0149ttcai.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T01:29:48.472844Z","times_seen":16622693,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/undefined/xingang/app/index/lotteryTime","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:04.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /undefined/xingang/app/index/lotteryTime HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nContent-Type: application/json\r\ncache-control: no-cache, private\r\nLotterytype: 3\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69620d72-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-22T01:45:51.46168Z","times_seen":280961,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/long.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/long.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-9d9\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2549\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2521,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 49, 8-bit colormap, non-interlaced","md5":"d8fae7159def8b7b0db6b9528cbeb095","sha1":"03ed28c14e7fab4588f1826a204cacf0453de623","sha256":"ce8b5f31fa15fa7541cce45253afce76039bba7b7e6db621d709afc2102b3d7d","sha512":"1e78c18b9135b54440f436545ae36735e111e2f15540632bde05b1e446f5c852f631c510ab6785f7cc291c66d58589d5e6fc9999371770069fbd58624331c934","ssdeep":"","tlshash":"f2511c697690b832d216d4b7583c1521c59116b8ddf78ae0770f4378aa11670b9b55f0","first_seen":"2025-08-31T20:06:03.162298Z","last_seen":"2026-02-01T20:39:02.131618Z","times_seen":4,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":195,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/index.44c419e6.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:02.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/index.44c419e6.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7b-ed97\"\r\nexpires: Sun, 11 Jan 2026 17:53:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60823,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (60067), with no line terminators","md5":"82f448cf64fe6de68247d5f224df88d1","sha1":"d738fa75a82983c48bf29440c6046cd80268928e","sha256":"5feae811bf21ae2957fe797dc7a202a1371f92b78ec05d38351a24ca5cb7f9b4","sha512":"691f059b3f562f7ec9eac0bd9b644a8ab83a36a0bd3da68cfee4b0cd8bbaa04d9b1e726f0d4805e496fda5c9e176ba76e99a90f2129e2e959372e38f33c3cf22","ssdeep":"768:ZR0M+//YA0TRL6nvoTCdZXEn1sWrxj/gXxRhciAcUizgYYGxU1LbxBhKz2ID1wBZ:QM+XYA0levSCdZXEnSWrxj/gXxRDS+S","tlshash":"2b53c55a7c46a7bfa75a3c29641faf0121e73dd1489ca041e37fada46ece047432fa44","first_seen":"2026-01-11T05:53:34.50471Z","last_seen":"2026-01-11T05:53:34.50471Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1013,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1013,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/niu.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/niu.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-740\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1879\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1856,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 35, 8-bit colormap, non-interlaced","md5":"79b489b6b1f5b95ff7a096d73b59743a","sha1":"607102adc8928a35217faf12d08d9fc7e74dd830","sha256":"013266df7c2c1866c9ab934c17bf64a2873cdf43770df9d2432197af783e7d46","sha512":"583492b5c0c9fc2f8f6a59c4965f49e158ce7bac2f6928065d73eddbbdfbdee47caa67ac544461ce13fd36749f56bca505e59f3ef4e20445ca3dc8920f82158e","ssdeep":"","tlshash":"4731fbbc92bd725bf734c87890ab291471b98b4b1b90319b1e92845c94fac9c96c3f52","first_seen":"2025-08-31T20:06:03.08664Z","last_seen":"2026-02-01T20:39:02.126028Z","times_seen":4,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/yang.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/yang.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-807\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2078\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2055,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 46, 8-bit colormap, non-interlaced","md5":"49938f70e9e7551db2b351b3cde30717","sha1":"30c415f283920cfa4abe4a2e3190aeaf7b109871","sha256":"db1ac99e6ba5b63f821e0c09264489bf98f4376a69afffc82f5e96c3e149d7ad","sha512":"865e523ac8a542c5a2dbd3ba454685cf45400eedea384e08ccc2e367d37eccaed322add2e07e34b5061e9acf61734057501a8540ab284a527f5f071091bd98db","ssdeep":"","tlshash":"0a414cbc39424e64c850c5fb1320a5b849330996e1888bd70576dfd5f940f9500cfeb2","first_seen":"2025-08-31T20:06:03.120481Z","last_seen":"2026-02-01T20:39:02.133908Z","times_seen":4,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-11T05:53:01.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:01 GMT\r\ncontent-type: text/html\r\ncontent-length: 795\r\nlast-modified: Sat, 10 Jan 2026 15:08:32 GMT\r\netag: \"69626b70-31b\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":795,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (500)","md5":"267706d8b1781ef1ca3ac55701ade638","sha1":"bc6e0b7c93baf85bd2b619e49fc9ecfa527e5245","sha256":"f8dc57130f8272489addf84bfcbd67d007c575124895bdb905c22d441d66b407","sha512":"f4148346b9cd8344f44ac98f706f801c065385feac0ddcda632d8dfd506971ab6b7983b335ae7bddbb5ab351cf7bbbaa7a0a782ac9be8d3840344fa930b85c6d","ssdeep":"","tlshash":"7801c2821c10f94d072086956176d11e4ad649b46d91d9503cdc7abc4ad0b8dde2e811","first_seen":"2026-01-11T05:53:34.517296Z","last_seen":"2026-01-11T05:53:34.517296Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1688,"timings":{"blocked":718,"dns":205,"connect":253,"send":0,"wait":252,"receive":0,"ssl":258},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-chaxun~pages-index-home~pages-index-index~pages-index-mine~pages-index-record~pages-inde~dd7ba825.866415af.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.647Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/pages-index-chaxun~pages-index-home~pages-index-index~pages-index-mine~pages-index-record~pages-inde~dd7ba825.866415af.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7d-6371\"\r\nexpires: Sun, 11 Jan 2026 17:53:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25457,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22861), with no line terminators","md5":"9dea52c1353d77f1e7ab23aa1f58f576","sha1":"28e02f9af0b2d211a7bb4435bb870088990aca42","sha256":"4642ff5e0a441946ffc31eda2bb8a58cb3294be65803bd560f12e913e7ed336c","sha512":"eef4b174a51a7ab1c6133306289db6de865fa68d1811df5ccc0ab404442f1d3efb6e5ec2575cd3cc44d1cf48cbddd3badfb32cec94518a315eca97f3884b29e1","ssdeep":"768:iHIG5Ry7p8YHQj0eU6GlEP/kBnRMjFs7jdpCZz3e6Wlh0n1RV:wYQPGlykBnl77YzZ1","tlshash":"90b23b1eb18fb86501d38860445f960d51673e1aad30eac0dbe2dbfb4af1bce1516f19","first_seen":"2026-01-11T05:53:34.520732Z","last_seen":"2026-01-11T05:53:34.520732Z","times_seen":1,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-index~pages-index-mine.465ade43.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/pages-index-index~pages-index-mine.465ade43.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7f-2b69\"\r\nexpires: Sun, 11 Jan 2026 17:53:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11113,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10125), with no line terminators","md5":"d2c929c4100adb5f1d937ff817e61bed","sha1":"d43cb296f4d9945d0b351598459a55e5ca4a8091","sha256":"d9bb7c5af4c8e3ad5497ec9a18552dbc124b6f379d775c4640e18292f4a26d84","sha512":"70097b254e3da80ecf6bb66fc87ccbb3bbf7815ed81059212a88fdc7532e34c3da3a68ad4115e587eb00999ccdb40a77e90cb657dff008c4774208b8969038d2","ssdeep":"96:MS2Fn9Po0KqSoRIUjqRsohO0gqDZBO42WqRsohO0kPRdgl6eJVqa:529PoPaIUjqRs29/5qRs6ZVp","tlshash":"e832c457b2eeb42702d78868904b0a1a71663e3dc425f881cff497f40fe964a0726f1e","first_seen":"2026-01-11T05:53:34.522735Z","last_seen":"2026-01-11T05:53:34.522735Z","times_seen":1,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"111.231.169.247","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:05.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Sun, 11 Jan 2026 15:53:06 GMT\r\ncache-control: max-age=36000\r\nset-cookie: __uni__uid=rBEQUmljOsKbb8+EA6NXAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-06-22T01:21:37.627668Z","times_seen":16589,"resource_available":false,"data":null}},"time_used":1361,"timings":{"blocked":554,"dns":1,"connect":253,"send":0,"wait":253,"receive":0,"ssl":297},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/she.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/she.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-71a\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1841\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1818,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 35, 8-bit colormap, non-interlaced","md5":"f860d7731756a95628a4774fec2f0b10","sha1":"82687bd2463d1899e02fc27edfa8de92662fd42e","sha256":"7bedfc62515475baa0e2b4ddfb59f7a98d47c3a9a7e14f96489773090bcaa7d1","sha512":"a4d059dc1dee565807a6c5fbab23f8977dadaa0b7e087b501411f990507aeecef475ecf410a080f25e32cf0312564ea5a5b76431b82b40dc2ce818fbad5790be","ssdeep":"","tlshash":"013109488e4ba59ecb37a0758e7c9de4e37a20c4aa5a9526f04f224279d61c4c2db714","first_seen":"2025-08-31T20:06:03.075058Z","last_seen":"2026-02-01T20:39:02.04013Z","times_seen":4,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"num.duoduoba.xyz/xingang/app/index/lotteryTime","fqdn":"num.duoduoba.xyz","domain":"duoduoba.xyz","tld":"xyz"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:05.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"num.duoduoba.xyz","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 14:03:54 GMT","end":"Fri, 10 Apr 2026 14:03:53 GMT"},"fingerprint":{"sha1":"66:18:52:08:C7:A6:72:11:80:CE:E6:1B:74:BB:B7:63:5F:FD:84:25","sha256":"97:8F:CA:0C:0C:21:C2:43:B7:8A:04:54:41:63:8A:95:BD:E1:25:B0:64:50:85:75:83:98:75:E9:1F:FD:59:02"}}},"request":{"raw":"GET /xingang/app/index/lotteryTime HTTP/1.1\r\nHost: num.duoduoba.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nContent-Type: application/json\r\ncache-control: no-cache, private\r\nLotterytype: 3\r\nOrigin: https://0149ttcai.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:04 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://0149ttcai.lol\r\naccess-control-allow-credentials: true\r\nx-cache: MISS\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":386,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"24ebd5c7233bc013893bcf510dde9afd","sha1":"3cdc626c1b30d3177bd70d7997f5b01c9c1686b1","sha256":"f6c5a9df06c099519ba36945f1a6df42dee6720ed215f85ddb48231804e2c5d7","sha512":"8fe4d7bb827a0704011b70fce3a01fa6c29b9d6d7f730665cb1944b4264a398591e881fdef4051d9507df24e8b98ff6ecd6ab008001c29b792f02c4d9d49e648","ssdeep":"","tlshash":"62e01a7cc8ec5dcba1a9ddc4e25d59fb2360700149990e8a9975dfbc00c725e09032c9","first_seen":"2026-01-11T05:53:34.52891Z","last_seen":"2026-01-11T05:53:34.52891Z","times_seen":1,"resource_available":false,"data":null}},"time_used":408,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":408,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-11","alert":"Sinkholed","trigger":"num.duoduoba.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/index.883130ca.css","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:02.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/index.883130ca.css HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 10 Jan 2026 15:08:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b71-1793e\"\r\nexpires: Sun, 11 Jan 2026 17:53:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96574,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"2de2f2d3943b4b382a28a439daff5939","sha1":"70d04e1c3567cb4f248b29046b98386f215a4d38","sha256":"8a35934d019c2b120a31ae6c51c75b2327f22637824b2a2c2faf4ce17ae9d4d8","sha512":"eba9271e30d6e4b21954078e3ccd839a55e1dcc8212fa375c18dce42104d19a92655c2f289401525b0c9565971a31573b928666515a3ca89b1801bbd48c1de95","ssdeep":"1536:OlIApuK7hmVmb2RS1Wu3xdynGJ7eh/nrhlvbc:VApuK7hmVrS1Wu3iG41nrPI","tlshash":"f393f73719012e39e52bcd26b6c1ab5a1e61c033e15307adfba47628cbcf9c9167b345","first_seen":"2025-07-20T12:48:29.443135Z","last_seen":"2026-06-21T20:22:58.10347Z","times_seen":2693,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":508,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/chunk-vendors.cbdbc17b.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:02.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/chunk-vendors.cbdbc17b.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7b-e3ae9\"\r\nexpires: Sun, 11 Jan 2026 17:53:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":932585,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (40040)","md5":"465da44e15ce459dd349c3434da1e23e","sha1":"7358c48b9524794257d94175dcb365b59fabd18a","sha256":"c35d5dcef35346b0a3ea8b0b84acac51d71f38ac8ca28c5941d55f0a5090f768","sha512":"4a714edbaabc3c7876e1bfa60915798ba2870d94da2879948eb09926f263071e7525eb402dcf1a47cc0d1ed44981defd22e2024e8ac1830cddae81a70b455e55","ssdeep":"6144:RomCH9tzZobap187n/fDvlhvtwTc4Gb/0gGjv4NTMvYEvm/4E+QhGoFv4zIWVb1t:etSUOfBh1wTcWgi4t1iEVv4zL1IGABg","tlshash":"7d15088cf2c6b0b616e760b5403f220bb2376969b40a94d4f675e4d0ad7894e6237f3d","first_seen":"2026-01-11T05:53:34.533436Z","last_seen":"2026-01-11T05:53:34.533436Z","times_seen":1,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":508,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/undefined/xingang/app/check_version","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:04.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /undefined/xingang/app/check_version HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nContent-Type: application/json\r\ncache-control: no-cache, private\r\nLotterytype: 3\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69620d72-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-22T01:45:51.46168Z","times_seen":280961,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/shu.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/shu.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-683\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1695\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1667,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 49 x 44, 8-bit colormap, non-interlaced","md5":"cdce77fb904f3138da5b64525fc12284","sha1":"60ac275e474fa8678298000252c3b39746a88d13","sha256":"b1d37352f2da365d8d757e26fb6119a695859fb9452911011085cd082cfd3e83","sha512":"4daa6cec018b839d0ce4b8d0cdcd520d1ed192fe2cdd057ffd818b9a5792487e9f7f8a435f8d073ceda63bee87855485a38f6c8e43eeaad5988da893c4a4a6e7","ssdeep":"","tlshash":"2e313a1121db7075d6e1e43093b0d6e1e3a93f91265b9281ece6dc7a06e634fbc1b390","first_seen":"2025-08-31T20:06:03.124313Z","last_seen":"2026-02-01T20:39:02.041033Z","times_seen":4,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":342,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/ma.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.088Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/ma.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-7e2\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2041\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2018,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 45, 8-bit colormap, non-interlaced","md5":"e3d6e9d2644e390a6305b7a9b103a1e9","sha1":"dd59264e56efacad52016e95a9643678fa534ad8","sha256":"7d3d470da35bc43835765a9ae0c1d5fae9299b78392b09fa6778a024bad6d644","sha512":"0f7911887b500a9b2be13702d2f2dab6dfb8cc832849ef78c4adf2da7bb2726b3eafd476dfd2e5d0cd30e7263339db3a7dbda5131efb3d71ca727795163e8045","ssdeep":"","tlshash":"c041ea96c43cde2ac15ccb3066bc56428db7425f19e4f563f096e9269d22375c4a82c4","first_seen":"2025-08-31T20:06:03.114621Z","last_seen":"2026-02-01T20:39:02.069691Z","times_seen":4,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/undefined/xingang/app/index/listPicture?pageNum=1\u0026pageSize=10\u0026lotteryType=3\u0026year=2026","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:05.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /undefined/xingang/app/index/listPicture?pageNum=1\u0026pageSize=10\u0026lotteryType=3\u0026year=2026 HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nContent-Type: application/json\r\ncache-control: no-cache, private\r\nLotterytype: 3\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69620d72-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-22T01:45:51.46168Z","times_seen":280961,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/undefined/xingang/app/home","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:05.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /undefined/xingang/app/home HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nContent-Type: application/json\r\ncache-control: no-cache, private\r\nLotterytype: 3\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69620d72-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-22T01:45:51.46168Z","times_seen":280961,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-chaxun~pages-index-feedback~pages-index-home~pages-index-index~pages-index-mine~pages-in~5a16691e.5a350035.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/pages-index-chaxun~pages-index-feedback~pages-index-home~pages-index-index~pages-index-mine~pages-in~5a16691e.5a350035.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7d-58ab\"\r\nexpires: Sun, 11 Jan 2026 17:53:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22699,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21117), with no line terminators","md5":"2c37f4f82d6cf5cc9b88814a39a077b3","sha1":"9fff8fb65442c233c02636c70baf750563fa5f89","sha256":"7f736ef72933da0f988e3d51a75159fff17339342aa5e3493e98657ed21829fc","sha512":"ec9954c8c777885d2c25a7b3865c66c344467a69764b89d4b966307956225bb997738426d8240fd8d4bb0390c835361d9c7d640d4fbbc7210461e3318b1ee71b","ssdeep":"192:eHTgAI84COcBTJFE1je5K5qRsO4gl2iuiXiwiriJPbAJfKVCf/OtTxBQrtlR6qt3:bUX9hTbAJfXnKTPQRf67e452","tlshash":"c3a2970cb1ca1cb32fd654c440caa20183ada6525ce16c8673e55bcbcfbe699125fb66","first_seen":"2026-01-11T05:53:34.540174Z","last_seen":"2026-01-11T05:53:34.540174Z","times_seen":1,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/ji.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/ji.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-8d0\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2284\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2256,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 43 x 47, 8-bit colormap, non-interlaced","md5":"4d7fc3977f7288beb2ead80d84883cbf","sha1":"3683e52dfd32571f1a16515dea9df22c17beb1bb","sha256":"a7f3a7f350532eb60c4e8c78adc0fc450dc1a9b279e646b523d4e6ddd8dd04fd","sha512":"4b0a5d904279cdb8ac14380959f2ae89333c9f4724327b63224385b2eb41cab7f6dd4f985fabf91e6007a4df68df07171ae3cbfd5a305005874c69e89ec857f4","ssdeep":"","tlshash":"7e412b26424f3210ca18c07efd5519fa15f772822b93a5c5e5b096754b3ee0a4738a94","first_seen":"2025-08-31T20:06:03.143797Z","last_seen":"2026-02-01T20:39:02.068601Z","times_seen":4,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/favicon.ico","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"69620d72-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-22T01:45:51.46168Z","times_seen":280961,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":253,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-detail~pages-index-discover_detail~pages-index-home~pages-index-index~pages-index-resour~bb0fb907.c0dbd7d6.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.651Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/pages-index-detail~pages-index-discover_detail~pages-index-home~pages-index-index~pages-index-resour~bb0fb907.c0dbd7d6.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7e-34af\"\r\nexpires: Sun, 11 Jan 2026 17:53:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13487,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12479), with no line terminators","md5":"b6dc91f1e0501e15b9891a500cb9e500","sha1":"29d76e9fd5bbeba10cc99d840db7cf1e934c8fca","sha256":"740ee4e5573fc29e4bed443efb06f7b1c4b62fd4e20f03758184f32dc0750260","sha512":"82c74a4e477547f165d01bd871a9b5abe61c5a6fba47977585d194112ecfe1c3902978c053b2e654775eba476d0bc6eeb60a68ec7755e24a7ee3f5b028905765","ssdeep":"192:rxkdtk93KMUHGzOiO5sxoDHtqRsgRklIr/5hmBZGuHGAG1aaGTtqRsA+RHzt+tTQ:rxkr74/klEqdmAZRQ1+RHzUR/edEM","tlshash":"2052c62e714eb81bc8d3286410df06c561363d3995aba184e3f99df9c7b758a0329f4e","first_seen":"2026-01-11T05:53:34.543601Z","last_seen":"2026-01-11T05:53:34.543601Z","times_seen":1,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0149ttcai.lol/static/js/pages-index-index.4c040c4c.js","fqdn":"0149ttcai.lol","domain":"0149ttcai.lol","tld":"lol"},"ip":{"addr":"154.221.17.15","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.0149ttcai.lol","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 13:48:45 GMT","end":"Fri, 10 Apr 2026 13:48:44 GMT"},"fingerprint":{"sha1":"42:62:08:8C:43:65:9F:83:31:0E:0E:EE:C4:E0:27:6E:9F:FD:25:63","sha256":"F5:A5:29:16:40:68:31:A0:A7:4D:47:5C:63:C0:B2:4B:48:9F:85:C6:39:F5:77:D0:D2:EB:8B:5D:C7:0A:67:C9"}}},"request":{"raw":"GET /static/js/pages-index-index.4c040c4c.js HTTP/1.1\r\nHost: 0149ttcai.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 11 Jan 2026 05:53:03 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 10 Jan 2026 15:08:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69626b7f-ddcf\"\r\nexpires: Sun, 11 Jan 2026 17:53:03 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":56783,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (53931), with no line terminators","md5":"61c35aa9768f70eab6c475ee265595d1","sha1":"336abf62523c7deb82099f2385aeeb9c51bf5d8f","sha256":"6ba75e4ec4c0d63911aa464ca89255bca982b0d454a8f158333b42e3eddf6044","sha512":"ea2c03f6024a54f921725d88458738a0f6004e3b49dd6b5db9a09b9c823d5b854de77225504425217d1fd06bf08943d626a73b809f52c1c08cc2affadc228b11","ssdeep":"384:q5Mm9CyXbTOiJCXxovoExxhI3fNBNituPkORMeB3FEdqmWochQGjiJ5WjBYfohx3:ijCzPNBotCR2e/gTvUYTfyQiTlV+i","tlshash":"9943b519b88bf96f0a8bc011002f2d18e0336e74d015f548e777da699ed5d872b6bb9c","first_seen":"2026-01-11T05:53:34.54502Z","last_seen":"2026-01-11T05:53:34.54502Z","times_seen":1,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/dibu.html","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/dibu.html HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Sun, 11 Jan 2026 05:53:04 GMT\r\netag: W/\"6801d605-602b\"\r\nlast-modified: Fri, 18 Apr 2025 04:33:09 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24619,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2305)","md5":"1ab404febdf22a74eca0ca1fa8a5ec9b","sha1":"6e9ff41cb2f3cc3deee079d922c13a0753aba299","sha256":"b0b9e3692c6d1af34e4c1803d9df932604dd38293bf137c3e286b784fa4b9cfc","sha512":"4c9e21ad348828e8db6bdb56653bc85c74ff210a820eec71eef8efe689e7242569b3c976f00fb10d85d71bf0d79767b6fa999ed4618dd22b727b53351b1eac91","ssdeep":"768:/aKxlXjH2THOC6s3bamK8E/AfaFapRxrq:/aylXjH2TuC6s3bhK8E/AfaFapRxrq","tlshash":"57b20220e3f22116b03389e679ab7f5225e44123f14315adfabda6b98bcdc943423757","first_seen":"2026-01-11T05:53:34.546555Z","last_seen":"2026-01-11T05:53:34.546555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1779,"timings":{"blocked":780,"dns":437,"connect":166,"send":0,"wait":219,"receive":0,"ssl":174},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"at.alicdn.com/t/font_2225171_8kdcwk4po24.ttf","fqdn":"at.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.177","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://0149ttcai.lol/","date":"2026-01-11T05:53:03.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /t/font_2225171_8kdcwk4po24.ttf HTTP/1.1\r\nHost: at.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://0149ttcai.lol\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://0149ttcai.lol/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/octet-stream\r\ncontent-length: 55940\r\ndate: Sat, 10 Jan 2026 17:49:12 GMT\r\nx-oss-request-id: 696291189F99E33231C44F25\r\nvary: Origin\r\naccept-ranges: bytes\r\netag: \"B716002BF601F727176AE7901BDF4E4F\"\r\nlast-modified: Fri, 24 Dec 2021 20:51:06 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10201830100077572647\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=63072000\r\ncontent-md5: txYAK/YB9ycXaueQG99OTw==\r\nx-oss-server-time: 1\r\nvia: ens-cache6.l2de4[712,711,200-0,M], ens-cache29.l2de4[714,0], ens-cache8.se2[0,0,200-0,H], ens-cache9.se2[3,0]\r\nage: 43432\r\nali-swift-global-savetime: 1768067352\r\nx-cache: HIT TCP_HIT dirn:8:209882442\r\nx-swift-savetime: Sat, 10 Jan 2026 17:49:12 GMT\r\nx-swift-cachetime: 31104000\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9d17681107841585738e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":55940,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"GSUB\", 18 names, Macintosh,            ","md5":"b716002bf601f727176ae7901bdf4e4f","sha1":"e87c1130c27fa42d822c198f5ea8b633b5118b94","sha256":"4bc8cc97559c0a52ea4f5ce0563e1bf3a7f89d660f74792e662e76d49eae4707","sha512":"cd4d86bc27a8055bf4ba21730991acb71e32d1d8c3176b6aada3c8fcfbaacfabe3cf1c813665b4434b16c757587d38afb8fd61f3a84a440053a96b545187e672","ssdeep":"768:00Yo6KrRwXJDv2mjQ5PMWCUPQnNqcoocj9MNb5+kYfcUFO++wEMjQYVEh/gG+VeV:xY1dCpj8+kYfcUUXwjjQYV8/gBVE","tlshash":"3c437c2b835e4fb3d16a86f90c4f011b5fefd7206636f99664ca5c1e4402afd085cb9a","first_seen":"2023-04-09T15:26:02Z","last_seen":"2026-06-20T23:02:13.051086Z","times_seen":3698,"resource_available":false,"data":null}},"time_used":404,"timings":{"blocked":168,"dns":51,"connect":20,"send":0,"wait":43,"receive":25,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/hu.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/hu.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-8fe\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2330\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2302,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 44, 8-bit colormap, non-interlaced","md5":"dabda7ae4bf9cce1e32fa01c191ab85b","sha1":"e22305a6044c6b90bb3a414110a15ec74cc9c0f4","sha256":"f4f6f1b88dde9bf5c1a3511a42d70b29ce2063f5c78046303affd056042e22f2","sha512":"67101cab9c99a9f1bfcb86dc3b90e57cb74edb04ec7603c12fb5778e7abee0cc208b5e885a7d662c5f6f4e31764bff0b702a472c87532bec9fd999642597f669","ssdeep":"","tlshash":"99412bebb588bcdcda9f6537e0372548cf964c5076182a8b647b3fa6a10c17c51781b0","first_seen":"2025-08-31T20:06:03.123147Z","last_seen":"2026-02-01T20:39:02.119826Z","times_seen":4,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/hou.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/hou.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-91f\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2363\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2335,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 49 x 49, 8-bit colormap, non-interlaced","md5":"9914a3fba48dfbf140862610363840f5","sha1":"4c6906c75e52b97998db0ddd7efb0b6f539212d8","sha256":"aa917d2a43cdab1a5210d8726e4168e403a2ce1c8fb70b51ca70c7386c2a6ef3","sha512":"7631e78bee6f8ac853ffe51625c53fad777ea44a3846c7623b875fb2c6ade8ef5f2e9bc06cff28b71ed8539359a5862c3a43ff5cdb621c641d3cb626cd5ef228","ssdeep":"","tlshash":"9a411b9ada916ae0b67642276145b394f42451a26031b0bd3f910a8fb76fb441e0cae9","first_seen":"2025-08-31T20:06:03.136009Z","last_seen":"2026-02-01T20:39:02.078222Z","times_seen":4,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/tu.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/tu.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-726\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1853\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1830,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 43 x 48, 8-bit colormap, non-interlaced","md5":"cfc919bbb834701c19831ccfb4bd1cc7","sha1":"90f46193fcfe940726db2688df895ecad94648c5","sha256":"b6704da4b125bfed6e0059dbfd1ba9d206b941926d5161c3b85de0d5b02ea468","sha512":"d06f89b877b6eca4a6a923ca6873005f7576ad514dc47ccb91cc753f27fb9fb596a57366cf4e3e4a5cd5ed61e8a2e8856a4a7a08f7e121a60b3d6c749c9b0d2c","ssdeep":"","tlshash":"4b314bc62969acf9ec320c33834e4e54e66fcddf9609c301226353d9805f11d4be01a3","first_seen":"2025-08-31T20:06:03.10517Z","last_seen":"2026-02-01T20:39:02.114306Z","times_seen":4,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"y33q88s.babaizai.com:2096/images/dibu/gou.png","fqdn":"y33q88s.babaizai.com","domain":"babaizai.com","tld":"com"},"ip":{"addr":"198.2.245.25","port":2096,"asn":54600,"as":"PEG-SV","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://y33q88s.babaizai.com:2096/images/dibu/dibu.html","date":"2026-01-11T05:53:05.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yq388shu.tayifa.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Dec 2025 15:29:42 GMT","end":"Sun, 01 Mar 2026 15:29:41 GMT"},"fingerprint":{"sha1":"23:0F:55:A6:7A:BF:11:CE:21:43:41:C3:28:26:D6:5A:16:2C:A3:50","sha256":"E0:A7:E9:F8:BF:6F:B4:EC:B3:15:08:E3:46:44:1B:B6:79:80:7B:7E:57:0B:5D:25:AB:CC:F5:D2:6F:8C:D7:FF"}}},"request":{"raw":"GET /images/dibu/gou.png HTTP/1.1\r\nHost: y33q88s.babaizai.com:2096\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://y33q88s.babaizai.com:2096/images/dibu/dibu.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Sun, 11 Jan 2026 05:53:05 GMT\r\netag: W/\"68a93beb-7b7\"\r\nexpires: Tue, 10 Feb 2026 05:53:05 GMT\r\nlast-modified: Sat, 23 Aug 2025 03:56:27 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1998\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1975,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 37, 8-bit colormap, non-interlaced","md5":"7a53f05d7f7d1519a01a076f19e014e0","sha1":"bc3e40cc01248a9af6c818048b2dd0b1a947732a","sha256":"43209d28bdc84ce0a600e8ef70083e530c260ac1e42a0e1ee443172935403972","sha512":"fdcad97116970b24530b087981b07252100f297712285d5bd0eb3a3439932ce3d9bc79296e30b2835ab8ecc77d68097be2a592dd68287617d2424050e16bb2ff","ssdeep":"","tlshash":"4a414cba8c3fb7d0f2d31ff527a59144f850307c807a972402cab7616667c5c18e68c6","first_seen":"2025-08-31T20:06:03.148423Z","last_seen":"2026-02-01T20:39:02.06298Z","times_seen":4,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":338,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}